This tools is continued from Nefix, DirsPy and Xmasspy project.
Installation
Will work fine in the debian shade operating system, like Backbox, Ubuntu or Kali linux.
$ git clone https://github.com/koboi137/darksplitz
$ cd darksplitz/
$ sudo ./install.sh
Features
Extract mikrotik credential (user.dat)
Password generator
Reverse IP lookup
Mac address sniffer
Online md5 cracker
Mac address lookup
Collecting url from web.archive.org
Web backdoor (Dark Shell)
Winbox exploit (CVE-2018-14847)
ChimeyRed exploit for mipsbe (Mikrotik)
Exploit web application
Mass apple dos (CVE-2018-4407)
Libssh exploit (CVE-2018-10933)
Discovering Mikrotik device
Directory scanner
Subdomain scanner
Mac address scanner
Mac address pinger
Vhost scanner (bypass cloudflare)
Mass bruteforce (wordpress)
Interactive msfrpc client
Exploit web application
plUpload file upload
jQuery file upload (CVE-2018-9206)
Laravel (.env)
sftp-config.json (misc)
WordPress register (enable)
elfinder file upload
Drupal 7 exploit (CVE-2018-7600)
Drupal 8 exploit (CVE-2018-7600)
com_fabrik exploit (joomla)
gravityform plugin file upload (wordpress)
geoplace3 plugin file upload (wordpress)
peugeot-music plugin file upload (wordpress)
Notes
This tool will work fine under root, because scapy module and other need root user to access more features. But you can run as user too in some features.
Darksplitz
Installation
Will work fine in the debian shade operating system, like Backbox, Ubuntu or Kali linux.
$ git clone https://github.com/koboi137/darksplitz
$ cd darksplitz/
$ sudo ./install.sh
Features
Extract mikrotik credential (user.dat)
Password generator
Reverse IP lookup
Mac address sniffer
Online md5 cracker
Mac address lookup
Collecting url from web.archive.org
Web backdoor (Dark Shell)
Winbox exploit (CVE-2018-14847)
ChimeyRed exploit for mipsbe (Mikrotik)
Exploit web application
Mass apple dos (CVE-2018-4407)
Libssh exploit (CVE-2018-10933)
Discovering Mikrotik device
Directory scanner
Subdomain scanner
Mac address scanner
Mac address pinger
Vhost scanner (bypass cloudflare)
Mass bruteforce (wordpress)
Interactive msfrpc client
Exploit web application
plUpload file upload
jQuery file upload (CVE-2018-9206)
Laravel (.env)
sftp-config.json (misc)
WordPress register (enable)
elfinder file upload
Drupal 7 exploit (CVE-2018-7600)
Drupal 8 exploit (CVE-2018-7600)
com_fabrik exploit (joomla)
gravityform plugin file upload (wordpress)
geoplace3 plugin file upload (wordpress)
peugeot-music plugin file upload (wordpress)
Notes
This tool will work fine under root, because scapy module and other need root user to access more features. But you can run as user too in some features.
Darksplitz
0 comments:
Post a Comment