Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.
With Axiom, you just need to run a single command to get setup, and then you can use the Axiom toolkit scripts to spin up and down your new hacking VPS.
Setting up your own ‘hacking vps’, to catch shells, run enumeration tools, scan, let things run in the background in a tmux window, used to be an afternoon project – running into a whole day sometimes if you hit some package isues or ‘dependency hell’. You would run through and install all the tools you need manually, configure your ZSH, configure vim, configure tmux and be ready to rock..at some point.
Thank goodness for Axiom!
Install Axiom Pen-testing Server with Bash One Liner
You will need curl, which is not installed by default on Ubuntu 20.04, if you get a “command not found” error, run
sudo apt update && sudo apt install curl)
bash <(curl -s https://raw.githubusercontent.com/pry0cc/axiom/master/interact/axiom-configure)
You also need a Digital Ocean API key, to get one you can sign up here and get $100 in credit over 60 days: https://m.do.co/c/5296ccf18d6f
OS Support for Axiom Pen-testing Server
Axiom current supported list of operating systems:
- MacOS – Supported
- Ubuntu – Supported
- Debian – Semi-Supported – Planned
- Arch Linux – Semi-Support – Planned
- Kali – Unknown
You can download Axiom here:
Or read more here.
Quasar is a fast and light-weight Windows remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring.
It aims to provide high stability and an easy-to-use user interface and is a free, open source tool.
Features of Quasar RAT Windows Remote Administration Tool
The main features that can be found in Quasar are:
- TCP network stream (IPv4 & IPv6 support)
- Fast network serialization (Protocol Buffers)
- Compressed (QuickLZ) & Encrypted (TLS) communication
- UPnP Support
- Task Manager
- File Manager
- Startup Manager
- Remote Desktop
- Remote Shell
- Remote Execution
- System Information
- Registry Editor
- System Power Commands (Restart, Shutdown, Standby)
- Keylogger (Unicode Support)
- Reverse Proxy (SOCKS5)
- Password Recovery (Common Browsers and FTP Clients)
Using Quasar Windows Remote Administration Tool
1. Download Quasar
Usually most users want the stable version of Quasar, which can be found on the releases page. Bleeding edge versions with latest features, improvements and bug-fixes can are located at the CI server. These builds should be used with caution as they may contain critical bugs.
2. Building a Client
After starting Quasar.exe for the first time, you will need to build a client for deployment. Use the button Builder at the top of the Quasar application to start the client configuration. After configuring the client for your needs, click the Build button and choose a location to save the built client.
3. Connecting the Server and Client
The standalone client from the previous step has to be deployed on the computers of the users. Simply executing the client on the computers is enough. The client will take care of the installation, startup, etc… Once installed the client will try to connect to your Server on the specified host-name and port. It might be necessary to set up port forwarding to your local Server if it is behind a firewall in your network. You can use automatic forwarding with UPnP in the settings if it’s being supported by your firewall/router.
You can download Quasar here:
Or read more here.
PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level with a methodology based on a risk assessment and maturity framework. It does not aim at a perfect evaluation but rather as an efficiency compromise.
The risk level regarding Active Directory security has changed. Several vulnerabilities have been made popular with tools like mimikatz or sites likes adsecurity.org.
CMMI is a well known methodology from the Carnegie Mellon university to evaluate the maturity with a grade from 1 to 5, PingCastle has adapated CMMI to Active Directory security.
The aim of the tool is to get you to 80% AD security in 20% of the time it would traditionally take.
PingCastle Active Directory Security Assessment Tool Features
This is the default report produced by PingCastle. It quickly collects the most important information of the Active Directory and establish an overview. Based on a model and rules, it evaluates the score of the sub-processes of the Active Directory. Then it reports the risks.
Active Directory map
This report produce a map of all Active Directory that PingCastle knows about. This map is built based on existing health check reports or when none is available, via a special mode collecting the required information as fast as possible.
Deploy and collect reports
Monitoring domains from a bastion can be easy. But for those without network connection it might be difficult. There are many deployment strategies available with PingCastle.
When multiple reports of PingCastle have been collected, they can be regrouped in a single report. This facilitates the benchmark of all domains.
Checking workstations for local admin privileges, open shares, startup time is usually complex and requires an admin. PingCastle’s scanner bypass these classic limits.
Using Pingcastle Active Directory Security Assessment Tool
|:. PingCastle (Version 22.214.171.124)
| #:. Get Active Directory Security at 80% in 20% of the time
# @@ > End of support: 31/07/2020
: .# Vincent LE TOUX (firstname.lastname@example.org)
Using interactive mode.
Do not forget that there are other command line switches like --help that you can use
What you would like to do?
1-healthcheck-Score the risk of a domain
2-graph -Analyze admin groups and delegations
3-conso -Aggregate multiple reports into a single one
4-nullsession-Perform a specific security check
5-carto -Build a map of all interconnected domains
6-scanner -Perform specific security checks on workstations
You can download Pingcastle here:
Or read more here.
Second Order Subdomain Takeover Scanner Tool scans web applications for second-order subdomain takeover by crawling the application and collecting URLs (and other data) that match specific rules or respond in a specific way.
Using Second Order Subdomain Takeover Scanner Tool
Command line options:
Base link to start scraping from (default "http://127.0.0.1")
Configuration file (default "config.json")
Print visited links in real-time to stdout
Directory to save results in (default "output")
go run second-order.go -base https://example.com -config config.json -output example.com -concurrency 10
Config File for Second Order Subdomain Takeover Scanner Tool
Example configuration file included (config.json)
- Headers: A map of headers that will be sent with every request.
- Depth: Crawling depth.
- LogCrawledURLs: If this is set to true, Second Order will log the URL of every crawled page.
- LogQueries: A map of tag-attribute queries that will be searched for in crawled pages. For example, “a”: “href” means log every href attribute of every a tag.
- LogURLRegex: A list of regular expressions that will be matched against the URLs that are extracted using the queries in LogQueries; if left empty, all URLs will be logged.
- LogNon200Queries: A map of tag-attribute queries that will be searched for in crawled pages, and logged only if they don’t return a 200 status code.
- ExcludedURLRegex: A list of regular expressions whose matching URLs will not be accessed by the tool.
- ExcludedStatusCodes: A list of status codes; if any page responds with one of these, it will be excluded from the results of LogNon200Queries; if left empty, all non-200 pages’ URLs will be logged.
- LogInlineJS: If this is set to true, Second Order will log the contents of every script tag that doesn’t have a src attribute.
You can download Second Order here:
Or read more here.
Binwalk is a fast and easy to use Python-based firmware security analysis tool that allows for firmware analysis, reverse engineering, and extraction of firmware images. Features of Binwalk Firmware Security Analysis & Extraction Tool Scanning Firmware – Binwalk can scan a firmware image for many different embedded file types and file systems File Extraction – […]
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations and red teamers can utilize zBang to identify potential attack vectors and improve the security posture of the network. The results can be analyzed with the graphic interface or by reviewing the raw output files. The tool is built […]