dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities. It aims to offer to IT security experts the most complete and advanced professional toolkit to perform network security assessments on a mobile device.
Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack logon procedures of many TCP protocols, perform man in the middle (MiTM) attacks such as password sniffing (with common protocols dissection), real-time traffic manipulation and more.
Features from dSploit APK Download Hacking Toolkit for Android
Features available on dSploit to hack using an Android phone:
- WiFi Cracking – The WiFi scanner will show in green access points with known default key generation algorithms, clicking on them allows you to easily crack the key
- RouterPWN – Launch the http://routerpwn.com/ service to pwn your router.
- Trace – Perform a traceroute on the target.
- Port Scanner – A syn port scanner to find quickly open ports on a single target.
- Inspector – Performs target operating system and services deep detection, slower than syn port scanner but more accurate.
- Vulnerability Finder – Search for known vulnerabilities for target running services upon the National Vulnerability Database.
- Login Cracker – A very fast network logon cracker which supports many different services.
- Packet Forger – Craft and send a custom TCP or UDP packet to the target, such as Wake On LAN packets.
- MITM – A set of Man-in-the-Middle (MitM) tools to command & conquer the whole network.
- Simple Sniff – Redirect target’s traffic through this device and show some stats while dumping it to a pcap file.
- Password Sniffer – Sniff passwords of many protocols such as HTTP, FTP, IMAP, IMAPS, IRC, MSN, etc from the target.
- Session Hijacker – Listen for cookies on the network and hijack sessions.
- Kill Connections – Kills connections preventing the target to reach any website or server.
- Redirect – Redirect all the HTTP traffic to another address.
- Replace Images – Replace all images on webpages with the specified one.
- Replace Videos – Replace all youtube videos on webpages with the specified one.
- Custom Filter – Replace custom text on webpages with the specified one.
Requirements for dSploit APK Download To Work
For dSploit to work correctly you need:
– An ARM CPU
– Gingerbread Android (at least Android 2.3)
– A full install of BusyBox (every utility, not a partial install)
You can download dSploit here:
Password for the APK .zip file is darknet123.
Or read more here.
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor’s hidden services) using OpenCL.
Scallion runs on Mono (tested in Arch Linux) and .NET 3.5+ (tested on Windows 7 and Server 2008)
Scallion was used to find collisions for every 32bit key id in the Web of Trust’s strong set demonstrating how insecure 32bit key ids are.
At a high level Scallion works as follows:
- Generate RSA key using OpenSSL on the CPU
- Send the key to the GPU
- Increase the key’s public exponent
- Hash the key
- If the hashed key is not a partial collision go to step 3
- If the key does not pass the sanity checks recommended by PKCS #1 v2.1 (checked on the CPU) go to step 3
- Brand new key with partial collision!
The basic algorithm is described above. Speed/performance is the result of massive parallelization, both on the GPU and the CPU.
Dependencies for Onion Hash Generator
To run Scallion successfully you need:
- OpenCL and relevant drivers installed and configured. Refer to your distribution’s documentation.
- OpenSSL. For Windows, the prebuilt x86 DLLs are included
- On windows only, VC++ Redistributable 2008
Scallion runs on Mono (tested in Arch Linux) and .NET 3.5+ (tested on Windows 7 and Server 2008).
Scallion Usage Onion Hash Generator
$ mono scallion/bin/Debug/scallion.exe -d 0 prefix
Cooking up some delicious scallions...
Using kernel optimized from file kernel.cl (Optimized4)
Using work group size 128
Compiling kernel... done.
Testing SHA1 hash...
CPU SHA-1: d3486ae9136e7856bc42212385ea797094475802
GPU SHA-1: d3486ae9136e7856bc42212385ea797094475802
LoopIteration:40 HashCount:671.09MH Speed:9.5MH/s Runtime:00:01:10 Predicted:00:00:56 Found new key! Found 1 unique keys.
<PrivateKey>-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
init: 491ms / 1 (491ms, 2.04/s)
generate key: 1193ms / 6 (198.83ms, 5.03/s)
cpu precompute: 10ms / 6 (1.67ms, 600/s)
total without init: 70640ms / 1 (70640ms, 0.01/s)
set buffers: 0ms / 40 (0ms, 0/s)
write buffers: 3ms / 40 (0.08ms, 13333.33/s)
read results: 67442ms / 40 (1686.05ms, 0.59/s)
check results: 185ms / 40 (4.63ms, 216.22/s)
9.50 million hashes per second
Stopping the GPU and shutting down...
You can download Scallion here:
Or read more here.
WiFi-Dumper is an open-source Python-based tool to dump WiFi profiles and cleartext passwords of the connected access points on a Windows machine. This tool will help you in a Wifi penetration testing and could also be useful when performing red team assessments or internal infrastructure engagements.
Each option in the tool generates the “.txt” file as an output, if you run the tool multiple times, the output gets appended to the previous results.
Features of WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords
Option 1:Shows the wireless networks available to the system. If the interface name is given, only the networks on the given interface will be listed. Otherwise, all networks visible to the system will be listed.
Option 2: Shows a list of wireless profiles configured on the system.
Option 3: Shows the allowed and blocked the wireless network list.
Option 4: Shows a list of all the wireless LAN interfaces on the system.
Option 5: Generates a detailed report about each wireless access point profile on the system. Group Policy Profiles are read-only. User Profiles are readable and writeable, and the preference order can be changed.
Option 6: Dumps the cleartext passwords of every wireless profile on the system. Make sure to generate the profile file (by selecting option 2) before running this option. Always run this as an administrator user to see the cleartext password. User needs to provide the individual wireless name by reading the profile names (option 7).
Option 7: It opens the list of wireless profiles on the system using notepad.
Option 8: It saves WLAN profiles to XML files.
Option 9: Exit gracefully.
You can download WiFi-Dumper here:
Or read more here.
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
truffleHog previously functioned by running entropy checks on git diffs. This functionality still exists, but high signal regex checks have been added, and the ability to surpress entropy checking has also been added.
truffleHog --regex --entropy=False https://github.com/dxa4481/truffleHog.git
truffleHog will go through the entire commit history of each branch, and check each diff from each commit, and check for secrets. This is both by regex and by entropy. For entropy checks, it will evaluate the shannon entropy for both the base64 charset and hexidecimal charset for every blob of text greater than 20 characters comprised of those character sets in each diff. If at any point a high entropy string >20 characters is detected, it will print to the screen.
Using truffleHog to Search Git for High Entropy Strings
usage: trufflehog [-h] [--json] [--regex] [--rules RULES]
[--entropy DO_ENTROPY] [--since_commit SINCE_COMMIT]
Find secrets hidden in the depths of git.
git_url URL for secret searching
-h, --help show this help message and exit
--json Output in JSON
--regex Enable high signal regex checks
--rules RULES Ignore default regexes and source from json list file
--entropy DO_ENTROPY Enable entropy checks
Only scan from a given commit hash
The max commit depth to go back when searching for
-i INCLUDE_PATHS_FILE, --include_paths INCLUDE_PATHS_FILE
File with regular expressions (one per line), at least
one of which must match a Git object path in order for
it to be scanned; lines starting with "#" are treated
as comments and are ignored. If empty or not provided
(default), all Git object paths are included unless
otherwise excluded via the --exclude_paths option.
-x EXCLUDE_PATHS_FILE, --exclude_paths EXCLUDE_PATHS_FILE
File with regular expressions (one per line), none of
which may match a Git object path in order for it to
be scanned; lines starting with "#" are treated as
comments and are ignored. If empty or not provided
(default), no Git object paths are excluded unless
effectively excluded via the --include_paths option.
You can download truffleHog here:
Or read more here.
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with capabilities of learning without any human intervention, DNS domain classification, Spam detection, network collector, network forensics and many others. AIEngine also helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so […]
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process. The main goal of Sooty is to perform as much of the routine checks as possible which allows the analyst more time to spend on deeper analysis. Features of Sooty SOC […]