7he Dead Bunny Collective

Project maintained by s1l3nt78


s1l3nt78's github stats

Current Projects

- Sifter
  - Sifter.Extentions
- TigerShark
- Dark-Star
- gCat (Version 2 | Redevelopment )
    Original Author: byt3bl33d3r
- MCheck
- Useful Password Lists
- Blackeye


# Sifter

Release : Violet
Version : 11.5

# Additions:

- DeadTrap - Mobile Number OSINT.
- GitSearch - Tool to search git from CLI and clone (if required)
- Mosint - MOSINT is an OSINT Tool for emails. It helps you gather information about the target email.

- Snaffler - Gather targets from Active Directories, searches out file shares, and whether they're readable.
- WeblogicScanner - Weblogic Vulnerability Scanning Tool
- Responder - LLMNR, NBT-NS and MDNS poisoner.
- Vailyn - Multi-phased vulnerability analysis and LFI exploitation tool
- Mitre-Attack Website - Provides basic navigation and annotation of ATT&CK matrices
- DroneSploit (Optional) - Hacking techniques and exploits especially focused on drone hacking.

- Typing info into any menu will bring up the Module Information Screen.
- Typing session into any menu will start a new Sifter session to run concurrently.
- All Results can now be exported to Desktop and a backup zip package is created and time stamped.

# Extentions

Sifter.Ex Plugins

- G - Sifter's g extention gives a GUI overlay
  '--> Built on top of eDEX-UI
- F - Sifter's f plugin provides the DanderFuzz Exploitation Framework
  '--> Framework created by the EquationGroup courtesy of The Shadow Brokers
- M - The m extention provides Malware Analysis tools to Sifter
- C - Sifter's c extention is just a small script allowing CobaltStrike to be added to exploitation frameworks.
   (A copy of CobaltStrike will NOT be provided, You must provide your own)

Sifter is an osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, scan for the 'blue' vulnerabilities within microsft and if unpatched, exploit them. It uses tools like blackwidow and konan for webdir enumeration and attack surface mapping rapidly using ASM.

- More information for sifter can be found here


# TigerShark

Current Version: 6


- EvilReg - added for payload persistence.
- WBruter - Bruteforce Android Lock pin (USB Debugging must be enable but root is not needed)
- GetDroid - Android payload creation.
- apkinfector - infect legitimate apks with meterpreter shells.
- PhishMailer - Email Spamming for different services.
- Mouse - Mac & iOS Post Exploitation Tool.
- LockPhish - This tool is designed to grab Windows credentials, Android PIN and iPhone
     Passcode using a https link.
- WhatPhish - Tool for whatsapp phishing with OTP options provided
- GoSmish - SMS Payload delivery using GoPhish framework & campaign data (Through Twilio)
'-->  Warning:  Twilio may block the account for malicious usage.

TigerShark is a bilingual PhishingKit that incorporates various different phishing tools, domain generation and gathering tools and mail spammers in order to launch a fully customizable phishing page/server in whatever scripting language needed. This campaign can be launched against a small group or as a mass campaign.

- More information about TigerShark can be found here


# MkCheck

Current Version: 4

MkCheck is used to check MikroTik Routers for:

- winbox_auth_bypass_creds_disclosure
- routeros_jailbreak
- ByTheWay RCE
- ChimneyBlue SMB BufferOverflow

MkCheck matches IP address to WiFi Access Point Names
If routersploit module confirms if the Mikrotik device is vulnerable and if found - displays login credentials which must be entered into scripts/miko.py for MkCheck's auto search
module to correctly work.
The ByTheWay Root Shell Check exploit leverages the path traversal vulnerability CVE-2018-14847 to extract the admin password and create an "option" package
to enable the developer backdoor. Post exploitation the attacker can connect to Telnet or SSH using the root user "devel" with the admin's password.
The main function spawns a quick ssh session on the compromised machine to enumerate the Net AP name from IP

-Once the Network AP Name has been found the attacker can use the IP and login credentials to work with Mikrotik Router config directly from a web-session.

- More information on MkCheck can be found here


# gCat

Current Version: 1
Redevlopment on hold.

Coming Soon: Version 2

  - Rewriting for Python3

  - Adding extra features

A stealthy Python based backdoor that uses Gmail as a command and control server
This mitigates the new for things like port forwarding, proxies or the need for public hosting.
For this to work you need:
   - A Gmail account (Use a dedicated account! Do not use your personal one!)
   - Turn on "Allow less secure apps" under the security settings of the account
   - You may also have to enable IMAP in the account settings
   - Python2

- More information on gCat can be found here

# Dark-Star

Dark-Star is a small script, written in python2.
This tool is used for DDoS attack emulation.

$ python darkstar.py

- This repo can be found here