thc-hydra | iodine | |
---|---|---|
18 | 58 | |
9,098 | 5,821 | |
- | - | |
5.6 | 5.1 | |
17 days ago | 6 months ago | |
C | C | |
GNU Affero General Public License v3.0 | ISC License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
thc-hydra
-
Show HN: Hydra - Open-Source Columnar Postgres
Nice tool, only unfortunate name, consider changing it. Already very well know security tool named hydra https://github.com/vanhauser-thc/thc-hydra been around since 2001. Then facebook went ahead and named their config tool hydra https://github.com/facebookresearch/hydra on top of it. Like we get it, hydra popular mythology but we could use more original naming for tools
- Help with a brute force tool
-
What's everyone working on this week (26/2023)?
I just started learning Rust, but I will begin building a brute-force tool. Hydra is great but lacks updates, IMHO. I started using Golang, but it sucks (I love the Go language, but it sucks for this type of task).
-
The 36 tools that SaaS can use to keep their product and data safe from criminal hackers (manual research)
Hydra
- Unable to complete libssh2 handshake
-
Password Attacks - Network Services
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2023-01-28 16:31:17 [WARNING] the rdp module is experimental. Please test, report - and if possible, fix. [WARNING] Restorefile (ignored ...) from a previous session found, to prevent overwriting, ./hydra.restore [DATA] max 3 tasks per 1 server, overall 3 tasks, 21112 login tries (l:104/p:203), ~7038 tries per task [DATA] attacking rdp://10.129.202.136:3389/ [STATUS] 166.00 tries/min, 166 tries in 00:01h, 20946 to do in 02:07h, 3 active [STATUS] 121.67 tries/min, 365 tries in 00:03h, 20747 to do in 02:51h, 3 active [3389][rdp] account on 10.129.202.136 might be valid but account not active for remote desktop: login: password: , continuing attacking the account. [STATUS] 86.29 tries/min, 604 tries in 00:07h, 20509 to do in 03:58h, 2 active [ERROR] all children were disabled due too many connection errors 0 of 1 target completed, 0 valid password found [INFO] Writing restore file because 2 server scans could not be completed [ERROR] 1 target was disabled because of too many errors [ERROR] 1 targets did not complete Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2023-01-28 16:38:23
- Could use some help
- Github hydra scripts
-
THC-Hydra in Rust FOSS Project
I am searching for people interested in coding an alternative to the thc-hydra project, with additional features (implementing the Shodan api to make it automated, etc...)
-
THM HackPark
Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-10-22 13:09:13
iodine
-
Show HN: This Website Is Hosted on DNS
Reminds me of using https://code.kryo.se/iodine/ ( DNS tunnel ) and a empty prepaid card...
-
DNS Exfiltration Tool
Obligatory dns tunnel software for exfil. It is super noisy if you do dns querylogging, so I'd not use it for anything major, but it is a fun research tool.
https://github.com/yarrick/iodine
-
Fun with DNS TXT Records
It's worth noting that you (re) invented what iodine does: https://code.kryo.se/iodine/
-
WiFi without internet on a Southwest flight
(https://github.com/yarrick/iodine)
It’s slow, but it works and is a handy “last resort” tool.
-
Russia starts blocking VPN at the protocol (WireGuard, OpenVPN) level
While working in an environment where VPN connections were pretty much all blocked⁰ a friend of mine had success using https://guacamole.apache.org/ to access a remote machine¹. Not quite the same as a direct VPN connection but worth a try if nothing else functions, it looks enough like normal HTTPS traffic that he got away with it.
To keep your wireguard setup more as-is, you could try https://kirill888.github.io/notes/wireguard-via-websocket/ to tunnel that via a web server. In fact https://github.com/erebe/wstunnel which that uses could be used just as well with any other UDP based VPN.
I once tinkered with https://github.com/yarrick/iodine and successfully connected to resources over the wireless on a train, bypassing its traffic capture and sign-up requirement, so that might be an option, though I think fully blocking external DNS is more common now so this is less likely to work²³.
--
[0] practically only HTTP(S) permitted, not even SSH, DPI in use that detected just using SSH or OpenVPN over port 443
[1] NOTE: be careful breaching restrictions like this, you are at risk of an insta-sacking if discovered, or worse if operating in some securiry environments!
[2] and the latency when it does work is significant!
[3] and that much traffic over port 53 might get noticed by the heuristics of data exfiltration scanner, encouraging sysadmins to notice and implement a way to block it
-
Show HN: File distribution over DNS: (ab)using DNS as a CDN
There's also iodine, a C program that tunnels IPv4 packets over DNS. Useful for bypassing captive portals on wifi, since DNS usually isn't restricted.
https://github.com/yarrick/iodine
Regarding cloudflare DNS over HTTPS: It could be that it tries to server data encoded as JSON, which is impossible in JSON. Some control characters and bytes 128-255 cannot be represented as JSON strings.
-
Show HN: Use DNS TXT to share information
A regular proxy on port 53 might work? Is it necessary to actually use DNS?
Otherwise there's https://github.com/yarrick/iodine
- Anything can be a message queue if you use it wrongly enough
-
help with choosing a VPN to host (I'll explain)
Well, you're really exhausting your options here (and possibly your IT department's patience). Iodine would still be an option, it creates a tunnel through DNS traffic. Nearly impossible to block/filter out but you shouldn't expect a lot of bandwidth. Try it out! Although if you're only going to use low-bandwidth applications through the tunnel anyway you might as well use your own mobile data plan instead of your school's WLAN.
- DNS blacklisting in enterprise
What are some alternatives?
naive-hashcat - Crack password hashes without the fuss :cat2:
dnscat2
Metasploit - Metasploit Framework
miniProxy
SQLMap - Automatic SQL injection and database takeover tool
PHP-Proxy - Proxy Application built on php-proxy library ready to be installed on your server
elpscrk - An Intelligent wordlist generator based on user profiling, permutations, and statistics. (Named after the same tool in Mr.Robot series S01E01)
Nginx Proxy Manager - Docker container for managing Nginx proxy hosts with a simple, powerful interface
mimikatz - A little tool to play with Windows security
inlets - Get public TCP LoadBalancers for local Kubernetes clusters
PSKracker - An all-in-one WPA/WPS toolkit
Swiperproxy - A Python-based HTTP/HTTPS-proxy.