Headline
MailRipV2 - Improved SMTP Checker / SMTP Cracker With Proxy-Support, Inbox Test And Many More Features
<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-TlTrewoCKCE/YUOfTfW4GvI/AAAAAAAAuwI/7AugxQAOxzIaT7YBQ-1D-MXde7jBohv4QCNcBGAsYHQ/s663/Mail.Rip.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="575" data-original-width="663" height="556" src="https://1.bp.blogspot.com/-TlTrewoCKCE/YUOfTfW4GvI/AAAAAAAAuwI/7AugxQAOxzIaT7YBQ-1D-MXde7jBohv4QCNcBGAsYHQ/w640-h556/Mail.Rip.png" width="640" /></a></div><p><br /></p> <p> Your SMTP checker / SMTP cracker for mailpass combolists including features like: proxy-support (SOCKS4 / SOCKS5) with automatic proxy-scraper and checker, e-mail delivery / inbox check and DNS lookup for unknown SMTP-hosts. Made for easy usage and always working!</p><span><a name=’more’></a></span><div><br /></div><span style="font-size: large;"><b>Overview</b></span><br /> <br /><b>Legal Notices</b><br /> <p> <b>You are ONLY allowed to use the following code for educational purposes!</b> Mail.Rip V2 shall not be used for any kind of illegal activity nor law enforcement at any time. This restriction applies to all cases of usage, no matter whether the code as a whole or only parts of it are being used. </p> <p> <i>By downloading and / or using any part of the code and / or any file of this repository, you agree to this restriction without remarks.</i> </p> <br /><b>Features</b><br /> <p> Mail.Rip v2 is a SMTP checker / SMTP cracker written in Python 3.8. Using the “smtplib", it allows you to check common mailpass combolists for valid SMTP logins. It has <b>included dictionaries and lists containing details of common email providers as well as most common ports used for SMTP servers.</b> In case any data is missing, “dnspython” is used to <b>lookup unknown SMTP hosts in MX records</b>. </p> <p> Moreover, Mail.Rip V2 comes with <b>SOCKS-proxy support</b> including a <b>proxy-scraper and checker</b> function. If the proxy-support is activated, the checker / cracker scrapes SOCKS4 or SOCKS5 proxys from common online sources and will check the results, then… The working <b>proxys</b> will be <b>used randomly</b>. And you can add new sources by editing the <i>library.json</i> at any time. </p> <p> Last but not least, Mail.Rip V2 includes an <b>email delivery test / inbox check</b> for found SMTP logins. For every valid combo, it tries to send a plain text email with the found SMTP login. All test messages are sent to your own user-defined receiving address whereby the content of the test emails is generated randomly. The templates can be edited in the “library.json", too. </p> <p> <b>Mail.Rip V2 is full functional and ready to use!</b> </p> <br /><span style="font-size: large;"><b>How-to use Mail.Rip V2</b></span><br /> <p> <b>Mail.Rip V2</b> has been written and tested with Python 3.8. It should run on any OS as long as Python and all dependencies are installed.<br /> Just follow the steps below! </p> <br /><b>Installing needed Python modules</b><br /> <p> All Python modules / packages needed are listed in the txt-file <i>requirements.txt</i>. For an easy installation, type: </p> <div class="snippet-clipboard-content position-relative” data-snippet-clipboard-copy-content="pip3 install -r requirements.txt “><pre><code>pip3 install -r requirements.txt<br /></code></pre></div> <p> Installing any missing dependencies may take some time. Be patient, please. </p> <br /><b>Start the <a href="https://www.kitploit.com/search/label/Checker” target="_blank” title="Checker">Checker</a> / Cracker</b><br /> <p> With all dependencies being installed, you can start Mail.Rip V2 with: </p> <div class="snippet-clipboard-content position-relative" data-snippet-clipboard-copy-content="python3 MailRipV2.py “><pre><code>python3 MailRipV2.py<br /></code></pre></div> <p> No extra arguments are needed. You only need to copy your combofile into the same directory before starting the checker / cracker. After starting it, just follow the steps from (1) to (4). For more information see “Options in Main Menu".<br /> <br /> <b>Please regard:</b><br /> Your combofile needs to be encoded with utf-8! Any other <a href="https://www.kitploit.com/search/label/Encoding” target="_blank” title="encoding">encoding</a> may cause errors. </p> <br /><b>Options in Main Menu</b><br /> <br /><b>[1] Set Default Values</b><br /> <p> Use this option to edit the default values for Mail.Rip V2. You can edit the following here: </p> <p> </p><ul> <li>Amount of threads to use for checking / cracking.</li> <li>Default timeout for connections.</li> <li>De-/activate the blacklist check for email domains.</li> <li>Set your email address as receiver for test messages.</li> </ul> <p></p> <br /><b>[2] De-/Activate Proxy-Support</b><br /> <p> This option allows you to activate or deactivate the proxy-support. If activated, you will be asked for the proxy-type to use. Just enter <i>SOCKS4</i> or <i>SOCKS5</i>. The scraper starts automatically then. You can add more sources by editing the <i>library.json</i>. After the <a href="https://www.kitploit.com/search/label/Scraping" target="_blank" title="scraping">scraping</a> is done, you will be asked whether you want to skip the checker. DO NOT SKIP THE CHECKER except you really, really need to start an attack immediately. </p> <br /><b>[3] Load Combos</b><br /> <p> Option #3 starts the <b>Comboloader</b>. Enter the name of your combofile, for example: <i>combos.txt</i>. All combos in the file will be loaded and prepared for an attack. Therefor, the Comboloader performs the following steps: </p> <p> </p><ul> <li>Any other separator than “:” is replaced.</li> <li>The email address in the combo is verified by its format using regular expressions.</li> <li>For verified email addresses, the domain is checked against the blacklist included in <i>library.json</i>.</li> <li>Then, the loader checks whether it has already loaded the given combo before (duplicates check).</li> </ul> <p></p> <p> All combos passing the checks will be loaded for an attack and saved to a txt-file called <i>targets.txt</i>. <b>Please make sure that your combofile is encoded with utf-8</b> or errors may occur. </p> <br /><b>[4] Start Attack</b><br /> <p> This one is obvious. </p> <br /><span style="font-size: large;"><b>Various</b></span><br /> <p> See the sections below for any tips, hints and other information. </p> <br /><b>SMTP <a href="https://www.kitploit.com/search/label/Cracking" target="_blank" title="cracking">cracking</a> / SMTP checking process</b><br /> <p> Mail.Rip V2 uses the smtplib for the checking / cracking process. The “magic” is done this way: </p> <p> </p><ol> <li>The SMTP cracker / SMTP checker reads the next combo from the list loaded.</li> <li>It looks up the email domain in the “smtphost” <a href="https://www.kitploit.com/search/label/Dictionary" target="_blank" title="dictionary">dictionary</a> for the SMTP-host to attack.</li> <li>For unknown hosts, it will try to get the address from the MX records of the email domain.</li> <li>The connection port for host found in MX records is searched using the most common ones in a trial and error process.</li> <li>Afterwards it establishes a connection to the SMTP host (trying SSL and non-SSL as well as TLS)</li> <li>and sends the login data using the target email address and the given password from the combo.</li> <li>If the login is denied, the cracker / checker will try to login with the user-ID (email without @…) and the password.</li> <li>In case the login data is valid, the so-called “hit” will be saved to a txt-file.</li> <li>In the end Mail.Rip V2 will try to send a test message to you using the found SMTP.</li> </ol> <p></p> <p> For best results every user should edit the host information in the <i>library.json</i> before starting Mail.Rip V2 the first time. Adding the data of the most common e-mail providers in a combolist will always speed up the checking / cracking process. And it will probably raise less security flags on the server-side. </p> <p> Other ways to improve your results are: deactivating the proxy-support and adjusting default values. In fact, <b>IT IS RECOMMENDED TO LEAVE THE PROXY-SUPPORT DEACTIVATED.</b> Without using proxys, you will receive much better results - for the checker as well as for the inbox check. </p> <br /><b>Notes on the email delivery test (inbox check)</b><br /> <p> The email content is generated randomly using templates in the “library.json". Edit those templates for your needs. Editing the templates from time to time will provide a higher success rate. </p> <p> Always regard that the email delivery test may return false negative results for many reasons. It just confirms that the given SMTP host can be used for sending emails with any software. Well-known email providers may block or restrict access to SMTP accounts, especially for tools like Mail.Rip V2. Moreover, free proxys may be blacklisted as well as the certain SMTP account itself. You should test valid logins for which the delivery test failed again after the attack has been finished. </p> <br /><b>Notes on the blacklist check</b><br /> <p> The <i>library.json</i> includes a blacklist for email domains. More than 500 trashmail domains have been added to it. But there are also some very popular email providers on it. Those email providers are most often a waste of time when you check or crack mailpass combolists. Sometimes they just block the access, sometimes they ask for further verification. </p> <p> If you want to attack those providers, too, edit the blacklist for your needs. </p> <br /><span style="font-size: large;"><b>Support Mail.Rip V2</b></span><br /> <p> If you like Mail.Rip V2 support it, please! Every donation helps. Or just buy me coffee! The more coffee I drink the more time I can spend on projects like this one. Just use the wallets (BTC / LTC) below for your donation. All donations are appreciated - no matter how much you send. A single Dollar can keep me awake for one or two hours … ;-) </p> <br /><b>Donation wallets</b><br /> <p> </p><ul> <li><b>BTC (Bitcoin):</b> 1CU8WukMCDmeBfqJpsR4Vq9kxvNiRdYhf5</li> <li><b>LTC (Litecoin):</b> LeJsHzcMixhvR1qEfgHJU32joVAJDgQwR7</li> </ul> <p></p> <br /><b>Last Update</b><br /> <p> 2021-03-27: release X - FINAL VERSION! See commit comments for further details. </p> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download” href="https://github.com/DrPython3/MailRipV2" rel="nofollow" target="_blank" title="Download MailRipV2">Download MailRipV2</a></span></b></div>
Related news
<p><a href="http://2.bp.blogspot.com/-RfSp1Prm8Ns/YUOxaTgLFfI/AAAAAAAAvAE/SN4RCzdEi0Y5JMgSOfk7QtJ4oTb9HJ_hACK4BGAYYCw/s1600/PoW-Shield_7_screenshot-773941.jpeg" style="text-align: center;"><img alt="" border="0" height="290" id="BLOGGER_PHOTO_ID_7008640510588556786" src="http://2.bp.blogspot.com/-RfSp1Prm8Ns/YUOxaTgLFfI/AAAAAAAAvAE/SN4RCzdEi0Y5JMgSOfk7QtJ4oTb9HJ_hACK4BGAYYCw/w640-h290/PoW-Shield_7_screenshot-773941.jpeg" width="640" /></a></p><p><br /></p> <p>Project dedicated to provide DDoS <a href="https://www.kitploit.com/search/label/Protection" target="_blank" title="protection">protection</a> with proof-of-work</p><span><a name='more'></a></span><p style="text-align: center;"><br /></p><span style="font-size: large;"><b>Description</b></span><br /> <p>PoW Shield provides DDoS protection on OSI application layer by acting as a proxy that utilizes proof of work between the backend service and the end user. This project aims to provide an alternative to general captcha methods su...
<p style="text-align: center;"><a href="https://1.bp.blogspot.com/-uBauZSD-Bhk/YUseN81_vXI/AAAAAAAAvSM/EC84hZKBoEwOsqwKqEIWBK4gLBDaa3zKgCNcBGAsYHQ/s1099/jspanda_3_pollute.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="844" data-original-width="1099" height="492" src="https://1.bp.blogspot.com/-uBauZSD-Bhk/YUseN81_vXI/AAAAAAAAvSM/EC84hZKBoEwOsqwKqEIWBK4gLBDaa3zKgCNcBGAsYHQ/w640-h492/jspanda_3_pollute.png" width="640" /></a></p><p style="text-align: center;"><br /></p> <p>JSpanda is client-side prototype pollution <a href="https://www.kitploit.com/search/label/Vulnerability" target="_blank" title="vulnerability">vulnerability</a> scanner. It has two key features, scanning vulnerability the supplied URLs and analyzing the JavaScript libraries' source code.</p> <p>However, JSpanda cannot detect advanced prototype pollution vulnerabilities.</p><span><a name='more'></a></span><div><br /></div><span style="font-size: large;"><b><stron...
<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-tGjIlM9LBZc/YUqO4Rh9sPI/AAAAAAAAvRs/bm1bfExG9XAPtJE5eSPbA7TGazin3GVsACNcBGAsYHQ/s741/secure_password.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="357" data-original-width="741" height="308" src="https://1.bp.blogspot.com/-tGjIlM9LBZc/YUqO4Rh9sPI/AAAAAAAAvRs/bm1bfExG9XAPtJE5eSPbA7TGazin3GVsACNcBGAsYHQ/w640-h308/secure_password.png" width="640" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><p></p> <p>This script securely encrypts or decrypts <a href="https://www.kitploit.com/search/label/Passwords" target="_blank" title="passwords">passwords</a> on disk within a custom database file. It also features functionality to retrieve passwords from a previously generated database file. This script takes a master password from stdin/from memory, then <a href="https://www.kitploit.com/search/...
<p style="text-align: center;"><a href="http://1.bp.blogspot.com/-Eb1ngQXSYFs/YUOxfKGrtdI/AAAAAAAAvAM/kvv1AGXrZ64I7ehBqzTL1k0IlVJF16HWQCK4BGAYYCw/s1600/dirsearch_1_babygopher-badge-790842.png"><img alt="" border="0" id="BLOGGER_PHOTO_ID_7008640593965069778" src="http://1.bp.blogspot.com/-Eb1ngQXSYFs/YUOxfKGrtdI/AAAAAAAAvAM/kvv1AGXrZ64I7ehBqzTL1k0IlVJF16HWQCK4BGAYYCw/s320/dirsearch_1_babygopher-badge-790842.png" /></a></p><br /> <p>This software is a Go implementation of the original <a href="https://github.com/maurosoria/dirsearch" rel="nofollow" target="_blank" title="dirsearch tool">dirsearch tool</a> written by <code>Mauro Soria</code>. DirSearch is the very first tool I write in Go, mostly to play and experiment with Go's concurrency model, channels, and so forth :)</p><p><span></span></p><a name='more'></a> <p></p><span style="font-size: large;"><b>Purpose</b></span><br /> <p>DirSearch takes an input URL ( <code>-url</code> parameter ) and a wordlist ( <code>-wordlist</cod...
<p><a href="http://3.bp.blogspot.com/-w1TWIH0VmMU/YTVKoFtzVYI/AAAAAAAAt1U/Rc1XoXgIzw0KwG4SRi4foI0Aq9_Lm0x_wCK4BGAYYCw/s1600/PyHook_1_Demo-754513.gif" style="text-align: center;"><img alt="" border="0" height="328" id="BLOGGER_PHOTO_ID_7004586848034182530" src="http://3.bp.blogspot.com/-w1TWIH0VmMU/YTVKoFtzVYI/AAAAAAAAt1U/Rc1XoXgIzw0KwG4SRi4foI0Aq9_Lm0x_wCK4BGAYYCw/w640-h328/PyHook_1_Demo-754513.gif" width="640" /></a></p><br /> <p>PyHook is the python implementation of my <a href="https://github.com/IlanKalendarov/SharpHook" rel="nofollow" target="_blank" title="SharpHook">SharpHook</a> project, It uses various API hooks in order to give us the desired credentials.</p> <p>PyHook Uses <a href="https://www.kitploit.com/search/label/Frida" target="_blank" title="frida">frida</a> to inject it's dependencies into the target process</p><span><a name='more'></a></span><p><br /></p><span style="font-size: large;"><b>Supported Processes</b></span><br /> <table> <tr> <th>Process</th> <th>A...
<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-h0VI37sR9_k/YUqNP3yhHHI/AAAAAAAAvRY/YEfOeO7sMlEHVNzTe5DeRVQ8dm0DnEf6ACNcBGAsYHQ/s1851/weakpass_1_sample.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="939" data-original-width="1851" height="324" src="https://1.bp.blogspot.com/-h0VI37sR9_k/YUqNP3yhHHI/AAAAAAAAvRY/YEfOeO7sMlEHVNzTe5DeRVQ8dm0DnEf6ACNcBGAsYHQ/w640-h324/weakpass_1_sample.png" width="640" /></a></div><p><br /></p><p>The tool generates a <a href="https://www.kitploit.com/search/label/Wordlist" target="_blank" title="wordlist">wordlist</a> based on a set of words entered by the user.</p><span><a name='more'></a></span><p><br /></p><p>For example, during penetration testing, you need to gain access to some service, device, account, or Wi-Fi network that is password protected. For example, let it be the <em>Wi-Fi</em> network of <strong>EvilCorp</strong>. Sometimes, a passw...
<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-M_M-0bf6M28/YUOdpCkjs4I/AAAAAAAAuwA/voMYX-s0vSkdD7d3_EoPvBC-EF93luWFQCNcBGAsYHQ/s2048/crowdsec_logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1383" data-original-width="2048" height="432" src="https://1.bp.blogspot.com/-M_M-0bf6M28/YUOdpCkjs4I/AAAAAAAAuwA/voMYX-s0vSkdD7d3_EoPvBC-EF93luWFQCNcBGAsYHQ/w640-h432/crowdsec_logo.png" width="640" /></a></div><p><br /></p> <p>CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on fail2ban's philosophy but is IPV6 compatible and 60x faster (Go vs Python), uses Grok patterns to parse logs and YAML scenario to identify behaviors. CrowdSec is engineered for modern Cloud / <a href="https://www.kitploit.com/search/label/Containers" target="_blank" title="Containers">Containers</a> / VM based infrastructures (by dec...
<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-_KxV4jubhaU/YUOcgzhpbJI/AAAAAAAAuvw/Sc0xmixjtXoKF7G1bAmJ0ibxfmIDEAIxwCNcBGAsYHQ/s873/PS2EXE.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="381" data-original-width="873" height="280" src="https://1.bp.blogspot.com/-_KxV4jubhaU/YUOcgzhpbJI/AAAAAAAAuvw/Sc0xmixjtXoKF7G1bAmJ0ibxfmIDEAIxwCNcBGAsYHQ/w640-h280/PS2EXE.JPG" width="640" /></a></div><p><br /></p> <p>Overworking of the great script of Ingo Karstein with GUI support. The GUI output and input is activated with one switch, real windows executables are generated. With Powershell 5.x support and graphical front end.</p> <p>Module version.</p><span><a name='more'></a></span><p><br /></p> <p>You find the script based version here (<a href="https://github.com/MScholtes/TechNet-Gallery" rel="nofollow" target="_blank" title="https://github.com/MScholtes/TechNet-Gallery">https://githu...
<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-CwR1NpKuyd4/YUObnj1bvzI/AAAAAAAAuvo/jTm7kjPutFA9rMwYWJtmittz4F4lid6LgCNcBGAsYHQ/s930/InlineExecute.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="606" data-original-width="930" height="418" src="https://1.bp.blogspot.com/-CwR1NpKuyd4/YUObnj1bvzI/AAAAAAAAuvo/jTm7kjPutFA9rMwYWJtmittz4F4lid6LgCNcBGAsYHQ/w640-h418/InlineExecute.png" width="640" /></a></div><p><br /></p> <p>InlineExecute-Assembly is a <a href="https://www.kitploit.com/search/label/Proof%20Of%20Concept" target="_blank" title="proof of concept">proof of concept</a> Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module. InlineExecute-Assembly will execute any assembly with the entry point of <code>Main(string[] args)</code> or <code>Mai...
<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-4w-yAJHKJ4Q/YUOMKJAmDwI/AAAAAAAAuuY/2Tqomqypu58DXaQApHuQiwhXEcC7q17ZgCNcBGAsYHQ/s800/graphql.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="280" data-original-width="800" height="224" src="https://1.bp.blogspot.com/-4w-yAJHKJ4Q/YUOMKJAmDwI/AAAAAAAAuuY/2Tqomqypu58DXaQApHuQiwhXEcC7q17ZgCNcBGAsYHQ/w640-h224/graphql.png" width="640" /></a></div><p><br /></p> <p>BatchQL is a GraphQL security <a href="https://www.kitploit.com/search/label/Auditing" target="_blank" title="auditing">auditing</a> script with a focus on performing batch GraphQL queries and mutations. This script is not complex, and we welcome improvements.</p> <p>When exploring the problem space of GraphQL batching attacks, we found that there were a few blog posts on the internet, however no tool to perform GraphQL batching attacks.</p> <p>GraphQL batching attacks can be...
<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-JMl-654CheQ/YUOLZnQfumI/AAAAAAAAuuQ/JGDFkb4V1iQ5GvRUodx6ZDEecD6q2iZ1gCNcBGAsYHQ/s300/printer_hack.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="168" data-original-width="300" height="358" src="https://1.bp.blogspot.com/-JMl-654CheQ/YUOLZnQfumI/AAAAAAAAuuQ/JGDFkb4V1iQ5GvRUodx6ZDEecD6q2iZ1gCNcBGAsYHQ/w640-h358/printer_hack.jpeg" width="640" /></a></div><p><br /></p> <p>Concealed Position is a local <a href="https://www.kitploit.com/search/label/Privilege%20Escalation" target="_blank" title="privilege escalation">privilege escalation</a> attack against Windows using the concept of "Bring Your Own Vulnerability". Specifically, Concealed Position (CP) uses the <em>as designed</em> package point and print logic in Windows that allows a low privilege user to stage and install printer drivers. CP specifically installs drivers with <a hr...
<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-AL7wzHH2D8c/YUS_XCCASFI/AAAAAAAAvRM/D6gLmBwGwvIW1uCOBSLNnmJ41hRXQbwNgCNcBGAsYHQ/s480/on-the-fly_4.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="360" data-original-width="480" height="480" src="https://1.bp.blogspot.com/-AL7wzHH2D8c/YUS_XCCASFI/AAAAAAAAvRM/D6gLmBwGwvIW1uCOBSLNnmJ41hRXQbwNgCNcBGAsYHQ/w640-h480/on-the-fly_4.jpeg" width="640" /></a></div><p><br /></p><div class="snippet-clipboard-content position-relative" data-snippet-clipboard-copy-content=" ▒█████ ███▄ █ ▄▄▄█████▓ ██░ ██ ▓█████ █████ ██▓ ▓██ ██▓ ▒██▒ ██▒ ██ ▀█ █ ▓ ██▒ ▓▒▒▓██░ ██ ▓█ ▀ ▓██ ▓██▒ ▒██ ██▒ ▒██░ ██▒▓██ ▀█ ██▒ ▒ ▓██░ ▒░░▒██▀▀██ ▒███ ▒████ ▒██░ ▒██ ██░ ▒██ ██░▓██▒ ▐▌██▒ ░ ▓██▓ ░ ░▓█ ░██ ▒▓█ ▄ ░▓█▒ ▒██░ ░ ▐██▓░ ░ ████▓▒░▒██░ ▓██░ ▒██▒ ░ ░▓█▒░██▓▒░▒████ ▒░▒█░ ▒░██...
<p style="text-align: center;"><a href="http://1.bp.blogspot.com/-Eph2jPyIEs4/YTVMaWNoJNI/AAAAAAAAt7w/2fS0PnouBd0kTzMlCj8esDtcSXJolnV1wCK4BGAYYCw/s1600/plution_1-714956.png"><img alt="" border="0" height="556" id="BLOGGER_PHOTO_ID_7004588810967721170" src="http://1.bp.blogspot.com/-Eph2jPyIEs4/YTVMaWNoJNI/AAAAAAAAt7w/2fS0PnouBd0kTzMlCj8esDtcSXJolnV1wCK4BGAYYCw/w640-h556/plution_1-714956.png" width="640" /></a></p> <br /> <p>Plution is a convenient way to scan at scale for pages that are <a href="https://www.kitploit.com/search/label/Vulnerable" target="_blank" title="vulnerable">vulnerable</a> to <a href="https://www.kitploit.com/search/label/Client%20Side" target="_blank" title="client side">client side</a> <a href="https://www.kitploit.com/search/label/Prototype%20Pollution" target="_blank" title="prototype pollution">prototype pollution</a> via a URL payload. In the default configuration, it will use a hardcoded payload that can detect 11 of the cases documented here: <a href="htt...
<h1 align="center"><a href="http://4.bp.blogspot.com/-2rdx0vfyq9k/YTVN7X0T73I/AAAAAAAAuI4/Dl9NXtf72WkZGlSn7yTU6K97vHQSLTlcACK4BGAYYCw/s1600/Vailyn_1_logo-700923.png"><img alt="" border="0" height="400" id="BLOGGER_PHOTO_ID_7004590477845720946" src="http://4.bp.blogspot.com/-2rdx0vfyq9k/YTVN7X0T73I/AAAAAAAAuI4/Dl9NXtf72WkZGlSn7yTU6K97vHQSLTlcACK4BGAYYCw/w193-h400/Vailyn_1_logo-700923.png" width="193" /></a><br /> Vailyn <br /> </h1> <p align="center"><br /> Phased <a href="https://www.kitploit.com/search/label/Path%20Traversal" target="_blank" title="Path Traversal">Path Traversal</a> & LFI Attacks </p> <blockquote> <p><strong>Vailyn 3.0</strong></p> <p>Since v3.0, Vailyn supports LFI PHP wrappers in Phase 1. Use <code>--lfi</code> to include them in the scan.</p> </blockquote> <br /><span style="font-size: x-large;"><b>About</b></span><br /> <p>Vailyn is a multi-phased <a href="https://www.kitploit.com/search/label/Vulnerability%20Analysis" target="_blank" title="...