OP Posted at 03-09-2025, 05:37 PM
(This post was last modified: 03-09-2025, 05:45 PM by DNIExploit.
Edit Reason: bot
)
Today I present Daytona-UI, a checker/brute/scanner I have used to gain access to corporate networks.
Specialized software for gaining access to critical infrastructure and providing access to corporate networks or internal corporate data.
Licensing system, purchase a license automatically from the telegram bot @DaytonaUI_bot.
We strongly recommend using the bot, as if someone does not have a Telegram account, a key and build can be created for them, but it may take me a few hours to respond to direct messages on TOX or DM. In addition, the bot allows you to track your license and the latest updates.
15-day trial for anyone who wants to use the software for free. It will end on September 15.
Telegram Contact & BOT:
Bot -> @DaytonaUI_bot
Support -> @daytonasup
News Channel -> @DaytonaUInews
If you don't have Telegram, just send me a message via Tox or DM. I'll try to reply ASAP.
In case channel, bot or account get shutdown, I will inform via this thread.
Features-Checker
![[Image: ?u=https%3A%2F%2Fi.postimg.cc%2FL5b4LVn1...69fd51.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fi.postimg.cc%2FL5b4LVn1%2FChecker-General-PNG-0e749483e0b5a774e6b9a5a69669fd51.png)
Targets
Network Access:
RdWeb
Cisco AnyConnect
Fortinet VPN
BIG-IP
Citrix NetScaler
Pulse Secure
CI/CD:
Confluence
Gitlab
Jira
Corp Mail:
OWA (Outlook Web Access)
Live Log:
In each section of the program, you will be able to see how the software works and provides information to the user without the user doubting that the software may have frozen or stopped working properly.
Logs Support:
Supports both ULP logs and PC logs(US_95.73.37.12_xxx_stealer.zip).
High capacity to process hundreds of files at the same time.
Files supported extensions -> .txt o .log
PC Logs supported extensions -> .zip , .rar & .7z
How it works:
PC Logs with support in case any or all of those selected have a password, as prior to processing the PC Logs, the user will be asked for a list of the passwords needed to open the PC_Logs.
The program has a system for detecting correct or incorrect credentials, so there is no problem in providing a list of credentials because the program includes a parallel credential test so that credentials can be checked quickly in the event of a long list of credentials.
After the program finds the correct credentials for the compressed file it is working on, it will use one extraction system or another depending on the disk space available on the VPS/PC of the user running the program.
The extraction systems are as follows:
With sufficient space (Fast): If the program detects that there is sufficient space to decompress the zip file, it will decompress it, read all the credentials, save them in the program's memory, and delete the compressed file, thus completing this task very quickly and efficiently.
Intelligent (No Space): When it detects that there is not enough space on the user's VPS/PC, the program has an intelligent extraction system that reads the specific files containing the credentials to be loaded into the program from memory, thus making it recursive so that the program does not need to decompress the PC Log, but only needs access to it. Obviously, although efforts have been made to make this method as fast as possible, it is inevitably much slower than the previous extraction system.
CIS domains are not allowed to check, will be automatically dismissed.
Checker-General Tab
From the "General" tab, you can see a dashboard for the Checker section, where you can view the following values:
Loaded -> The number of credentials for targets supported by the program that have been processed
Success -> The number of valid credentials.
Failure -> The number of incorrect credentials.
Error -> The number of URLs that have returned some kind of error when attempting to check credentials.
ETA -> Expected time to complete the check. This value varies depending on the internet speed and the threads applied for the check. With a high percentage of accuracy in the estimated time for completion of the check.
Then we have the user-configurable sections, which are as follows:
Targets -> Select the targets you are interested in. Check interactively.
Config
Checker Threads -> This relates to the bandwidth used by the program. The higher the value, the faster it will run, but more internet will be needed due to the increase in simultaneous requests. In my opinion, I always use the maximum value as I have never had any problems. If you have a connection of 100Mbps or higher, I recommend setting it to the maximum value.
Extractor Workers-> This value will be used in the intelligent extraction system (when there is no space when extracting a PC Log). It will use the system's CPU/Disk, and depending on your PC, it may vary between one value or another. I recommend the default value in the program, as it is neither slow nor very fast.
Results Path -> By default, the checker output is configured to the same directory where the program is executed, but this can be changed to any path chosen by the user.
Checker-Results Tab
Profiles for each check: Each check creates a new profile, allowing you to perform more than one check without replacing the content of the last check with that of the first.
In this section, we have the results obtained from the Checker in real time.
![[Image: ?u=https%3A%2F%2Fi.postimg.cc%2Fj56YDWRy...f46c89.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fi.postimg.cc%2Fj56YDWRy%2FChecker-Results-PNG-5cec444913fe29b2d7750171a9f46c89.png)
There are several filtering options in the program.
Filtered by
Target (single or multiple selection).
URL or Username
Show goods only
Group by Domain: To avoid displaying duplicate URLs, this allows you to clearly see all the URLs and credentials collected from each one.
![[Image: ?u=https%3A%2F%2Fi.postimg.cc%2FV683PYXv...4de856.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fi.postimg.cc%2FV683PYXv%2FChecker-Filters-PNG-d694c51e4c933447965ee838864de856.png)
Hide by Pattern
![[Image: ?u=https%3A%2F%2Fi.postimg.cc%2FLXD0djHQ...030094.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fi.postimg.cc%2FLXD0djHQ%2FChecker-Hide-Option-PNG-a8be78e8a59e06537e93a2dde8030094.png)
![[Image: ?u=https%3A%2F%2Fi.postimg.cc%2FtJhdQjtq...f15a3d.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fi.postimg.cc%2FtJhdQjtq%2FChecker-Hide-Showed-PNG-7638fb3f6e05be4fa4a9f2d408f15a3d.png)
Checker-Proxy Tab
Section for configuring proxies that will work in both the Checker and Brute sections. They operate on a rotating basis in both the Checker and Brute.
The user can upload or paste the proxies they want to use (drag & drop supported).
The default protocol can be configured in case the proxy or proxies inserted by the user do not have a prefix added.
The program will check the proxies that have been loaded by the user. During the check, it will verify whether the proxies are active or inactive and will remove those that do not work.
![[Image: ?u=https%3A%2F%2Fi.postimg.cc%2FX7sGZqJM...09340e.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fi.postimg.cc%2FX7sGZqJM%2FChecker-Proxy-PNG-778e91bcbd72081908ae75beea09340e.png)
Bruteforce
In the Brute Force section, the program first checks whether the domain/IP entered in the Targets section matches the selected Target. If there is a discrepancy between the selected Target and the target of the page, that domain/IP will be omitted due to inconsistency.
If it is verified that the IP/domain matches the Target(s) selected by the user, brute force will be applied to it.
Brute force is applied in parallel on different IPs/domains at the same time, in an optimized manner.
Smart Wordlist
In this section, you can create a customized wordlist of passwords based on a domain, mixing a wide variety of passwords with the most common passwords found in corporate environments.
The usernames provided are always the same; they are a list of usernames used in services installed on servers that create accounts that are often forgotten by IT members. There are also some default usernames.
When generating the credentials, you can pass the list of credentials to the “Custom Brute-force” section, where you can configure the brute-force attack.
![[Image: ?u=https%3A%2F%2Fi.postimg.cc%2FBbg8BQBK...395bb8.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fi.postimg.cc%2FBbg8BQBK%2FSmart-Wordlist-PNG-551d19b7a84c071f5e2f7186ab395bb8.png)
Custom Brute-force
In this section, we can configure the brute force attack.
Select Targets -> Cisco AnyConnect, Citrix, Fortinet, Pulse Secure, RdWeb
Concurrency Settings:
- Threads for the Attack phase (credential validation)
- Threads for the Discovery phase (finding live paneles)
- Number of targets to process in each discovery batch.
Global Settings:
Targets -> Cisco AnyConnect, Citrix, Fortinet, Pulse Secure, RdWeb
Usernames: The number of usernames requested by the user will be loaded and/or those created in the “Smart Wordlist” section will be transferred.
Passwords: The number of passwords requested by the user will be loaded and/or those created in the “Smart Wordlist” section will be transferred.
![[Image: ?u=https%3A%2F%2Fi.postimg.cc%2FCLpTjsRk...cb58be.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fi.postimg.cc%2FCLpTjsRk%2FBrute-force-PNG-c00135d7e31f939caf47957cc4cb58be.png)
![[Image: ?u=https%3A%2F%2Fi.postimg.cc%2Ft4rMm34r...1c0097.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fi.postimg.cc%2Ft4rMm34r%2FBruteforce-on-action-PNG-593231a98111f89e7661c5df3e1c0097.png)
Scanner
Section that can be quickly and easily configured to scan IP ranges in search of targets selected by the user and ports selected by the user.
Targets -> Load the targets in ranges. For large range scans, we recommend using Nirsoft. The .csv format generated in Nirsoft is valid in the program.
Ports to scan -> Enter the ports you are interested in scanning separated by ',' (80,443).
Select Targets to Find -> Cisco AnyConnect, Citrix, Fortinet, Pulse Secure, RdWeb
Concurrency:
- Number of concurrent scanning threads.
- Number of IPs to process in each batch.
![[Image: ?u=https%3A%2F%2Fi.postimg.cc%2FzX7tVCKJ...3a6e9f.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fi.postimg.cc%2FzX7tVCKJ%2FScan-Panel-PNG-b5b0fb4117e7c9b1a027d593263a6e9f.png)
![[Image: ?u=https%3A%2F%2Fi.postimg.cc%2FpTMY0rzG...41641a.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fi.postimg.cc%2FpTMY0rzG%2Fscaner-phase-1-PNG-e6c3faa6f8a43404315f33bfea41641a.png)
![[Image: ?u=https%3A%2F%2Fi.postimg.cc%2FtC4dvLnj...1ff574.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fi.postimg.cc%2FtC4dvLnj%2FScan-phase2-PNG-9405dc178ec0065f8c3880a2771ff574.png)
![[Image: ?u=https%3A%2F%2Fi.postimg.cc%2Fbvk12PWQ...a8c327.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fi.postimg.cc%2Fbvk12PWQ%2FScan-Completed-PNG-931ef2369784a39c86a96ae728a8c327.png)
Settings
In this section, you can export the configuration used by the user.
All the configurations you use will be saved in a 'settings.json' file on your PC, which is fully linked to the program and saves every setting you modify.
Saving is automatic, although there is a "Save Manually" option in case you want to make sure it is saved or if automatic saving fails.
Do not delete the `settings.json` file, or a new one will be created with the default values.
Languages Supported
- English
- Russian
Bug Reporting System
At the bottom of the program in the left column, there is an option to send any improvements or bug reports for the program. Please try to be clear and concise with the message you send so that we can work on it.
Payment System
A bot has been developed on Telegram @DaytonaUI_bot, which is designed so that Telegram users can purchase a license for the program with different cryptocurrencies.
Accepted Cryptos -> Monero, Bitcoin, Litecoin & Ethereum
The bot can also be used to track the status of the user's license and news about the latest updates.
The payment system is semi-automatic. After creating an invoice, you must enter the transaction ID (txid) in the Telegram bot. When you send it to the bot, it will automatically check the status of the transaction and, depending on the status, the bot will provide you with detailed information on the status of the transaction. After the confirmations indicated in the bot and once the correct amount has been sent (as indicated by the bot prior to payment), you will be provided with a program key with the purchased validation time and a build of the program with the program and its requirements.
In case of Monero, the payment is made via NowPayments (automatic).
If there are any issues with the payment, you can contact me on Telegram @daytonasup and I will try to respond ASAP.
Use of licenses
The use of a license for different users is not permitted. Each key has an associated HWID, which the user can reset a total of three times.
Any improvements / new implementations / bug fixes are always welcome. And if you like the program, it's always good to know.
Updates will be added to the software.
ENJOY.
Specialized software for gaining access to critical infrastructure and providing access to corporate networks or internal corporate data.
Licensing system, purchase a license automatically from the telegram bot @DaytonaUI_bot.
We strongly recommend using the bot, as if someone does not have a Telegram account, a key and build can be created for them, but it may take me a few hours to respond to direct messages on TOX or DM. In addition, the bot allows you to track your license and the latest updates.
15-day trial for anyone who wants to use the software for free. It will end on September 15.
Telegram Contact & BOT:
Bot -> @DaytonaUI_bot
Support -> @daytonasup
News Channel -> @DaytonaUInews
If you don't have Telegram, just send me a message via Tox or DM. I'll try to reply ASAP.
In case channel, bot or account get shutdown, I will inform via this thread.
Features-Checker
Targets
Network Access:
RdWeb
Cisco AnyConnect
Fortinet VPN
BIG-IP
Citrix NetScaler
Pulse Secure
CI/CD:
Confluence
Gitlab
Jira
Corp Mail:
OWA (Outlook Web Access)
Live Log:
In each section of the program, you will be able to see how the software works and provides information to the user without the user doubting that the software may have frozen or stopped working properly.
Logs Support:
Supports both ULP logs and PC logs(US_95.73.37.12_xxx_stealer.zip).
High capacity to process hundreds of files at the same time.
Files supported extensions -> .txt o .log
PC Logs supported extensions -> .zip , .rar & .7z
How it works:
PC Logs with support in case any or all of those selected have a password, as prior to processing the PC Logs, the user will be asked for a list of the passwords needed to open the PC_Logs.
The program has a system for detecting correct or incorrect credentials, so there is no problem in providing a list of credentials because the program includes a parallel credential test so that credentials can be checked quickly in the event of a long list of credentials.
After the program finds the correct credentials for the compressed file it is working on, it will use one extraction system or another depending on the disk space available on the VPS/PC of the user running the program.
The extraction systems are as follows:
With sufficient space (Fast): If the program detects that there is sufficient space to decompress the zip file, it will decompress it, read all the credentials, save them in the program's memory, and delete the compressed file, thus completing this task very quickly and efficiently.
Intelligent (No Space): When it detects that there is not enough space on the user's VPS/PC, the program has an intelligent extraction system that reads the specific files containing the credentials to be loaded into the program from memory, thus making it recursive so that the program does not need to decompress the PC Log, but only needs access to it. Obviously, although efforts have been made to make this method as fast as possible, it is inevitably much slower than the previous extraction system.
CIS domains are not allowed to check, will be automatically dismissed.
Checker-General Tab
From the "General" tab, you can see a dashboard for the Checker section, where you can view the following values:
Loaded -> The number of credentials for targets supported by the program that have been processed
Success -> The number of valid credentials.
Failure -> The number of incorrect credentials.
Error -> The number of URLs that have returned some kind of error when attempting to check credentials.
ETA -> Expected time to complete the check. This value varies depending on the internet speed and the threads applied for the check. With a high percentage of accuracy in the estimated time for completion of the check.
Then we have the user-configurable sections, which are as follows:
Targets -> Select the targets you are interested in. Check interactively.
Config
Checker Threads -> This relates to the bandwidth used by the program. The higher the value, the faster it will run, but more internet will be needed due to the increase in simultaneous requests. In my opinion, I always use the maximum value as I have never had any problems. If you have a connection of 100Mbps or higher, I recommend setting it to the maximum value.
Extractor Workers-> This value will be used in the intelligent extraction system (when there is no space when extracting a PC Log). It will use the system's CPU/Disk, and depending on your PC, it may vary between one value or another. I recommend the default value in the program, as it is neither slow nor very fast.
Results Path -> By default, the checker output is configured to the same directory where the program is executed, but this can be changed to any path chosen by the user.
Checker-Results Tab
Profiles for each check: Each check creates a new profile, allowing you to perform more than one check without replacing the content of the last check with that of the first.
In this section, we have the results obtained from the Checker in real time.
There are several filtering options in the program.
Filtered by
Target (single or multiple selection).
URL or Username
Show goods only
Group by Domain: To avoid displaying duplicate URLs, this allows you to clearly see all the URLs and credentials collected from each one.
Hide by Pattern
Checker-Proxy Tab
Section for configuring proxies that will work in both the Checker and Brute sections. They operate on a rotating basis in both the Checker and Brute.
The user can upload or paste the proxies they want to use (drag & drop supported).
The default protocol can be configured in case the proxy or proxies inserted by the user do not have a prefix added.
The program will check the proxies that have been loaded by the user. During the check, it will verify whether the proxies are active or inactive and will remove those that do not work.
Bruteforce
In the Brute Force section, the program first checks whether the domain/IP entered in the Targets section matches the selected Target. If there is a discrepancy between the selected Target and the target of the page, that domain/IP will be omitted due to inconsistency.
If it is verified that the IP/domain matches the Target(s) selected by the user, brute force will be applied to it.
Brute force is applied in parallel on different IPs/domains at the same time, in an optimized manner.
Smart Wordlist
In this section, you can create a customized wordlist of passwords based on a domain, mixing a wide variety of passwords with the most common passwords found in corporate environments.
The usernames provided are always the same; they are a list of usernames used in services installed on servers that create accounts that are often forgotten by IT members. There are also some default usernames.
When generating the credentials, you can pass the list of credentials to the “Custom Brute-force” section, where you can configure the brute-force attack.
Custom Brute-force
In this section, we can configure the brute force attack.
Select Targets -> Cisco AnyConnect, Citrix, Fortinet, Pulse Secure, RdWeb
Concurrency Settings:
- Threads for the Attack phase (credential validation)
- Threads for the Discovery phase (finding live paneles)
- Number of targets to process in each discovery batch.
Global Settings:
Targets -> Cisco AnyConnect, Citrix, Fortinet, Pulse Secure, RdWeb
Usernames: The number of usernames requested by the user will be loaded and/or those created in the “Smart Wordlist” section will be transferred.
Passwords: The number of passwords requested by the user will be loaded and/or those created in the “Smart Wordlist” section will be transferred.
Scanner
Section that can be quickly and easily configured to scan IP ranges in search of targets selected by the user and ports selected by the user.
Targets -> Load the targets in ranges. For large range scans, we recommend using Nirsoft. The .csv format generated in Nirsoft is valid in the program.
Ports to scan -> Enter the ports you are interested in scanning separated by ',' (80,443).
Select Targets to Find -> Cisco AnyConnect, Citrix, Fortinet, Pulse Secure, RdWeb
Concurrency:
- Number of concurrent scanning threads.
- Number of IPs to process in each batch.
Settings
In this section, you can export the configuration used by the user.
All the configurations you use will be saved in a 'settings.json' file on your PC, which is fully linked to the program and saves every setting you modify.
Saving is automatic, although there is a "Save Manually" option in case you want to make sure it is saved or if automatic saving fails.
Do not delete the `settings.json` file, or a new one will be created with the default values.
Languages Supported
- English
- Russian
Bug Reporting System
At the bottom of the program in the left column, there is an option to send any improvements or bug reports for the program. Please try to be clear and concise with the message you send so that we can work on it.
Payment System
A bot has been developed on Telegram @DaytonaUI_bot, which is designed so that Telegram users can purchase a license for the program with different cryptocurrencies.
Accepted Cryptos -> Monero, Bitcoin, Litecoin & Ethereum
The bot can also be used to track the status of the user's license and news about the latest updates.
The payment system is semi-automatic. After creating an invoice, you must enter the transaction ID (txid) in the Telegram bot. When you send it to the bot, it will automatically check the status of the transaction and, depending on the status, the bot will provide you with detailed information on the status of the transaction. After the confirmations indicated in the bot and once the correct amount has been sent (as indicated by the bot prior to payment), you will be provided with a program key with the purchased validation time and a build of the program with the program and its requirements.
In case of Monero, the payment is made via NowPayments (automatic).
If there are any issues with the payment, you can contact me on Telegram @daytonasup and I will try to respond ASAP.
Use of licenses
The use of a license for different users is not permitted. Each key has an associated HWID, which the user can reset a total of three times.
Any improvements / new implementations / bug fixes are always welcome. And if you like the program, it's always good to know.
Updates will be added to the software.
ENJOY.