Thủ Phủ Hacker Mũ Trắng Buôn Ma Thuột

Chương trình Đào tạo Hacker Mũ Trắng Việt Nam tại Thành phố Buôn Ma Thuột kết hợp du lịch. Khi đi là newbie - Khi về là HACKER MŨ TRẮNG !

Hacking Và Penetration Test Với Metasploit

Chương trình huấn luyện sử dụng Metasploit Framework để Tấn Công Thử Nghiệm hay Hacking của Security365.

Tài Liệu Computer Forensic Của C50

Tài liệu học tập về Truy Tìm Chứng Cứ Số (CHFI) do Security365 biên soạn phục vụ cho công tác đào tạo tại C50.

Sinh Viên Với Hacking Và Bảo Mật Thông Tin

Cuộc thi sinh viên cới Hacking. Với các thử thách tấn công trang web dành cho sinh viên trên nền Hackademic Challenge.

Tấn Công Và Phòng Thủ Với BackTrack / Kali Linux

Khóa học tấn công và phòng thủ với bộ công cụ chuyên nghiệp của các Hacker là BackTrack và Kali LINUX dựa trên nội dung Offensive Security

Sayfalar

nbtscan - NETBIOS nameserver scanner


This is a command-line tool that scans for open NETBIOS nameservers on a local or remote TCP/IP network, and this is a first step in finding of open shares. It is based on the functionality of the standard Windows tool nbtstat, but it operates on a range of addresses instead of just one. I wrote this tool because the existing tools either didn't do what I wanted or ran only on the Windows platforms: mine runs on just about everything.

NETBIOS is commonly known as the Windows "Network Neighborhood" protocol, and (among other things), it provides a nameservice that listens on UDP port 137. When it receives a query on this port, it responds with a list of all services it offers. Windows ships with a standard tool nbtstatwhich queries a single IP address when given the -A parameter. When run against a machine on the local network (a development box), it shows:

C:\> nbtstat -A 192.168.1.99
NetBIOS Remote Machine Name Table

Name Type Status
---------------------------------------------
XPDEV <00> UNIQUE Registered
UNIXWIX <00> GROUP Registered
XPDEV <03> UNIQUE Registered
XPDEV <20> UNIQUE Registered
UNIXWIX <1E> GROUP Registered

MAC Address = 00-50-04-6D-50-37

The numeric code (in hexadecimal) and the type serve to identify the service being offered, and (for instance) a UNIQUE code of <20> indicates that the machine is running the file-sharing service. Unfortunately, nbtstat only reports the codes, and it requires looking up the meanings elsewhere. The References section at the end of this document lists some resources to learn what all the codes mean.

Machines participating in NETBIOS listen on UDP port 137 for these queries and respond accordingly. Simple configurations might only have a few resource records (as above), but an NT server supporting a large enterprise could easily have more than a dozen. Though it's sometimes useful to examine the full set of resource records for a given machine, in practice it's more useful to summarize them into the key "interesting" services.

Our tool has taken this approach. Not only does it scan ranges of addresses -- instead of just one machine -- but it can fully decode most of the resource record types and can summarize the interesting data on a one-line display.

On our network we have quite a few machines, but it appears that only three respond to our queries:
C:\> nbtscan 192.168.1.0/24
192.168.1.3 MTNDEW\WINDEV SHARING DC
192.168.1.5 MTNDEW\TESTING
192.168.1.9 MTNDEW\WIZ SHARING U=STEVE
192.168.1.99 MTNDEW\XPDEV SHARING


DNSCrypt - A tool for securing communications between a client and a DNS resolver


dnscrypt-proxy provides local service which can be used directly as your local resolver or as a DNS forwarder, encrypting and authenticating requests using the DNSCrypt protocol and passing them to an upstream server.

The DNSCrypt protocol uses high-speed high-security elliptic-curve cryptography and is very similar to DNSCurve, but focuses on securing communications between a client and its first-level resolver.

While not providing end-to-end security, it protects the local network, which is often the weakest point of the chain, against man-in-the-middle attacks. It also provides some confidentiality to DNS queries.


FolderChangesView - Monitor files changes on Windows


FolderChangesView is a simple tool that monitors the folder or disk drive that you choose and lists every filename that is being modified, created, or deleted while the folder is being monitored. 

You can use FolderChangesView with any local disk drive or with a remote network share, as long as you have read permission to the selected folder.


VirusTotal Scanner - Desktop Tool to Perform Quick Anti-virus Scan using VirusTotal


VirusTotal Scanner is the desktop tool to quickly perform Anti-virus scan using VirusTotal.com

VirusTotal.com is a free online scan service that analyzes suspicious files using 40+ Anti-virus applications. It facilitates the quick detection of viruses, worms, trojans, all kinds of malware and provides reliable results preventing any False Positive cases.

'VirusTotal Scanner' is the desktop tool which helps you to quickly scan your file using VirusTotal without actually uploading the file. It performs direct Hash based scan on VirusTotal thus reducing the time taken to upload the file.
It comes with attractive & user friendly interface making the VirusTotal scanning process simpler and quicker. You can simply right click on your file and start the scan.

It is fully portable tool but also comes with Installer for local installation & un-installation. It works on wide range of platforms starting from Windows XP to Windows 8.


Windows Domain Credentials Phishing Tool



While performing a Pen test for a client i needed to catch a domain user name and password, there are several ways to gain users passwords and it really depends on a lot of factors on how to get it in my case i didn’t had time to wait for the user to enter his credentials and get it using a key logger so i created a fake windows domain login window to tried to force and trick the user to enter his password.

There are several tools and techniques such as “Mimikatz” but they require you to have administrative/system privileges, you don’t need special privileges to execute “Windows Domain Credentials Phishing Tool”.

* Please note, this tool require .NET framework on target system.
* This tool should not be used to perform illegal activities.


Pompem - Exploit Finder


Pompem is an open source tool, which is designed to automate the search for exploits in major databases. Developed in Python, has a system of advanced search, thus facilitating the work of pentesters and ethical hackers. In its current version, performs searches in databases: Exploit-db, 1337day, Packetstorm Security...

Usage

To get the list of basic options and information about the project:
python pompem.py -h

Examples of use:
python pompem.py -s Wordpress
python pompem.py -s Joomla --html
python pompem.py -s "Internet Explorer,joomla,wordpress" --html
python pompem.py -s FortiGate --txt
python pompem.py -s ssh,ftp,mysql
python pompem.py --update


CrowdInspect - Scan of your running processes on Windows with Virus Total, WOT & MHR


CrowdInspect is a free professional grade tool for Microsoft Windows systems from CrowdStrike aimed to help alert you to the presence of malware that communicates over the network that may exist on your computer. It is a host-based real-time monitoring and recording tool utilizing multiple sources of information to detect untrusted or malicious network-active processes.

The tool runs on both 32 bit and 64 bit versions of Windows from XP and above.

Beyond simple network connections, CrowdInspect associates the connection entry with the process that is responsible for that activity. It can display the process name as a simple file name or as as an optional full file path.

In addition to the process name, the entry's process ID number, local port, local IP address, remote port, remote IP address and reverse resolved DNS name of the remote IP address is shown. The tool accommodates both IPv4 and IPv6 addresses.

CrowdInspect records details of any entry that is associated with a remote IP address and maintains a chronological list of these accessed by clicking the "Live/History" toolbar button to switch between the regular live netstat window and the history list window.

Perhaps the most useful aspect of CrowdInspect though is its ability to utilize several sources of information that can be used to determine the reputation of the process using the network connection and the reputation of the domain it is connecting to. This is achieved through the use of the following technologies and services:

Thread Injection Detection

Detection of code injection using custom proprietary code

Many pieces of malware achieve part of their goal by manipulating already running applications and injecting themselves into those processes. Regular antivirus products that only act upon the actual physical file contents would not identify this behavior. CrowdInspect features experimental detection of such behavior and the results of this test on each process can be seen in the “Inject” column.

--  (o Gray icon)
Not applicable/not available. No process is not able to be tested.

??  (o Gray icon)
The process did not allow us to test for code injection.

OK  (o Green)
The process did not appear to have any evidence of thread injection.

!!  (o Red icon)
The entry appeared to have had a thread injected into its process. This is generally not a good thing or something usually encountered. Note though that there may be some classes of specialized software that does exhibit this behavior. The process/application should be investigated further.


VirusTotal

Multiple antivirus engine analysis results queried by SHA256 file hash

<http://www.virustotal.com>

Shown in the "VT" column of the tool are the basic summary results of querying the VirusTotal service against the file in question (actually the SHA256 hash of the file contents). VirusTotal utilizes multiple antivirus engines to analyze submitted files and we query its database to see if the file hash is in the database and if so, how the antivirus engines rated it. The value here can be one of the following:

--  (o Gray icon)
Not applicable/not available. No connection to the VirusTotal database was made or the process is not associated with a file.

??  (o Gray icon)
The entry does not exist in the VirusTotal database. This is probably good!

0% ... 100%  (o Green ... o Red icons)
The file is known to the VirusTotal database. This is the virus score. 0% means no antivirus vendor reported an issue with the process (very good). 100% means every antivirus vendor reported the process as problematic (very bad!)

More extensive details for the particular selected entry in the list can be seen by either clicking the "AV Results" toolbar button or selecting "View AV Test Results" from the right-click context menu for the selected item.

Note that it may take a short while before the results appear for each entry in the list due to rate throttling of connections to the service.


Team Cymru - Malware Hash Repository

Repository of known malware queried by MD5 file hash

<http://www.teamcymru.com>

Shown in the "MHR" column, Team Cymru maintains a repository of known malware that can be queried given an MD5 hash of the file contents. In this case we are simply querying for a yes/no answer so the results can be one of the following:

--  (o Gray icon)
Not applicable/not available. No response was received from the Team Cymru service or the process is not associated with a file.

??  (o Gray icon)
The entry does not exist in the MHR database. This is probably good, although the absence of a positive response doesn't necessarily mean the process is not malware.

!!  (o Red icon)
The entry DOES exist in the MHR database. The process is known to be malware. This is bad!



Web of Trust

Crowd-sourced domain name reputation system

<http://www.mywot.com>

Shown in the "WOT" column column of the tool are the basic summary results of querying the Web of Trust service against the reverse resolved domain name associated with the remote IP address of the connection's entry. The value here can be one of the following:

--  (o Gray icon)
Not applicable/not available. No connection to the WoT database was made or the entry's remote IP address does not have a usable valid domain name associated with it.

??  (o Gray icon)
The entry does not exist in the WoT database.

0% ... 100%  (o Red ... o Green icons)
The WoT reputation score. 0% means that everybody who has rated this domain thinks it is untrustworthy. 100% means that everybody who has rated this domain thinks it is reputable and can be trusted.


To avoid unnecessary querying of the above services all results are cached such that no unique process or domain is ever queried more than once for the duration the tool is running.


SEES (Social Enginnering Email Sender) - A Social Engineering Attack/Audit Tool for Spear Phishing

What is SEES?

Most of the companies nowadays have their firewalls, threat monitoring and prevention security appliances setup. With these mechanisms in place, security precautions are taken and incidents are monitored. Inbound traffic being restricted, SEES on the other hand is developed for sending targeted phishing emails in order to carry sophisticated social engineering attacks/audits.


SEES aims to increase the success rate of phishing attacks by sending emails to company users as if they are coming from the very same company’s domain. The attacks become much more sophisticated if an attacker is able to send an email, which is coming from ceo@example.org email address, to a company with domain example.org.


iRET - iOS Reverse Engineering Toolkit


iOS Reverse Engineering Toolkit o iRet es un conjunto de herramientas que ayudan al auditor de seguridad a llevar a cabo tareas comunes de forma automática. Dichas tareas se enfocan en análisis e ingeniería inversa de aplicaciones iOS, plataforma móvil de Apple (iPhone/iPad).

De entre las tareas que este toolkit es capaz de automatizar, tenemos:
  • Binary Analysis (basado en otool)
  • Keychain Analysis (keychain_dumper)
  • Database Analysis (sqlite3)
  • Log Viewer
  • Plist Viewer
  • Header Files
  • Create, edit, save and build theos tweaks
  • Display cached screenshots

URLCrazy - Test domain typos and variations to detect typo squatting, URL hijacking, phishing, and corporate espionage


Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.

Usage

* Detect typo squatters profiting from typos on your domain name
* Protect your brand by registering popular typos
* Identify typo domain names that will receive traffic intended for another domain
* Conduct phishing attacks during a penetration test

Features

* Generates 15 types of domain variants
* Knows over 8000 common misspellings
* Supports cosmic ray induced bit flipping
* Multiple keyboard layouts (qwerty, azerty, qwertz, dvorak)
* Checks if a domain variant is valid
* Test if domain variants are in use
* Estimate popularity of a domain variant
URLCrazy requires Linux and the Ruby interpreter.


Nagios XI - The industry standard for IT infrastructure monitoring


Nagios XI is a system and network monitoring application. It watches hosts and services that you specify, alerting you when things go bad and when they get better. Some of its many features include monitoring of network services (SMTP, POP3, HTTP, NNTP, ICMP, etc.), monitoring of host resources (processor load, disk usage, etc.), and contact notifications when service or host problems occur and get resolved (via email, pager, or user-defined method).


With Nagios you can:
  • Monitor your entire IT infrastructure
  • Spot problems before they occur
  • Know immediately when problems arise
  • Share availability data with stakeholders
  • Detect security breaches
  • Plan and budget for IT upgrades
  • Reduce downtime and business losses

DNSQuerySniffer - DNS Queries Sniffer


DNSQuerySniffer is a network sniffer utility that shows the DNS queries sent on your system. For every DNS query, the following information is displayed: Host Name, Port Number, Query ID, Request Type (A, AAAA, NS, MX, and so on), Request Time, Response Time, Duration, Response Code, Number of records, and the content of the returned DNS records. 


You can easily export the DNS queries information to csv/tab-delimited/xml/html file, or copy the DNS queries to the clipboard, and then paste them into Excel or other spreadsheet application.



MITMer - Automated Man-In-The-Middle Attack Tool

MITMer is a man-in-the-middle and phishing attack tool that steals the victim’s credentials of some web services like Facebook.


Dependencies:
  • python2
  • scapy
  • python2-nfqueue
How to:
  • Run it as root.
    sudo python2 mitmer.py
  • Select a network interface.
  • After scanning the network for available hosts, choose one as a victim or enter an IP address manually.
  • Select one of the attack profiles or custom.
  • If custom is selected, type the domain(s) you want in the “Query request” field, and type the domain (or IP address) of the server that the victim should be redirected to in the “Query reply” field.
  • Start the attack and wait.

Cpuminer - CPU miner for Litecoin and Bitcoin


cpuminer is a multi-threaded, highly optimized CPU miner for Litecoin, Bitcoin and other cryptocurrencies. Currently supported algorithms are SHA-256d and scrypt(1024, 1, 1).

It supports the getwork mining protocol as well as the Stratum mining protocol, and can be used for both solo and pooled mining.

Dependencies:
libcurl http://curl.haxx.se/libcurl/
jansson http://www.digip.org/jansson/
(jansson is included in-tree)

Basic *nix build instructions:
./autogen.sh # only needed if building from git repo
./nomacro.pl # only needed if building on Mac OS X or with Clang
./configure CFLAGS="-O3"
make

Notes for AIX users:
* To build a 64-bit binary, export OBJECT_MODE=64
* GNU-style long options are not supported, but are accessible
 via configuration file

Basic Windows build instructions, using MinGW:
Install MinGW and the MSYS Developer Tool Kit (http://www.mingw.org/)
* Make sure you have mstcpip.h in MinGW\include
If using MinGW-w64, install pthreads-w64
Install libcurl devel (http://curl.haxx.se/download.html)
* Make sure you have libcurl.m4 in MinGW\share\aclocal
* Make sure you have curl-config in MinGW\bin
In the MSYS shell, run:
./autogen.sh # only needed if building from git repo
LIBCURL="-lcurldll" ./configure CFLAGS="-O3"
make

Architecture-specific notes:
ARM: No runtime CPU detection. The miner can take advantage
of some instructions specific to ARMv5E and later processors,
but the decision whether to use them is made at compile time,
based on compiler-defined macros.
To use NEON instructions, add "-mfpu=neon" to CFLAGS.
x86: The miner checks for SSE2 instructions support at runtime,
and uses them if they are available.
x86-64: The miner can take advantage of AVX, AVX2 and XOP instructions,
but only if both the CPU and the operating system support them.
   * Linux supports AVX starting from kernel version 2.6.30.
   * FreeBSD supports AVX starting with 9.1-RELEASE.
   * Mac OS X added AVX support in the 10.6.8 update.
   * Windows supports AVX starting from Windows 7 SP1 and
     Windows Server 2008 R2 SP1.
The configure script outputs a warning if the assembler
doesn't support some instruction sets. In that case, the miner
can still be built, but unavailable optimizations are left off.

Usage instructions:  Run "minerd --help" to see options.

[EMS] E-mail Spoofer


E-mail Spoofer is a tool designed for penetration testers who need to send phishing e-mails.

It allows to send mails to a single recipient or a list, it supports plain text/html email formats, attachments, templates and more…


Features


  • Support for Plain text and HTML
  • E-mail Templates
  • Spoofing Sender Address
  • Support SMTP Authentication and SSL
  • Single or Multiple Recipients
  • HTML E-mail Preview

[JRT] Junkware Removal Tool


Junkware Removal Tool is a security utility that searches for and removes common adware, toolbars, and potentially unwanted programs (PUPs) from your computer.  A common tactics among freeware publishers is to offer their products for free, but bundle them with PUPs in order to earn revenue.  This tool will help you remove these types of programs.

Junkware Removal Tool has the ability to remove the following types of programs:
  • Ask Toolbar
  • Babylon
  • Blekko
  • Claro / iSearch
  • Conduit
  • Crossrider
  • DealPly
  • Delta
  • Facemoods / Funmoods
  • Findgala
  • Globasearch
  • Hao123
  • iLivid
  • Iminent
  • IncrediBar
  • MocaFlix
  • MyPC Backup
  • MyWebSearch
  • PerformerSoft
  • Privitize
  • Qvo6
  • Searchqu
  • Snap Do
  • Swag Bucks
  • Wajam
  • Web Assistant
  • WhiteSmoke
  • Zugo
and many more…

[AdwCleaner] Removal Tool for Adware, Toolbars and Hijacker


AdwCleaner is a free removal tool for :

  • Adware (ads softwares)
  • PUP/LPI (Potentially Undesirable Program)
  • Toolbars
  • Hijacker (Hijack of the browser's homepage)

It works with a Search and Delete mode. It can be easily uninstalled using the mode "Uninstall".

It's compatible with Windows XP, Vista, 7, 8, 8.1 in 32 & 64 bits.


[VideoCacheView] Play offline/Save .flv video files from Web browser cache



After watching a video in a Web site, you may want to save the video file into your local disk for playing it offline in the future. If the video file is stored in your browser's cache, this utility can help you to extract the video file from the cache and save it for watching it in the future. 

It automatically scans the entire cache of Internet Explorer, Mozilla-based Web browsers (Including Firefox), Opera, and Chrome, and then finds all video files that are currently stored in it. It allows you to easily copy the cached video files into another folder for playing/watching them in the future. If you have a movie player that is configured to play flv files, it also allows you to play the video directly from your browser's cache.


[Peepdf] PDF Analysis and Creation/Modification Tool


peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. With peepdf it's possible to see all the objects in the document showing the suspicious elements, supports all the most used filters and encodings, it can parse different versions of a file, object streams and encrypted files. With the installation of PyV8 and Pylibemu it provides Javascript and shellcode analysis wrappers too. Apart of this it's able to create new PDF files and to modify/obfuscate existent ones.

The main functionalities of peepdf are the following:

Analysis:
  • Decodings: hexadecimal, octal, name objects
  • More used filters
  • References in objects and where an object is referenced
  • Strings search (including streams)
  • Physical structure (offsets)
  • Logical tree structure
  • Metadata
  • Modifications between versions (changelog)
  • Compressed objects (object streams)
  • Analysis and modification of Javascript (PyV8): unescape, replace, join
  • Shellcode analysis (Libemu python wrapper, pylibemu)
  • Variables (set command)
  • Extraction of old versions of the document
  • Easy extraction of objects, Javascript code, shellcodes (>, >>, $>, $>>)
  • Checking hashes on VirusTotal

Creation/Modification:
  • Basic PDF creation
  • Creation of PDF with Javascript executed wen the document is opened
  • Creation of object streams to compress objects
  • Embedded PDFs
  • Strings and names obfuscation
  • Malformed PDF output: without endobj, garbage in the header, bad header...
  • Filters modification
  • Objects modification

Execution modes:
  • Simple command line execution
  • Powerful interactive console (colorized or not)
  • Batch mode

TODO:
  • Embedded PDFs analysis
  • Improving automatic Javascript analysis
  • GUI 

[PingInfoView] Ping monitor utility


PingInfoView is a small utility that allows you to easily ping multiple host names and IP addresses, and watch the result in one table. It automatically ping to all hosts every number of seconds that you specify, and displays the number of succeed and failed pings, as well as the average ping time. You can also save the ping result into text/html/xml file, or copy it to the clipboard.


[ODA] Online Web Based Disassembler



ODA stands for Online DisAssembler. ODA is a general purpose machine code disassembler that supports a myriad of machine architectures. Built on the shoulders of libbfd and libopcodes (part of binutils), ODA allows you to explore an executable by dissecting its sections, strings, symbols, raw hex, and machine level instructions.

ODA is an online Web Based Disassembler for when you don’t have time or space for a thick client.

You can use it for a variety of purposes such as:
  • Malware analysis
  • Vulnerability research
  • Visualizing the control flow of a group of instructions
  • Disassembling a few bytes of an exception handler that is going off into the weeds
  • Reversing the first few bytes of a Master Boot Record (MBR) that may be corrupt
  • Debugging an embedded systems device driver



[NetBScanner] NetBIOS Scanner


NetBScanner is a network scanner tool that scans all computers in the IP addresses range you choose, using NetBIOS protocol. For every computer located by this NetBIOS scanner, the following information is displayed: IP Address, Computer Name, Workgroup or Domain, MAC Address, and the company that manufactured the network adapter (determined according to the MAC address). NetBScanner also shows whether a computer is a Master Browser. You can easily select one or more computers found by NetBScanner, and then export the list into csv/tab-delimited/xml/html file.


[Nsdtool] Toolset of scripts used to detect netgear switches in local networks

Nsdtool is a toolset of scripts used to detect netgear switches in local networks. The tool contains some extra features like bruteforce and setting a new password.

Netgear has its own protocol called NSDP (Netgear Switch Discovery Protocol), which is implemented to support security tests on the commandline. It is not being bound to the delivered tools by Netgear.

Usage

Define your interface and possible delay in the config.ini.
# cat config.ini
[NSDP]
SourcePort = 63323 <--- nsdp source
DestPort = 63324 <--- nsdp dest
Interface = eth0 <--- your network interface
DestIP = 255.255.255.255
Delay = 0.01 <--- interval delay


[Ipdecap] Decapsulate traffic encapsulated within GRE, IPIP, 6in4, ESP (ipsec) protocols

 Ipdecap can decapsulate traffic encapsulated within GRE, IPIP, 6in4, ESP (ipsec) protocols, and can also remove IEEE 802.1Q (virtual lan) header.
It reads packets from an pcap file, removes the encapsulation protocol, and writes them to another pcap file.
Goals are:
  • Extract encapsulated tcp flow to analyze them with conventional tcp tools (tcptrace, tcpflow, …)
  • Reduce pcap files size by removing encapsulation protocol

Ipdecap was first written to analyze a strange tcp behavior encapsulated by ESP, without intervention on vpn endpoints.

[SSLsplit] Transparent and scalable SSL/TLS interception


SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted.

SSLsplit is intended to be useful for network forensics and penetration testing.

SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over both IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit generates and signs forged X509v3 certificates on-the-fly, based on the original server certificate subject DN and subjectAltName extension. SSLsplit fully supports Server Name Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE cipher suites. SSLsplit can also use existing certificates of which the private key is available, instead of generating forged ones. SSLsplit supports NULL-prefix CN certificates and can deny OCSP requests in a generic way.

SSLsplit removes HPKP response headers in order to prevent public key pinning.

Requirements
  • SSLsplit depends on the OpenSSL and libevent 2.x libraries.
  • The build depends on GNU make and a POSIX.2 environment in `PATH`.
  • The optional unit tests depend on the check library.

SSLsplit currently supports the following operating systems and NAT mechanisms:
  • FreeBSD: pf rdr and divert-to, ipfw fwd, ipfilter rdr
  • OpenBSD: pf rdr-to and divert-to
  • Linux: netfilter REDIRECT and TPROXY
  • Mac OS X: ipfw fwd and pf rdr (experimental)

[OpenedFilesView] View opened/locked files in your system (sharing violation issues)



OpenedFilesView displays the list of all opened files on your system. For each opened file, additional information is displayed: handle value, read/write/delete access, file position, the process that opened the file, and more... 

Optionally, you can also close one or more opened files, or close the process that opened these files.
This utility is especially useful if you try to delete/move/open a file and you get one of the following error messages:
  • Cannot delete [filename]: There has been a sharing violation. The source or destination file may be in use.
  • Cannot delete [filename]: It is being used by another person or program. Close any programs that might be using the file and try again.

When you get one of these error messages, OpenedFilesView will show you which process lock your file. Closing the right process will solve this problem. optionally, you can also release the file by closing the handle from OpenedFilesView utility. However, be aware that after closing a file in this way, the program that opened the file may become unstable, and even crash.


[DNmap] Distributed Nmap Framwork


DNmap is a distributed nmap framwork using a client/server architecture. The server reads the commands from a file and send them to each client. The client execute the nmap command and send the results back.


[WiFi Password Remover v2.0] Free Wireless (WEP/WPA/WPA2) Password/Profile Removal Software


WiFi Password Remover is the Free software to quickly recover and remove Wireless account passwords stored on your system.

For each recovered Wi-Fi account, it displays following details,
  • WiFi Name (SSID)
  • Security Settings (WEP-64/WEP-128/WPA2/AES/TKIP)
  • Password Type
  • Password in Hex format
  • Password in clear text

Once recovered, you can either remove single or all of them with just a click. Before proceeding with deletion, you can also take a backup of recovered Wi-Fi password list to HTML/XML/TEXT/CSV file.

One of the unique feature of this tool is that it can recover all type of Wi-Fi passwords including the ones which are not shown by 'Windows Wireless Manager', thus allowing you to remove all the hidden wireless passwords/profiles also.

[0verCheck] Script para comprobar si una dirección e-mail existe o no


Script para comprobar si una dirección de e-mail existe o es falsa. Admite listas de correo.

Mi idea es extraer el dominio a partir del correo  y comprobar a través de los DNS cual es el servidor SMTP (mirando los registros MX). Una vez que sabemos el servidor SMTP procedemos a lanzar unos sockets para conectarnos a él y proceder a intentar mandarle un e-mail a la cuenta que queremos comprobar si es válida. Mirando los códigos de respuesta, vemos que si el correo es válido nos devolverá un 250, y si no (en teoría) nos devuelve un 550.


[Blackhash] Audit Passwords Without Hashes


A traditional password audit typically involves extracting password hashes from systems and then sending those hashes to a third-party security auditor or an in-house security team. These security specialists have the knowledge and tools to effectively audit password hashes. They use password cracking software such as John the Ripper and Hashcat in an effort to uncover weak passwords.

However, there are many risks associated with traditional password audits. The password hashes may be lost or stolen from the security team. A rogue security team member may secretly make copies of the password hashes. How would anyone know? Basically, once the password hashes are given to the security team, the system manager must simply trust that the password hashes are handled and disposed of securely and that access to the hashes is not abused.

Blackhash works by building a bloom filter from the system password hashes. The system manager extracts the password hashes and then uses Blackhash to build the filter. The filter is saved to a file, then compressed and given to the security team. The filter is just a bitset that contains ones and zeros. It does not contain the password hashes or any other information about the users or the accounts from the system. It’s just a string of ones and zeros. You may

view a Blackhash filter with a simple text editor. It will look similar to this:

00000100000001000100001

When the security team receives the filter, they use Blackhash to test it for known weak password hashes. If weak passwords are found, the security team creates a weak filter and sends that back to the system manager. Finally, the system manager tests the weak filter to identify individual users so that they can be contacted and asked to change passwords.

This enables you to audit passwords without actually giving out the hashes.
Pros
  • Password hashes never leave the system team.
  • Works with any simple, un-salted hash. LM, NT, MD5, SHA1, etc.
  • Security auditors do not have to transmit, handle or safe-guard the password hashes.
  • Anonymizes the users. The filter contains no data about the users at all.
Cons
  • Slower than traditional password cracking methods.
  • More complex than traditional password cracking methods.
  • Bloom Filters may produce a few false positives (very few in this case).

Download Blackhash: Windows - Linux

[Lynis 1.4.6] Security and System Auditing Tool to Harden Linux Systems


Lynis is an auditing tool for Unix/Linux. It performs a security scan and determines the hardening state of the machine. Any detected security issues will be provided in the form of a suggestion or warning. Beside security related information it will also scan for general system information, installed packages and possible configuration errors.
This software aims in assisting automated auditing, hardening, software patch management, vulnerability and malware scanning of Unix/Linux based systems. It can be run without prior installation, so inclusion on read only storage is possible (USB stick, cd/dvd).

Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOx (Sarbanes-Oxley) compliance audits.

Intended audience:Security specialists, penetration testers, system auditors, system/network managers.

Examples of audit tests:
  • Available authentication methods
  • Expired SSL certificates
  • Outdated software
  • User accounts without password
  • Incorrect file permissions
  • Configuration errors
  • Firewall auditing

[Skipfish] Web Application Security Scanner


Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

Key features:
  • High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.
  • Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
  • Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.
The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments. 


[DeviceIOView] View data transfer between a software and device driver


DeviceIOView allows you to watch the data transfer between a software or service and a device driver (DeviceIoControl calls). For each call to a device driver, the following information is displayed: Handle, Control Code, number of input bytes, number of output bytes, the name of the device handle, and all the input/output bytes, displayed as Hex dump.

System Requirements

This utility works on Windows 2000, Windows XP, Windows Server 2003, and Windows 7/Vista/2008 (32-bit only). Older versions of Windows are not supported.

Using DeviceIOView

DeviceIOView doesn't require any installation process or additional dll files. In order to start using it, simply run the executable file - DeviceIOView.exe After running it, select the process that you want to inspect, and click Ok. After clicking Ok, DeviceIOView will start to display the information about all calls to device drivers.
The upper pane displays the list of all device drivers calls. When you select an item in the upper pane, the lower pane displays the input/output bytes, as Hex dump.

[SkypeLogView] Skype Log Viewer (.dbb and main.db files)


SkypeLogView reads the log files created by Skype application, and displays the details of incoming/outgoing calls, chat messages, and file transfers made by the specified Skype account. You can select one or more items from the logs list, and then copy them to the clipboard, or export them into text/html/csv/xml file.

System Requirements

This utility works on any version of Windows starting from Windows 2000 and up to Windows 8. You don't have to install Skype in order to use this utility. You only need the original log files created by skype, even if they are on an external drive.


[wig] WebApp Information Gatherer (Identify CMS)

wig is a Python tool that identifies a websites CMS by searching for fingerprints of static files and extracting version numbers from known files.

OS identification is done by using the value of the ‘server’ and ‘X-Powered-By’ in the response header. These values are compared to a database of which package versions are include with different operating systems.

The version detection is based on md5 checksums of statics files, regex and string matching. OS detection is based on headers and packages listed in the ‘server’ header. There’s a quite large database of package versions included in common linux distros.

The author uses scripts to automatically update the md5 checksums for new versions of open source CMS the the tool is capable to detecting. This one of the main advantages over BlindElephant and WhatWeb.

There are currently three profiles for wig:
  1. Only send one request: wig only sends a request for ‘/’. All fingerprints matching this url are tested.
  2. Only send one request per plugin: The url used in most fingerprints is used
  3. All fingerprints: All fingerprints are tested

Help screen:
# wig.py --help
usage: wig.py [-h] [-v] [-p {1,2,4}] host

WebApp Information Gatherer

positional arguments:
host the host name of the target

optional arguments:
-h, --help show this help message and exit
-v list all the urls where matches have been found
-p {1,2,4} select a profile: 1) Make only one request - 2) Make one request
per plugin - 4) All

Example of run:
# python3 wig.py www.example.com

CMS Drupal CMS: [7.25, 7.24, 7.26, 7.23, 7.22]
Operating System Microsoft Windows Server: [2008 R2]
Server Info Microsoft-IIS: [7.5, 6.0]
______________________________________________________________
Time: 18.0 sec | Plugins: 65 | Urls: 324 | Fingerprints: 14178

[WakeMeOnLan] Turn on computers on your network with Wake-on-LAN packet


This utility allows you to easily turn on one or more computers remotely by sending Wake-on-LAN (WOL) packet to the remote computers.

When your computers are turned on, WakeMeOnLan allows you to scan your network, and collect the MAC addresses of all your computers, and save the computers list into a file. Later, when your computers are turned off or in standby mode, you can use the stored computers list to easily choose the computer you want to turn on, and then turn on all these computers with a single click.

WakeMeOnLan also allows you to turn on a computer from command-line, by specifying the computer name, IP address, or the MAC address of the remote network card.

System Requirements And Limitations

  • On the computer that you run WakeMeOnLan: WakeMeOnLan works on any version of Windows, starting from Windows 2000 and up to Windows 8, including x64 versions of Windows.
  • On the remote computer: WakeMeOnLan can turn on the remote computer only if this feature is supported and enabled on the remote computer. Be aware that Wake-on-LAN feature only works on wired network. Wireless networks are not supported. 
    In order to enable the Wake-on-LAN feature on the remote computer:
    • On some computers, you may need to enable this feature on the BIOS setup.
    • In the network card properties, you should go to the 'Power Management' and/or 'Advanced' tabs of the network adapter, and turn on the Wake-on-LAN feature.  

[WiFiSlax v4.8] Distribución GNU/Linux LiveCD y LiveUSB diseñada para la auditoría wireless


Hoy en día es siempre necesario andar con un Linux live cd por cualquier tipo de inconveniente, y si necesitas hacer una auditoría wireless rápida nada mejor que tener a mano Wifislax.
Wifislax es un live CD que, basado en el sistema operativo Linux, puede ser ejecutado sin necesidad de instalación directamente desde el CDROM o también desde el disco duro como LiveHD, además de poderse instalar en memorias USB o en disco duro. Wifislax es un linux live cd diseñado por www.seguridadwireless.net y esta adaptado para el wireless.

El kernel es el 3.13 , parcheado para la auditoria wireless y evitar los dichosos "channel -1"
Se han actualizado un montón de aplicaciones y se han añadido un buen puñado de nuevas.
Kde 4.10.5 y xfce 4.10 con paquetería oficial de slackware.

Changelog 4.8
Todo el sistema a sido reordenado , las librerias
y programas que no son parte oficial del sistema
slackware han sido todas recompiladas y la mayoria
actualizadas.

01 - ACtualizada suite aircrack a revision 2345
02 - Actualizado kernel a 3.12.1 nueva config vmware
03 - Actualizado WpsPinGenerator a version 1.29
04 - Modificado script aircrack-ng updater
05 - Incluida variable en rc.local para metasploit
06 - Recompilado y actualizado ffmpeg a su version mas nueva 2.1.1
07 - Recompilado dreamdesktop para usar ffmpeg 2
08 - Incluida otra vez libreria boost
09 - ACtualizado firmware broadcom a 6.30.163.46
10 - Actualizada libreria zenity a la mas nueva 3.8.0
11 - Mas funciones para cleandir ( elimina cosas de sistema como idiomas extras )
12 - Suprimido kernel pae
13 - Incluido paquete mkinitrd del repositorio slackware
14 - Incluida libreria libconfig
15 - Incluidos services menu progressbar de geminis_demon para KDE
16 - Cambio a kernel 3.10.20
17 - libxklavier movida a modulo desktop-depends
18 - recompilado paquete xfce4-xkb-plugin-0.5.4.3
19 - suprimido paquete gkrell
20 - actualizado kismet a version kismet-2013-03-R1b
21 - actualizada libpcap a 1.5.1 STABLE
22 - actualizado tcpdump a version 4.5.1
23 - Incluida wps-qi beta
24 - Actualizado aircarck-ng a version aircrack-ng-1.1_r2354
25 - Actualizado bully a version 1.0-22
26 - Acxtualizado iw a version 3.13
27 - Cambio a kernel 3.9.11
28 - Cambio de wallpaper KDE
29 - Actualizado aircrack a version 2358
30 - Ajustes en la secuencia de arranque
31 - Ajustes en cleandir
32 - kernel 3.10.22
33 - Incluido stop mode monitor , desmonta todas las interfaces monX
34 - Actualizado aircrack a version 2359
35 - Actualizado flash-plugin a version 11.2.202.332
36 - Actualizado aircrack a version svn r2362
37 - Actualizado gparted a 0.17.0
38 - Actualizado firefox a version 26.0
39 - Actualizado kernel a 3.12.5
40 - Actualizado wpsqui a version 1.0rc2
41 - Actualizado ferm wifi cracker a version 1.90
42 - Actualizado aircrack r2363
43 - Actualizado wpspingenerator a version 1.31
44 - Adaptados script a xfce+kde
45 - Mejora en salvar sesion reaver ahora salva las sesiones reavermod
46 - Actualizados firmwares 15122013
47 - Incluido linset 0.7
48 - Incluido slackyd
49 - Actualizado gambas runtime a version 3.5.1
50 - Implementado zram ( memoria intercambio 512 megas sin crear particiones )
51 - Incluida libreria anthy
52 - Incluida libreria hunspell
53 - Incluida libreria guile
54 - Incluida sane
55 - Incluida ruby
56 - Incluida chmlib
57 - Incluida gc
58 - Incluida libcddb
59 - Incluida libmnl
60 - Incluida libmtp
61 - Incluida libnetfilter_conntrack
62 - Incluida libunistring
63 - Incluida libnetfilter_log
64 - Incluida libnetfilter_queue
65 - Incluida libnfnetlink
65 - Incluida libspectre
66 - Actualizado wpspingenerator a version 1.32 añade 2 nuevas macs
67 - ACtualizado aircrack revision 2364
68 - Actualizado wireshark a version 1.10.4
69 - Reparados todos los log/packages para cumplir standard
70 - Incluido medusa + gui java
71 - Reparado stkeys
72 - Firefox updaters ahora ponen version y arquitectura para cumplir standard de log/packages


MD5: 17d2405fae1c2a42c56b48cfa2a9de6c

LINK FTP OFICIAL
http://adf.ly/143OoJ

LINKS DE APOYO POR SI NO VA EL FTP
http://adf.ly/143Oqp

TORRENT
https://kickass.to/wifislax-4-8-final-iso-t8821793.html

[Cisco Torch] Mass Scanning, Fingerprinting, and Exploitation Tool


Cisco Torch mass scanning, fingerprinting, and exploitation tool was written while working on the next edition of the "Hacking Exposed Cisco Networks", since the tools availalbe on the market could not meet our needs.

The main feature that makes Cisco-torch different from similar tools is the extensive use of forking to launch multiple scanning processes on the background for maximum scanning efficiency. Also, it uses several methods of application layer fingerprinting simultaneously, if needed. We wanted something fast to discover remote Cisco hosts running Telnet, SSH, Web, NTP and SNMP services and launch dictionary attacks against the services discovered.

[QuickSetDNS] Quickly change DNS servers of your Internet connection


QuickSetDNS is a simple tool that allows you to easily change the DNS servers that are used for your Internet connection. You can set the desired DNS servers from the user interface, by choosing from a list of DNS servers that you defined, or from command-line, without displaying any user interface.

System Requirements
This utility works on any version of Windows, starting from Windows 2000 and up to Windows 8. Both 32-bit and 64-bit systems are supported.

Versions History
  • Version 1.01:
    • Added 'Router DNS' item, which allows you to choose the internal DNS server of your router.
  • Version 1.00 - First release.

Start Using QuickSetDNS

QuickSetDNS doesn't require any installation process or additional dll files. In order to start using it, simply run the executable file - QuickSetDNS.exe


After running QuickSetDNS, the main window allows you to easily choose the desired DNS servers to use on your Internet connection, by using the 'Set Active DNS' option (F2). By default, QuickSetDNS provides only one alternative: the public DNS servers of Google - 8.8.8.8 and 8.8.4.4 

You can easily add more DNS servers to the list by using the 'New DNS Server' option (Ctrl+N).


If the 'Automatic DNS' option is selected, then the DNS server information is received from your router automatically, using DHCP.

If you have multiple network adapters, you may need to choose the correct network adapter from the combo-box located just below the toolbar of QuickSetDNS.