Thủ Phủ Hacker Mũ Trắng Buôn Ma Thuột

Chương trình Đào tạo Hacker Mũ Trắng Việt Nam tại Thành phố Buôn Ma Thuột kết hợp du lịch. Khi đi là newbie - Khi về là HACKER MŨ TRẮNG !

Hacking Và Penetration Test Với Metasploit

Chương trình huấn luyện sử dụng Metasploit Framework để Tấn Công Thử Nghiệm hay Hacking của Security365.

Tài Liệu Computer Forensic Của C50

Tài liệu học tập về Truy Tìm Chứng Cứ Số (CHFI) do Security365 biên soạn phục vụ cho công tác đào tạo tại C50.

Sinh Viên Với Hacking Và Bảo Mật Thông Tin

Cuộc thi sinh viên cới Hacking. Với các thử thách tấn công trang web dành cho sinh viên trên nền Hackademic Challenge.

Tấn Công Và Phòng Thủ Với BackTrack / Kali Linux

Khóa học tấn công và phòng thủ với bộ công cụ chuyên nghiệp của các Hacker là BackTrack và Kali LINUX dựa trên nội dung Offensive Security

Sayfalar

JADX - Java source code from Android Dex and Apk files


Command line and GUI tools for produce Java source code from Android Dex and Apk files.

Usage

jadx[-gui] [options] <input file> (.dex, .apk, .jar or .class)
options:
-d, --output-dir - output directory
-j, --threads-count - processing threads count
-f, --fallback - make simple dump (using goto instead of 'if', 'for', etc)
--cfg - save methods control flow graph to dot file
--raw-cfg - save methods control flow graph (use raw instructions)
-v, --verbose - verbose output
-h, --help - print this help
Example:
jadx -d out classes.dex


MalwaRE - Malware Repository Framework


malwaRE is a malware repository website created using PHP Laravel framework, used to manage your own malware zoo. malwaRE was based on the work of Adlice team with some extra features.

If you guys have any improvements, please let me know or send me a pull request.

Features
  • Self-hosted solution (PHP/Mysql server needed)
  • VirusTotal results (option for uploading unknown samples)
  • Search filters available (vendor, filename, hash, tag)
  • Vendor name is picked from VirusTotal results in that order: Microsoft, Kaspersky, Bitdefender
  • Add writeup url(s) for each sample
  • Manage samples by tag
  • Tag autocomplete
  • VirusTotal rescan button (VirusTotal's score column)
  • Download samples from repository

DAws - Advanced Web Shell (Windows/Linux)


There's multiple things that makes DAws better than every Web Shell out there:
  1. Bypasses Disablers; DAws isn't just about using a particular function to get the job done, it uses up to 6 functions if needed, for example, if shell_exec was disabled it would automatically use exec or passthru or system or popen or proc_open instead, same for Downloading a File from a Link, if Curl was disabled then file_get_content is used instead and this Feature is widely used in every section and fucntion of the shell.
  2. Automatic Encoding; DAws randomly and automatically encodes most of your GET and POST data using XOR(Randomized key for every session) + Base64(We created our own Base64 encoding functions instead of using the PHP ones to bypass Disablers) which will allow your shell to Bypass pretty much every WAF out there.
  3. Advanced File Manager; DAws's File Manager contains everything a File Manager needs and even more but the main Feature is that everything is dynamically printed; the permissions of every File and Folder are checked, now, the functions that can be used will be available based on these permissions, this will save time and make life much easier.
  4. Tools: DAws holds bunch of useful tools such as "bpscan" which can identify useable and unblocked ports on the server within few minutes which can later on allow you to go for a bind shell for example.
  5. Everything that can't be used at all will be simply removed so Users do not have to waste their time. We're for example mentioning the execution of c++ scripts when there's no c++ compilers on the server(DAws would have checked for multiple compilers in the first place) in this case, the function would be automatically removed and the User would know.
  6. Supports Windows and Linux.
  7. Openned Source.

Extra Info
  • Eval Form:
    • `include` is being used instead PHP `eval` to bypass Protection Systems.
  • Download from Link - Methods:
    • PHP Curl
    • File_put_content
  • Zip - Methods:
    • Linux:
      • Zip
    • Windows:
      • Vbs Script
  • Shells and Tools:
    • Extra:
      • `nohup`, if installed, is automatically used for background processing.

Appie - Android Pentesting Portable Integrated Environment


Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick.This is a one stop answer for all the tools needed in Android Application Security Assessment.

Difference between Appie and existing environments ?
  • Tools contained in Appie are running on host machine instead of running on virtual machine.
  • Less Space Needed(Only 600MB compared to atleast 8GB of Virual Machine)
  • As the name suggests it is completely Portable i.e it can be carried on USB Stick or on your own smartphone and your pentesting environment will go wherever you go without any differences.
  • Awesome Interface

Which tools are included in Appie ?

SmartSniff v2.16 - Capture TCP/IP packets on your network adapter


SmartSniff is a network monitoring utility that allows you to capture TCP/IP packets that pass through your network adapter, and view the captured data as sequence of conversations between clients and servers. You can view the TCP/IP conversations in Ascii mode (for text-based protocols, like HTTP, SMTP, POP3 and FTP.) or as hex dump. (for non-text base protocols, like DNS) 

SmartSniff provides 3 methods for capturing TCP/IP packets :
  1. Raw Sockets (Only for Windows 2000/XP or greater): Allows you to capture TCP/IP packets on your network without installing a capture driver. This method has some limitations and problems.
  2. WinPcap Capture Driver: Allows you to capture TCP/IP packets on all Windows operating systems. (Windows 98/ME/NT/2000/XP/2003/Vista) In order to use it, you have to download and install WinPcap Capture Driver from this Web site. (WinPcap is a free open-source capture driver.) 
    This method is generally the preferred way to capture TCP/IP packets with SmartSniff, and it works better than the Raw Sockets method.
  3. Microsoft Network Monitor Driver (Only for Windows 2000/XP/2003): Microsoft provides a free capture driver under Windows 2000/XP/2003 that can be used by SmartSniff, but this driver is not installed by default, and you have to manually install it, by using one of the following options:
  4. Microsoft Network Monitor Driver 3: Microsoft provides a new version of Microsoft Network Monitor driver (3.x) that is also supported under Windows 7/Vista/2008. Starting from version 1.60, SmartSniff can use this driver to capture the network traffic. 
    The new version of Microsoft Network Monitor (3.x) is available to download from Microsoft Web site.    

System Requirements

SmartSniff can capture TCP/IP packets on any version of Windows operating system (Windows 98/ME/NT/2000/XP/2003/2008/Vista/7/8) as long as WinPcap capture driver is installed and works properly with your network adapter. 

You can also use SmartSniff with the capture driver of Microsoft Network Monitor, if it's installed on your system.

Under Windows 2000/XP (or greater), SmartSniff also allows you to capture TCP/IP packets without installing any capture driver, by using 'Raw Sockets' method. However, this capture method has some limitations and problems:
  • Outgoing UDP and ICMP packets are not captured.
  • On Windows XP SP1 outgoing packets are not captured at all - Thanks to Microsoft's bug that appeared in SP1 update... 
    This bug was fixed on SP2 update, but under Vista, Microsoft returned back the outgoing packets bug of XP/SP1.
  • On Windows Vista/7/8: Be aware that Raw Sockets method doesn't work properly on all systems. It's not a bug in SmartSniff, but in the API of Windows operating system. If you only see the outgoing traffic, try to turn off Windows firewall, or add smsniff.exe to the allowed programs list of Windows firewall.   

Beeswarm - Active IDS made easy


Beeswarm is an active IDS project that provides easy configuration, deployment and management of honeypots and clients. The system operates by luring the hacker into the honeypots by setting up a deception infrastructure where deployed drones communicate with honeypots and intentionally leak credentials while doing so. The project has been release in a beta version, a stable version is expected within three months.

Installing and starting the server

On the VM to be set up as the server, perform the following steps. Make sure to write down the administrative password.

$ sudo apt-get install libffi-dev build-essential python-dev python-pip libssl-dev libxml2-dev libxslt1-dev
$ pip install pydes --allow-external pydes --allow-unverified pydes
$ pip install beeswarm
Downloading/unpacking beeswarm
...
Successfully installed Beeswarm
Cleaning up...
$ mkdir server_workdir
$ cd server-workdir/
$ beeswarm --server
...
****************************************************************************
Default password for the admin account is: uqbrlsabeqpbwy
****************************************************************************
...


CapTipper - Malicious HTTP traffic explorer tool


CapTipper is a python tool to analyze, explore and revive HTTP malicious traffic.

CapTipper sets up a web server that acts exactly as the server in the PCAP file, and contains internal tools, with a powerful interactive console, for analysis and inspection of the hosts, objects and conversations found.

The tool provides the security researcher with easy access to the files and the understanding of the network flow,and is useful when trying to research exploits, pre-conditions, versions, obfuscations, plugins and shellcodes.
Feeding CapTipper with a drive-by traffic capture (e.g of an exploit kit) displays the user with the requests URI's that were sent and responses meta-data.

The user can at this point browse to http://127.0.0.1/[URI] and receive the response back to the browser.

In addition, an interactive shell is launched for deeper investigation using various commands such as: hosts, hexdump, info, ungzip, body, client, dump and more...



Ghiro 0.2 - Automated Digital Image Forensics Tool


Sometime forensic investigators need to process digital images as evidence. There are some tools around, otherwise it is difficult to deal with forensic analysis with lot of images involved.

Images contain tons of information, Ghiro extracts these information from provided images and display them in a nicely formatted report.

Dealing with tons of images is pretty easy, Ghiro is designed to scale to support gigs of images.

All tasks are totally automated, you have just to upload you images and let Ghiro does the work.

Understandable reports, and great search capabilities allows you to find a needle in a haystack.

Ghiro is a multi user environment, different permissions can be assigned to each user. Cases allow you to group image analysis by topic, you can choose which user allow to see your case with a permission schema.

Use Cases

Ghiro can be used in many scenarios, forensic investigators could use it on daily basis in their analysis lab but also people interested to undercover secrets hidden in images could benefit. Some use case examples are the following:
  • If you need to extract all data and metadata hidden in an image in a fully automated way
  • If you need to analyze a lot of images and you have not much time to read the report for all them
  • If you need to search a bunch of images for some metadata
  • If you need to geolocate a bunch of images and see them in a map
  • If you have an hash list of "special" images and you want to search for them

Anyway Ghiro is designed to be used in many other scenarios, the imagination is the only limit.

Video

MAIN FEATURES

Metadata extraction

Metadata are divided in several categories depending on the standard they come from. Image metadata are extracted and categorized. For example: EXIF, IPTC, XMP.

GPS Localization

Embedded in the image metadata sometimes there is a geotag, a bit of GPS data providing the longitude and latitude of where the photo was taken, it is read and the position is displayed on a map.

MIME information

The image MIME type is detected to know the image type your are dealing with, in both contacted (example: image/jpeg) and extended form.

Error Level Analysis

Error Level Analysis (ELA) identifies areas within an image that are at different compression levels. The entire picture should be at roughly the same level, if a difference is detected, then it likely indicates a digital modification.

Thumbnail extraction

The thumbnails and data related to them are extracted from image metadata and stored for review.

Thumbnail consistency

Sometimes when a photo is edited, the original image is edited but the thumbnail not. Difference between the thumbnails and the images are detected. 

Signature engine 

Over 120 signatures provide evidence about most critical data to highlight focal points and common exposures.

Hash matching

Suppose you are searching for an image and you have only the hash. You can provide a list of hashes and all images matching are reported.


Sysmon v2.0 - System Activity Monitor for Windows


System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to file creation time. By collecting the events it generates using Windows Event Collection or SIEM agents and subsequently analyzing them, you can identify malicious or anomalous activity and understand how intruders and malware operate on your network.

Note that Sysmon does not provide analysis of the events it generates, nor does it attempt to protect or hide itself from attackers.

Overview of Sysmon Capabilities

Sysmon includes the following capabilities:
  • Logs process creation with full command line for both current and parent processes.
  • Records the hash of process image files using SHA1 (the default), MD5, SHA256 or IMPHASH.
  • Multiple hashes can be used at the same time.
  • Includes a process GUID in process create events to allow for correlation of events even when Windows reuses process IDs.
  • Include a session GUID in each events to allow correlation of events on same logon session.
  • Logs loading of drivers or DLLs with their signatures and hashes.
  • Optionally logs network connections, including each connection’s source process, IP addresses, port numbers, hostnames and port names.
  • Detects changes in file creation time to understand when a file was really created. Modification of file create timestamps is a technique commonly used by malware to cover its tracks.
  • Automatically reload configuration if changed in the registry.
  • Rule filtering to include or exclude certain events dynamically.
  • Generates events from early in the boot process to capture activity made by even sophisticated kernel-mode malware.

Usage

Uses Sysmon simple command-line options to install and uninstall it, as well as to check and modify Sysmon’s configuration:

Sysinternals Sysmon v2.00 - System activity monitor

Copyright (C) 2014-2015 Mark Russinovich and Thomas Garnier

Sysinternals - www.sysinternals.com


Usage:
Install:    Sysmon.exe -i <configfile>
[-h <[sha1|md5|sha256|imphash|*],...>] [-n (<process,...>)]
[-l (<process,...>)]
Configure:  Sysmon.exe -c <configfile>

              [--|[-h <[sha1|md5|sha256|imphash|*],...>] [-n (<process,...>)]

                   [-l (<process,...>)]]

Uninstall:  Sysmon.exe -u
-cUpdate configuration of an installed Sysmon driver or dump the current configuration if no other argument is provided. Optionally take a configuration file.
-hSpecify the hash algorithms used for image identification (default is SHA1). It supports multiple algorithms at the same time. Configuration entry: Hashing.
-iInstall service and driver. Optionally take a configuration file.
-lLog loading of modules. Optionally take a list of processes to track. Configuration entry: ImageLoading.
-mInstall the event manifest (done on service install as well).
-nLog network connections. Optionally take a list of processes to track. Configuration entry: Network.
-uUninstall service and driver.

The service logs events immediately and the driver installs as a boot-start driver to capture activity from early in the boot that the service will write to the event log when it starts.

On Vista and higher, events are stored in "Applications and Services Logs/Microsoft/Windows/Sysmon/Operational". On older systems, events written to the System event log.

If you need more information on configuration files, use the '-? config' command. More examples are available on the Sysinternals website.

Specify -accepteula to automatically accept the EULA on installation, otherwise you will be interactively prompted to accept it.

Neither install nor uninstall requires a reboot.

Examples

Install with default settings (process images hashed with sha1 and no network monitoring)
sysmon -accepteula  –i
Install with md5 and sha256 hashing of process created and monitoring network connections
sysmon -accepteula –i –h md5,sha256 –n
Install Sysmon with a configuration file (as described below)
sysmon –accepteula –i c:\windows\config.xml
Uninstall
sysmon –u
Dump the current configuration
sysmon –c
Change the configuration to use all hashes, no network monitoring and monitoring of DLLs in Lsass
sysmon –c –h * –l lsass.exe
Change the configuration of sysmon with a configuration file (as described below)
sysmon –c c:\windows\config.xml
Change the configuration to default settings
sysmon –c --


Grinder - System to Automate the Fuzzing of Web Browsers


Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes. Grinder Nodes provide an automated way to fuzz a browser, and generate useful crash information (such as call stacks with symbol information as well as logging information which can be used to generate reproducible test cases at a later stage). A Grinder Server provides a central location to collate crashes and, through a web interface, allows multiple users to login and manage all the crashes being generated by all of the Grinder Nodes.

System Requirements

A Grinder Node requires a 32/64 bit Windows system and Ruby 2.0 (Ruby 1.9 is also supported but you wont be able to fuzz 64bit targets).
A Grinder Server requires a web server with MySQL and PHP.

Features

Grinder Server features:
  • Multi user web application. User can login and manage all crashes reported by the Grinder Nodes. Administrators can create more users and view the login history.
  • Users can view the status of the Grinder system. The activity of all nodes in the system is shown including status information such as average testcases being run per minute, the total crashes a node has generated and the last time a node generated a crash.
  • Users can view all of the crashes in the system and sort them by node, target, fuzzer, type, hash, time or count.
  • Users can view crash statistics for the fuzzers, including total and unique crashes per fuzzer and the targets each fuzzer is generating crashes on.
  • Users can hide all duplicate crashes so as to only show unique crashes in the system in order to easily manage new crashes as they occur.
  • Users can assign crashes to one another as well as mark a particular crash as interesting, exploitable, uninteresting or unknown.
  • Users can store written notes for a particular crash (viewable to all other users) to help manage them.
  • Users can download individual crash log files to help debug and recreate testcases.
  • Users can create custom filters to exclude uninteresting crashes from the list of crashes.
  • Users can create custom e-mail alerts to alert them when a new crash comes into the system that matches a specific criteria.
  • Users can change their password and e-mail address on the system as well as view their own login history.
Grinder Node features:
  • A node can be brought up and begin fuzzing any supported browser via a single command.
  • A node injects a logging DLL into the target browser process to help the fuzzers perform logging in order to recreate testcases at a later stage.
  • A node records useful crash information such as call stack, stack dump, code dump and register info and also includes any available symbol information.
  • A node can automatically encrypt all crash information with an RSA public key.
  • A node can automatically report new crashes to a remote Grinder Server.
  • A node can run largely unattended for a long period of time.

Grinder Screenshots





Gitrob - Reconnaissance tool for GitHub organizations


Gitrob is a command line tool that can help organizations and security professionals find such sensitive information. The tool will iterate over all public organization and member repositories and match filenames against a range of patterns for files, that typically contain sensitive or dangerous information.

How it works

Looking for sensitive information in GitHub repositories is not a new thing, it has been known for a while that things such as private keys and credentials can be found with GitHub's search functionality, however Gitrob makes it easier to focus the effort on a specific organization.

The first thing the tool does is to collect all public repositories of the organization itself. It then goes on to collect all the organization members and their public repositories, in order to compile a list of repositories that might be related or have relevance to the organization.

When the list of repositories has been compiled, it proceeds to gather all the filenames in each repository and runs them through a series of observers that will flag the files, if they match any patterns of known sensitive files. This step might take a while if the organization is big or if the members have a lot of public repositories.

All of the members, repositories and files will be saved to a PostgreSQL database. When everything has been sifted through, it will start a Sinatra web server locally on the machine, which will serve a simple web application to present the collected data for analysis.


Exploit Pack - Open Source Security Project for Penetration Testing and Exploit Development


Exploit Pack, is an open source GPLv3 security tool, this means it is fully free and you can use it without any kind of restriction. Other security tools like Metasploit, Immunity Canvas, or Core Iimpact are ready to use as well but you will require an expensive license to get access to all the features, for example: automatic exploit launching, full report capabilities, reverse shell agent customization, etc. Exploit Pack is fully free, open source and GPLv3. Because this is an open source project you can always modify it, add or replace features and get involved into the next project decisions, everyone is more than welcome to participate. We developed this tool thinking for and as pentesters. As security professionals we use Exploit Pack on a daily basis to deploy real environment attacks into real corporate clients.

Video demonstration of the latest Exploit Pack release:


More than 300+ exploits

Military grade professional security tool

Exploit Pack comes into the scene when you need to execute a pentest in a real environment, it will provide you with all the tools needed to gain access and persist by the use of remote reverse agents.

Remote Persistent Agents

Reverse a shell and escalate privileges

Exploit Pack will provide you with a complete set of features to create your own custom agents, you can include exploits or deploy your own personalized shellcodes directly into the agent.

Write your own Exploits

Use Exploit Pack as a learning platform

Quick exploit development, extend your capabilities and code your own custom exploits using the Exploit Wizard and the built-in Python Editor moded to fullfill the needs of an Exploit Writer.


ProGuard - Java class file Shrinker, Optimizer, Obfuscator and Preverifier


ProGuard is a free Java class file shrinker, optimizer, obfuscator, and preverifier. It detects and removes unused classes, fields, methods, and attributes. It optimizes bytecode and removes unused instructions. It renames the remaining classes, fields, and methods using short meaningless names. Finally, it preverifies the processed code for Java 6 or higher, or for Java Micro Edition. 

Some uses of ProGuard are:
  • Creating more compact code, for smaller code archives, faster transfer across networks, faster loading, and smaller memory footprints.
  • Making programs and libraries harder to reverse-engineer.
  • Listing dead code, so it can be removed from the source code.
  • Retargeting and preverifying existing class files for Java 6 or higher, to take full advantage of their faster class loading.

ProGuard's main advantage compared to other Java obfuscators is probably its compact template-based configuration. A few intuitive command line options or a simple configuration file are usually sufficient. The user manual explains all available options and shows examples of this powerful configuration style.

ProGuard is fast. It only takes seconds to process programs and libraries of several megabytes. The results section presents actual figures for a number of applications.

ProGuard is a command-line tool with an optional graphical user interface. It also comes with plugins for Ant, for Gradle, and for the JME Wireless Toolkit.


What is shrinking?

Java source code (.java files) is typically compiled to bytecode (.class files). Bytecode is more compact than Java source code, but it may still contain a lot of unused code, especially if it includes program libraries. Shrinking programs such as ProGuard can analyze bytecode and remove unused classes, fields, and methods. The program remains functionally equivalent, including the information given in exception stack traces.

What is obfuscation?

By default, compiled bytecode still contains a lot of debugging information: source file names, line numbers, field names, method names, argument names, variable names, etc. This information makes it straightforward to decompile the bytecode and reverse-engineer entire programs. Sometimes, this is not desirable. Obfuscators such as ProGuard can remove the debugging information and replace all names by meaningless character sequences, making it much harder to reverse-engineer the code. It further compacts the code as a bonus. The program remains functionally equivalent, except for the class names, method names, and line numbers given in exception stack traces.

What is preverification?

When loading class files, the class loader performs some sophisticated verification of the byte code. This analysis makes sure the code can't accidentally or intentionally break out of the sandbox of the virtual machine. Java Micro Edition and Java 6 introduced split verification. This means that the JME preverifier and the Java 6 compiler add preverification information to the class files (StackMap and StackMapTable attributes, respectively), in order to simplify the actual verification step for the class loader. Class files can then be loaded faster and in a more memory-efficient way. ProGuard can perform the preverification step too, for instance allowing to retarget older class files at Java 6.

What kind of optimizations does ProGuard support?

Apart from removing unused classes, fields, and methods in the shrinking step, ProGuard can also perform optimizations at the bytecode level, inside and across methods. Thanks to techniques like control flow analysis, data flow analysis, partial evaluation, static single assignment, global value numbering, and liveness analysis, ProGuard can:
  • Evaluate constant expressions.
  • Remove unnecessary field accesses and method calls.
  • Remove unnecessary branches.
  • Remove unnecessary comparisons and instanceof tests.
  • Remove unused code blocks.
  • Merge identical code blocks.
  • Reduce variable allocation.
  • Remove write-only fields and unused method parameters.
  • Inline constant fields, method parameters, and return values.
  • Inline methods that are short or only called once.
  • Simplify tail recursion calls.
  • Merge classes and interfaces.
  • Make methods private, static, and final when possible.
  • Make classes static and final when possible.
  • Replace interfaces that have single implementations.
  • Perform over 200 peephole optimizations, like replacing ...*2 by ...<<1.
  • Optionally remove logging code.
The positive effects of these optimizations will depend on your code and on the virtual machine on which the code is executed. Simple virtual machines may benefit more than advanced virtual machines with sophisticated JIT compilers. At the very least, your bytecode may become a bit smaller.
Some notable optimizations that aren't supported yet:
  • Moving constant expressions out of loops.
  • Optimizations that require escape analysis (DexGuard does).

Password Sniffer Console - Command-line Tool to Sniff and Capture HTTP/FTP/POP3/SMTP/IMAP Passwords


Password Sniffer Console is the all-in-one command-line based Password Sniffing Tool to capture Email, Web and FTP login passwords passing through the network.

It automatically detects the login packets on network for various protocols and instantly decodes the passwords.

Here is the list of supported protocols,
  • HTTP (BASIC authentication)
  • FTP
  • POP3
  • IMAP
  • SMTP

In addition to recovering your own lost passwords, you can use this tool in following scenarios,
  • Run it on Gateway System where all of your network's traffic pass through.
  • In MITM Attack, run it on middle system to capture the Passwords from target system.
  • On Multi-user System, run it under Administrator account to silently capture passwords for all the users.

It includes Installer which installs the Winpcap, network capture driver required for sniffing. For Windows 8, first you have to manually install Winpcap driver (in Windows 7 Compatibility mode) and then run our installer to install only Password Sniffer Console.

It is a very useful tool for penetration testers and being a command-line tool makes it suitable for automation.

It works on both 32-bit & 64-bit platforms starting from Windows XP to Windows 8.

Requirements
PasswordSnifferConsole requires Winpcap (http://www.winpcap.org) - industry standard packet capture library for Windows. By default latest version of Winpcap (as of this writing v4.1.2) is installed automatically during the installation of Password Sniffer Console.

However if you don't want it, you can uncheck it during installation and later install the latest version manually.


PortExpert - Monitors all applications connected to the Internet


PortExpert gives you a detailed vision of your personnal computer cybersecurity. It automatically monitors all applications connected to the Internet and give you all the information you might need to identify potential threats to your system.

Features
  • Monitor of application using TCP/UDP communications
  • User-friendly interface
  • Identifies remote servers (WhoIs service)
  • Allows to open containing folder of any applications
  • Allow to easily search for more info online
  • Automatic identification of related service : FTP, HTTP, HTTPS,...
  • Capability to show/hide system level processes
  • Capability to show/hide loopbacks
  • Time freeze function

Tribler - Download Torrents using Tor-inspired onion routing


Tribler is a research project of Delft University of Technology. Tribler was created over nine years ago as a new open source Peer-to-Peer file sharing program. During this time over one million users have installed it successfully and three generations of Ph.D. students tested their algorithms in the real world.

Tribler is the first client which continuously improves upon the aging BitTorrent protocol from 2001 and addresses its flaws. We expanded it with, amongst others, streaming from magnet links, keyword search for content, channels and reputation-management. All these features are implemented in a completely distributed manner, not relying on any centralized component. Still, Tribler manages to remain fully backwards compatible with BitTorrent.

Work on Tribler has been supported by multiple Internet research European grants. In total we received 3,538,609 Euro in funding for our open source self-organising systems research.
Roughly 10 to 15 scientists and engineers work on it full-time. Our ambition is to make darknet technology, security and privacy the default for all Internet users. As of 2013 we have received code from 46 contributors and 143.705 lines of code.

Vision & Mission

"Push the boundaries of self-organising systems, robust reputation systems and craft collaborative systems with millions of active participants under continuous attack from spammers and other adversarial entities."


FirePassword - Firefox Username & Password Recovery Tool


FirePassword is first ever tool (back in early 2007) released to recover the stored website login passwords from Firefox Browser.

Like other browsers, Firefox also stores the login details such as username, password for every website visited by the user at the user consent. All these secret details are stored in Firefox sign-on database securely in an encrypted format. FirePassword can instantly decrypt and recover these secrets even if they are protected with Master Password.

Also FirePassword can be used to recover sign-on passwords from different profile (for other users on the same system) as well as from the different operating system (such as Linux, Mac etc). This greatly helps forensic investigators who can copy the Firefox profile data from the target system to different machine and recover the passwords offline without affecting the target environment.

This mega release supports password recovery from new password file 'logins.json' starting with Firefox version 32.x.

Note: FirePassword is not hacking or cracking tool as it can only help you to recover your own lost website passwords that are previously stored in Firefox browser.

It works on wider range of platforms starting from Windows XP to Windows 8.

Features
  • Instantly decrypt and recover stored encrypted passwords from 'Firefox Sign-on Secret Store' for all versions of Firefox.
  • Recover Passwords from Mozilla based SeaMonkey browser also.
  • Supports recovery of passwords from local system as well as remote system. User can specify Firefox profile location from the remote system to recover the passwords.
  • It can recover passwords from Firefox secret store even when it is protected with master password. In such case user have to enter the correct master password to successfully decrypt the sign-on passwords.
  • Automatically discovers Firefox profile location based on installed version of Firefox.
  • On successful recovery operation, username, password along with a corresponding login website is displayed
  • Fully Portable version, can be run from anywhere.
  • Integrated Installer for assisting you in local Installation & Uninstallation. 

Crowbar - Brute Forcing Tool for Pentests


Crowbar (crowbar) is brute forcing tool that can be used during penetration tests. It is developed to brute force some protocols in a different manner according to other popular brute forcing tools. As an example, while most brute forcing tools use username and password for SSH brute force, Crowbar uses SSH key. So SSH keys, that are obtained during penetration tests, can be used to attack other SSH servers.

Currently Crowbar supports
  • OpenVPN
  • SSH private key authentication
  • VNC key authentication
  • Remote Desktop Protocol (RDP) with NLA support
Installation

First you shoud install dependencies
 # apt-get install openvpn freerdp-x11 vncviewer
Then get latest version from github
 # git clone https://github.com/galkan/crowbar 
Attention: Rdp depends on your Kali version. It may be xfreerdp for the latest version.

Usage

-h: Shows help menu.
-b: Target service. Crowbar now supports vnckey, openvpn, sshkey, rdp.
-s: Target ip address.
-S: File name which is stores target ip address.
-u: Username.
-U: File name which stores username list.
-n: Thread count.
-l: File name which stores log. Deafault file name is crwobar.log which is located in your current directory
-o: Output file name which stores the successfully attempt.
-c: Password.
-C: File name which stores passwords list.
-t: Timeout value.
-p: Port number
-k: Key file full path.
-m: Openvpn configuration file path
-d: Run nmap in order to discover whether the target port is open or not. So that you can easily brute to target using crowbar.
-v: Verbose mode which is shows all the attempts including fail.
If you want see all usage options, please use crowbar --help



Instant PDF Password Protector - Password Protect PDF file


Instant PDF Password Protector is the Free tool to quickly Password Protect PDF file on your system.

With a click of button, you can lock or protect any of your sensitive/private PDF documents. You can also use any of the standard Encryption methods - RC4/AES (40-bit, 128-bit, 256-bit) based upon the desired security level.

In addition to this, it also helps you set advanced restrictions to prevent Printing, Copying or Modification of target PDF file. To further secure it, you can also set 'Owner Password' (also called Permissions Password) to stop anyone from removing these restrictions.

'PDF Password Protector' includes Installer for quick installation/un-installation. It works on both 32-bit & 64-bit platforms starting from Windows XP to Windows 8.

Features
  • Instantly Password Protect PDF document with a click of button
  • Supports all versions of PDF documents
  • Lock PDF file with Password (User/Document Open Password)
  • Supports all the standard Encryption methods - RC4/AES (40-bit,128-bit, 256-bit)
  • [Advanced] Protect PDF file by adding following Restrictions
    • Copying
    • Printing
    • Signing
    • Commenting
    • Changing the Document
    • Document Assembly
    • Page Extraction
    • Filling of Form Fields
  • [Advanced] Set the Permission Password (Owner Password) to prevent removal of above restrictions
  • Advanced Settings Dialog to quickly alter above permissions/restrictions
  • Drag & Drop support for easier selection of PDF file
  • Very easy to use with simple & attractive GUI screen
  • Support for local Installation and uninstallation of the software

Hyperfox - HTTP and HTTPs Traffic Interceptor


Hyperfox is a security tool for proxying and recording HTTP and HTTPs communications on a LAN.

Hyperfox is capable of forging SSL certificates on the fly using a root CA certificate and its corresponding key (both provided by the user). If the target machine recognizes the root CA as trusted, then HTTPs traffic can be succesfully intercepted and recorded.

Hyperfox saves captured data to a SQLite database for later inspection and also provides a web interface for watching live traffic and downloading wire formatted messages.


LINSET - WPA/WPA2 Hack Without Brute Force


How it works
  • Scan the networks.
  • Select network.
  • Capture handshake (can be used without handshake)
  • We choose one of several web interfaces tailored for me (thanks to the collaboration of the users)
  • Mounts one FakeAP imitating the original
  • A DHCP server is created on FakeAP
  • It creates a DNS server to redirect all requests to the Host
  • The web server with the selected interface is launched
  • The mechanism is launched to check the validity of the passwords that will be introduced
  • It deauthentificate all users of the network, hoping to connect to FakeAP and enter the password.
  • The attack will stop after the correct password checking
Are necessary tengais installed dependencies, which Linset check and indicate whether they are installed or not.

It is also preferable that you still keep the patch for the negative channel, because if not, you will have complications relizar to attack correctly

How to use
$ chmod +x linset
$ ./linset


WiFiPhisher - Fast automated phishing attacks against WiFi networks


Wifiphisher is a security tool that mounts fast automated phishing attacks against WiFi networks in order to obtain secret passphrases and other credentials. It is a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining credentials from captive portals and third party login pages or WPA/WPA2 secret passphrases.

Wifiphisher works on Kali Linux and is licensed under the MIT license.

From the victim's perspective, the attack makes use in three phases:
  1. Victim is being deauthenticated from her access point. Wifiphisher continuously jams all of the target access point's wifi devices within range by sending deauth packets to the client from the access point, to the access point from the client, and to the broadcast address as well.
  2. Victim joins a rogue access point. Wifiphisher sniffs the area and copies the target access point's settings. It then creates a rogue wireless access point that is modeled on the target. It also sets up a NAT/DHCP server and forwards the right ports. Consequently, because of the jamming, clients will start connecting to the rogue access point. After this phase, the victim is MiTMed.
  3. Victim is being served a realistic router config-looking page. wifiphisher employs a minimal web server that responds to HTTP & HTTPS requests. As soon as the victim requests a page from the Internet, wifiphisher will respond with a realistic fake page that asks for credentials, for example one that asks WPA password confirmation due to a router firmware upgrade.

Usage
Short formLong formExplanation
-mmaximumChoose the maximum number of clients to deauth. List of clients will be emptied and repopulated after hitting the limit. Example: -m 5
-nnoupdateDo not clear the deauth list when the maximum (-m) number of client/AP combos is reached. Must be used in conjunction with -m. Example: -m 10 -n
-ttimeintervalChoose the time interval between packets being sent. Default is as fast as possible. If you see scapy errors like 'no buffer space' try: -t .00001
-ppacketsChoose the number of packets to send in each deauth burst. Default value is 1; 1 packet to the client and 1 packet to the AP. Send 2 deauth packets to the client and 2 deauth packets to the AP: -p 2
-ddirectedonlySkip the deauthentication packets to the broadcast address of the access points and only send them to client/AP pairs
-aaccesspointEnter the MAC address of a specific access point to target
-jIjamminginterfaceChoose the interface for jamming. By default script will find the most powerful interface and starts monitor mode on it.
-aIapinterfaceChoose the interface for the fake AP. By default script will find the second most powerful interface and starts monitor mode on it.

Screenshots

Targeting an access point

A successful attack

Fake router configuration page


Requirements
  • Kali Linux.
  • Two wireless network interfaces, one capable of injection.

SniffPass - Password Monitoring/Sniffing Software (Web/FTP/Email)


SniffPass is small password monitoring software that listens to your network, capture the passwords that pass through your network adapter, and display them on the screen instantly. SniffPass can capture the passwords of the following Protocols: POP3, IMAP4, SMTP, FTP, and HTTP (basic authentication passwords). 

You can use this utility to recover lost Web/FTP/Email passwords.

Using SniffPass

In order to start using SniffPass, follow the instructions below:
  1. Download and install the WinPcap capture driver or the Microsoft Network Monitor driver. 
    You can also try to capture without any driver installation, simply by using the 'Raw Socket' capture method, but you should be aware that this method doesn't work properly in many systems.
  2. Run the executable file of SniffPass (SniffPass.exe).
  3. From the File menu, select "Start Capture", or simply click the green play button in the toolbar. If it's the first time that you use SniffPass, you'll be asked to select the capture method and the network adapter that you want to use. 
    After you select the desired capture options, SniffPass listen to your network adapter, and display instantly any password that it find.
  4. In order to verify that the password sniffing works in your system, go to the demo Web page at http://www.nirsoft.net/password_test and type 'demo' as user name and 'password' as the password. After typing the user name/password and clicking 'Ok', you should see a new line in the main window of SniffPass containing the user/password you typed.

Get passwords of another computer on your network ?

Many people ask me whether SniffPass is able to get passwords from another computer on the same network. So here's the answer. In order to grab the passwords from other network computers:
  1. You must use a simple hub to connect your computers to the network. All modern switches and routers automatically filter the packets of the other computers, so the computer that runs SniffPass will never "see" the passwords of other computers when you use a switch or a router.
  2. Your network card must be able to enter into 'Promiscuous Mode'.
  3. You must use WinPCap or Network Monitor Driver as a capture method.
  4. For wireless network: Most wireless network cards (or their device drivers) automatically filter the packets of other computers, so you won't be able the capture the passwords of ther computers. However, starting from Windows Vista/7, you can capture passwords of wireless networks that are not encrypted, by using Wifi Monitor Mode and Network Monitor Driver 3.x.  
    For more information about capturing from wireless networks , read this Blog post: How to capture data and passwords of unsecured wireless networks with SniffPass and SmartSniff

Command-Line Options

Command Description
/NoCapDriver Starts SniffPass without loading the WinPcap Capture Driver.
/NoReg Starts SniffPass without loading/saving your settings to the Registry.     


Kali Linux NetHunter - Android penetration testing platform


NetHunter is a Android penetration testing platform for Nexus and OnePlus devices built on top of Kali Linux, which includes some special and unique features. Of course, you have all the usual Kali tools in NetHunter as well as the ability to get a full VNC session from your phone to a graphical Kali chroot, however the strength of NetHunter does not end there.

We’ve incorporated some amazing features into the NetHunter OS which are both powerful and unique. From pre-programmed HID Keyboard (Teensy) attacks, to BadUSB Man In The Middle attacks, to one-click MANA Evil Access Point setups. And yes, NetHunter natively supports wireless 802.11 frame injection with a variety of supported USB NICs. NetHunter is still in its infancy and we are looking forward to seeing this project and community grow.


Supported Devices
The Kali NetHunter image is currently compatible with the following Nexus and OnePlus devices:
  • Nexus 4 (GSM) - “mako”
  • Nexus 5 (GSM/LTE) - “hammerhead”
  • Nexus 7 [2012] (Wi-Fi) - “nakasi”
  • Nexus 7 [2012] (Mobile) - “nakasig”
  • Nexus 7 [2013] (Wi-Fi) - “razor”
  • Nexus 7 [2013] (Mobile) - “razorg”
  • Nexus 10 (Tablet) - “mantaray”
  • OnePlus One 16 GB - “bacon”
  • OnePlus One 64 GB - “bacon”

Important Concepts
  • Kali NetHunter runs within a chroot environment on the Android device so, for example, if you start an SSH server via an Android application, your SSH connection would connect to Android and not Kali Linux. This applies to all network services.
  • When configuring payloads, the IP address field is the IP address of the system where you want the shell to return to. Depending on your scenario, you may want this address to be something other than the NetHunter.
  • Due to the fact that the Android device is rooted, Kali NetHunter has access to all hardware, allowing you to connect USB devices such as wireless NICs directly to Kali using an OTG cable.