Bing Dork Scanner - Tool to extract urls from a bing search

This is a simple script with GUI, to extract urls from a bing search.

Support only HTTP proxy.

Required Perl Modules:

• LWP
• Gtk2
• Glib
• uft8
• threads
• threads::shared
• URI::Escape

Download Bing Dork Scanner

Read More

Egresser - Tool to Enumerate Outbound Firewall Rules

Egresser is a tool to enumerate outbound firewall rules, designed for penetration testers to assess whether egress filtering is adequate from within a corporate network. Probing each TCP port in turn, the Egresser server will respond with the client’s source IP address and port, allowing the client to determine whether or not the outbound port is permitted (both on IPv4 and IPv6) and to assess whether NAT traversal is likely to be taking place.

How it Works

The server-side script works in combination with Iptables - redirecting all TCP traffic to port 8080 where the ‘real’ server resides. The server-side script is written in Perl and is a pre-forking server utilising Net::Server::Prefork, listening on both IPv4 and IPv6 if available. Any TCP connection results in a simple response containing a null terminated string made up of the connecting client’s IP and port. Feel free to use Telnet to interact with the service if you are in a restricted environment without access to the Egresser client (our Egresser server can be found at egresser.labs.cyberis.co.uk, which you are free to use for legitimate purposes).

The client is also written in Perl and is threaded for speed. By default it will scan TCP ports 1-1024, although this is configurable within the script. It is possible to force IPv4 with the ‘-4’ command line argument, or IPv6 with ‘-6’; by default it will choose the protocol preferred by your operating system. If you want to explicitly list all open/closed ports, specify the verbose flag (-v), as normal output is a concise summary of permitted ports only.

Why?

It is recommended that outbound firewall rules are restricted within corporate environments to ensure perimeter controls are not easily circumvented. For example, inadequate egress filtering within an organisation would allow a malicious user to trivially bypass a web proxy providing filtering/AV/logging simply by changing a browser’s connection settings. Many other examples also exist - many worms spread over SMB protocols, malware can use numerous channels to exfiltrate data, and potentially unauthorised software (e.g. torrent/P2P file sharing) can freely operate, wasting corporate resources and significantly increasing the likelihood of malicious code being introduced into the environment.

Generally, it is recommended that all outbound protocols should be restricted, allowing exceptions from specific hosts on a case-by-case basis. Web browsing should be conducted via dedicated web proxies only, with any attempted direct connections logged by the perimeter firewall and investigated as necessary.

Egresser is a simple to use tool to allow a penetration tester to quickly enumerate allowed ports within a corporate environment.

Download Egresser

Read More

Moscrack v2.08b - Multifarious On-demand Systems Cracker (cracking WPA keys in parallel on a group of computers)

Moscrack is a perl application designed to facilitate cracking WPA keys in parallel on a group of computers.

This is accomplished by use of either Mosix clustering software, SSH or RSH access to a number of nodes.

With Moscrack's new plugin framework, hash cracking has become possible. SHA256/512, DES, MD5 and *Blowfish Unix password hashes can all be processed with the Dehasher Moscrack plugin.

Some of Moscrack's features:

• Basic API allows remote monitoring
• Automatic and dynamic configuration of nodes
• Live CD/USB enables boot and forget dynamic node configuration
• Can be extended by use of plugins
• Uses aircrack-ng (including 1.2 Beta) by default
• CUDA/OpenCL support via Pyrit plugin
• CUDA support via aircrack-ng-cuda (untested)
• Does not require an agent/daemon on nodes
• Can crack/compare SHA256/512, DES, MD5 and blowfish hashes via Dehasher plugin
• Checkpoint and resume
• Easily supports a large number of nodes
• Desgined to run for long periods of time
• Doesn't exit on errors/failures when possible
• Supports mixed OS/protocol configurations
• Supports SSH, RSH, Mosix for node connectivity
• Effectively handles mixed fast and slow nodes or links
• Architecture independent
• Supports Mosix clustering software
• Supports all popular operating systems as processing nodes
• Node prioritization based on speed
• Nodes can be added/removed/modified while Moscrack is running
• Failed/bad node throttling
• Hung node detection
• Reprocessing of data on error
• Automatic performance analysis and tuning
• Intercepts INT and TERM signals for clean handling
• Very verbose, doesn't hide anything, logs agressively
• Includes a "top" like status viewer
• Includes CGI web status viewer
• Includes an optional basic X11 GUI

Compatibility

Moscrack itself should work with any Un*x variant, but it is developed and tested on Linux.

Tested platforms for SSH based end nodes:

• Moscrack Live CD (SUSE)
• Ubuntu Linux 12.10 x86 64bit
• Ubuntu Linux 12.04.2 x86 64bit
• Ubuntu Linux 10.10 x86 64bit
• Ubuntu Linux 10.10 x86 32bit
• CentOS Linux 5.5 x86 32bit
• FreeBSD 8.1 x86 64bit
• Windows Vista Business 64bit w/Cygwin 1.7.7-1
• Windows Vista Business 64bit w/Cygwin 1.7.9
• Mac OS X 10.5.6 (iPC OSx86)
• Solaris Express 11 x64
• iPhone 3g iOS 3.2.1 (Jailbroken)
• Samsung Galaxy S2 SGH-I727R (Cyanogenmod 10 + Linux chroot)

Tested platforms for RSH based end nodes:

• Ubuntu Linux 10.10 x86 64bit
• Windows Vista Business 64bit w/Cygwin 1.7.7-1
• Windows Vista Business 64bit w/Cygwin 1.7.9

Tested platforms for Mosix end nodes:

• Ubuntu Linux 10.10 x86 64bit
• Ubuntu Linux 10.10 x86 32bit

Tested platforms for Moscrack server:

• Ubuntu Linux 13.10 x86 64bit
• Ubuntu Linux 12.10 x86 64bit
• Ubuntu Linux 10.10 x86 64bit

Download Moscrack

Read More

Simple SQLi Dumper v5.1 - Tool to find bugs, errors or vulnerabilities in MySQL database

SSDp is an usefull penetration tool to find bugs, errors or vulnerabilities in MySQL database.

Functions

• SQL Injection
• Operation System Function
• Dump Database
• Extract Database Schema
• Search Columns Name
• Read File (read only)
• Create File (read only)
• Brute Table & Column

Download Simple SQLi Dumper v5.1

Read More

SNMPCheck - Enumerate the SNMP devices

 Like to snmpwalk, snmpcheck allows you to enumerate the SNMP devices and places the output in a very human readable friendly format. It could be useful for penetration testing or systems monitoring. Distributed under GPL license and based on "Athena-2k" script by jshaw.

Features

snmpcheck supports the following enumerations:

•  contact
• description
• detect write access (separate action by enumeration)
• devices
• domain
• hardware and storage informations
• hostname
• IIS statistics
• IP forwarding
• listening UDP ports
• location
• motd
• mountpoints
• network interfaces
• network services
• processes
• routing information
• software components
• system uptime
• TCP connections
• total memory
• uptime
• user accounts

Download SNMPCheck

Read More

[0verCheck] Script para comprobar si una dirección e-mail existe o no

Script para comprobar si una dirección de e-mail existe o es falsa. Admite listas de correo.

Mi idea es extraer el dominio a partir del correo  y comprobar a través de los DNS cual es el servidor SMTP (mirando los registros MX). Una vez que sabemos el servidor SMTP procedemos a lanzar unos sockets para conectarnos a él y proceder a intentar mandarle un e-mail a la cuenta que queremos comprobar si es válida. Mirando los códigos de respuesta, vemos que si el correo es válido nos devolverá un 250, y si no (en teoría) nos devuelve un 550.

Descargar 0verCheck

Read More

[Gojira] Herramienta para facilitar las auditorías en entornos WordPress

Gojira es una herramienta para facilitar las auditorías en entornos WordPress. Está en pañales todavía ;). Por ahora:

• -Permite crear un diccionario con los plugins más populares.
• -Enumera plugins instalados a partir del diccionario.
• -Extrae los usuarios registrados.
• -Deduce la versión del WordPress a través de Readme.html, links del HTML y el meta generator.
• -Comprueba el archivo robots.txt y comprueba cada ruta.

Download Gojira

Read More

[Dumb0] A simple tool to dump users in popular forums and CMS

A simple tool to dump users forums popular forums and CMS like:

• WordPress
• SMF
• vBulletin
• IP Board
• XEN forums
• myBB
• useBB
• vanilla
• bbPress
• etc...

Download Dumb0

Read More

[FGscanner] Find hidden contents using dictionary-like attack

FGscanner is a completely rewritten version of littlescanner script.

FGscanner is an opensource advanced web directory scanner to find hidden contents on a web server using dictionary-like attack with proxy and tor support.

Quick reference for switches

Usage: ./fgscan.pl --host=hostname [--proxy=filepath] [--sec=n] [--dump] [--dirlist=filepath] [--wordlist=filepath] [--tor] [--tordns] [--debug] [--help]

--debug    : Print debug information
--dirs     : Specify the directory list file
--pages    : Specify the wordlist file
--uarnd    : Enable User Agent randomization
--host     : Specify hostname to scan (without http:// or https://)
--proxy    : Specify a proxy list
--sec    : Seconds between requests. Value 999 will randomize delay between requests from 1 to 30 seconds
--dump     : Save found pages on disk
--tor      : Use TOR as proxy for each request
--tordns   : Use TOR to resolve hostname. Without this options DNS queries will be directed to default DNS server outside TOR network
--help     : Show this help

Download FGscanner

Read More

[ExifTool] Read, Writing Meta Information Tools

ExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files.ExifTool supports many different metadata formats including EXIF, GPS, IPTC, XMP, JFIF, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP and ID3, as well as the maker notes of many digital cameras by Canon, Casio, FLIR, FujiFilm, GE, HP, JVC/Victor, Kodak, Leaf, Minolta/Konica-Minolta, Nikon, Olympus/Epson, Panasonic/Leica, Pentax/Asahi, Phase One, Reconyx, Ricoh, Samsung, Sanyo, Sigma/Foveon and Sony.

Features

•     Powerful, fast, flexible and customizable
•     Supports a large number of different file formats
•     Reads EXIF, GPS, IPTC, XMP, JFIF, MakerNotes, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP, ID3 and more...
•     Writes EXIF, GPS, IPTC, XMP, JFIF, MakerNotes, ICC Profile, Photoshop IRB, AFCP and more...
•     Reads and writes maker notes of many digital cameras
•     Decodes a riddle wrapped in a mystery inside an enigma
•     Numerous output formatting options (including tab-delimited, HTML, XML and JSON)
•     Multi-lingual output (cs, de, en, en-ca, en-gb, es, fi, fr, it, ja, ko, nl, pl, ru, sv, tr, zh-cn or zh-tw)
•     Geotags images from GPS track log files (with time drift correction!)
•     Generates track logs from geotagged images
•     Shifts date/time values to fix timestamps in images
•     Renames files and organizes in directories (by date or by any other meta information)
•     Extracts thumbnail images, preview images, and large JPEG images from RAW files
•     Copies meta information between files (even different-format files)
•     Reads/writes structured XMP information
•     Deletes meta information individually, in groups, or altogether
•     Sets the file modification date (and creation date in Windows) from EXIF information
•     Supports alternate language tags in XMP, PNG, ID3, Font, QuickTime, ICC Profile, MIE and MXF information
•     Processes entire directory trees
•     Creates text output file for each image file
•     Creates binary-format metadata-only (MIE) files for metadata backup
•     Automatically backs up original image when writing
•     Organizes output into groups
•     Conditionally processes files based on value of any meta information
•     Ability to add custom user-defined tags
•     Support for MWG (Metadata Working Group) recommendations
•     Recognizes thousands of different tags
•     Tested with images from thousands of different camera models
•     Advanced verbose and HTML-based hex dump outputs

Download ExifTool

Read More

[Proxyp] Multithreaded Proxy Enumeration Utility

Proxyp is a small multithreaded Perl script written to enumerate latency, port numbers, server names, & geolocations of proxy IP addresses. 

This script started as a way to speed up use of proxychains, which is why I've added an append option for resulting live IP addresses to be placed at the end of a file if need be.

Requires IP::Country module and root/administrator privileges.

Download Proxyp

Read More

[DAVOSET] Tool for conducting DDoS attacks

DAVOSET – it is console (command line) tool for conducting DDoS attacks on the sites via Abuse of Functionality vulnerabilities at other sites.

Changelog v1.1.5

• Added error handler in GetCookie().
• Added new services into lists of zombies.
• Removed non-working services from lists of zombies.

Usage
1. Start the program: davoset.pl
2. Enter URL of the site to attack: Site: http://site
3. Get the site attacked via your list of zombie-servers.
Or from command line:

perl davoset.pl u=http://site
perl davoset.pl u=http://site l=list.txt m=1 c=100

Download DAVOSET v1.1.5

Read More

[Beast-Check] SSL/TLS BEAST Vulnerability Check

A small perl script that checks a target server whether it is prone to BEAST vulnerability via target preferred cipher. It assumes no workaround (i.e. EMPTY FRAGMENT) applied in target server. Some sources said this workaround was disabled by default for compatibility reasons. This may be the reason why RC4 ciphersuite was widely chosen as highest preferred ciphersuite for the primary workaround.

$ ./beast.pl

===============================================

SSL/TLS BEAST Vulnerability Check
 by YGN Ethical Hacker Group, http://yehg.net/

===============================================

Usage: beast.pl host [port]

port = 443 by default {optional}

$ ./beast.pl www.hotmail.com

===============================================

SSL/TLS BEAST Vulnerability Check
 by YGN Ethical Hacker Group, http://yehg.net/

===============================================

Target: www.hotmail.com:443

## The target is PRONE to BEAST attack. ##

Protocol: TLS v1
Server Preferred Cipher: AES128-SHA
Vulnerable: YES

$ ./beast.pl www.google.com

===============================================

SSL/TLS BEAST Vulnerability Check
 by YGN Ethical Hacker Group, http://yehg.net/

===============================================

Target: www.google.com:443

## The target is NOT vulnerable to BEAST attack. ##

Protocol: TLS v1
Server Preferred Cipher: ECDHE-RSA-RC4-SHA
Vulnerable: NO

Download Beast-Check

Read More

[IP-reputation-snort-rule-generator] A tool to generate Snort rules based on public IP reputation data

A tool to generate Snort rules or Cisco IDS signatures based on public IP/domain reputation data.

Usage

./tepig.pl [ [--file=LOCAL_FILE] | [--url=URL] ] [--csv=FIELD_NUM] [--sid=INITIAL_SID] [--ids=[snort|cisco]] | --help

LOCAL_FILE is a file stored locally that contains a list of malicious domains, IP addresses and/or URLs. If omitted then it is assumed that a URL is provided. URL is a URL that contains a list of malicious domains, IP addresses or URLs. The default is https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist. FIELD_NUM is the field number (indexing from 0) that contains the information of interest. If omitted then the file is treated as a simple list. INITIAL_SID is the SID that will be applied to the first rule. Every subsequent rule will increment the SID value. The default is 9000000.

Examples

Malicious IP address

./tepig.pl --url=https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist
https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist is a plain text file containing a list of known bad IP addresses. At the time of writing, the first entry is 108.161.130.191. The first rule output would be:
alert ip any any <> 108.161.130.191 any (msg:"Traffic to known bad IP (108.161.130.191)"; reference:"url,https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist"; sid:9000000; rev:0;)
This rule looks for any traffic going to or coming from the bad IP address.

Malicious Domain

./tepig.pl --url=http://doc.emergingthreats.net/pub/Main/RussianBusinessNetwork/Storm_2_domain_objects_3-11-2011.txt
http://doc.emergingthreats.net/pub/Main/RussianBusinessNetwork/Storm_2_domain_objects_3-11-2011.txt is a plain text file containing a list of known bad domain names. At the time of writing the first entry is *.bethira.com. The first rule output would be:
alert udp any any -> any 53 (msg:"Suspicious DNS lookup for *.bethira.com"; reference:"url,http://doc.emergingthreats.net/pub/Main/RussianBusinessNetwork/Storm_2_domain_objects_3-11-2011.txt"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth: 10; offset: 2; content:"|07|bethira|03|com"; nocase; distance:0; sid:9000000; rev:0;)
This rule looks for any DNS lookup for the bad domain.

Download IP-reputation-snort-rule-generato

Read More

[autosploit] Scripts that combine Nmap and Metasploit

Scripts that will combine Metasploit and Nmap without using Lua.

Download autosploit

Read More

[Web-Sorrow v1.5] Versatile security scanner for the information disclosure and fingerprinting phases of pentesting

Web-Sorrow is a perl based tool for misconfiguration, version detection, enumeration, and server information scanning. It's entirely focused on Enumeration and collecting Info on the target server. Web-Sorrow is a "safe to run" program, meaning it is not designed to be an exploit or perform any harmful attacks.

Web Services: a CMS and it's version number, Social media widgets and buttons, Hosting provider, CMS plugins, and favicon fingerprints

Authentication areas: logins, admin logins, email webapps

Bruteforce: Subdomains, Files and Directories

Stealth: with -ninja you can gather valuable info on the target with as few as 6 requests, with -shadow you can request pages via google cache instead of from the host

AND MORE: Sensitive files, default files, source disclosure, directory indexing, banner grabbing (see below for full capabilities)

Download Web-Sorrow v1.5

Read More

[pweb-suite] Perl based web application penetration testing tools

Written completely in Perl, this suite of tools covers a lot of the basics for penetration testing and vulnerability detection automation. This Suite (formerly known as the "pCrack Suite") of tools is used primarily or web application vulnerability testing.

xssPlay in Action! (YouTube)

Download pweb-suite

Read More

[SQLi Dorking] script en perl para búsqueda de SQLi

sqliDorking.pl es un script en Perl de Crozz Cyborg que busca páginas vulnerables a inyecciones SQL usando dorks de Google o Bing. También acepta lista de dominios.

Uso: sqliDorking.pl [-d/-bd ] -p [-l Links.txt]  [-f Logs.txt]

Opciones:
  -gd : Google Dork
  -bd : Bing Dork
  -l : Archivo con links para analizar
  -p : Numero de paginas para buscar
  -f : Archivo donde se guardaran los logs

Ejemplos de uso:
sqliDorking.pl -gd inurl:product.php?id= -p 3 -f VulneSQL.txt
sqliDorking.pl -l links.txt -f VulneSQL.txt
sqliDorking.pl -bd inurl:product.php?id= -p 3
sqliDorking.pl -l links.txt

Descargar SQLi Dorking

Read More

[360-FAAR v0.4.1] Firewall Analysis Audit And Repair

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file!

Changes: This release adds the 'mergelog' mode to merge binary log entries from one config with another and significantly updates the user interface. All configs can be loaded from the 'load' menu instead of specifying them on the command line. Added 'verbose' switches to 'print' and 'rr' modes so that screen output can be switched off, and all 'end.' key words have been changed to simply '.' to reduce the number of keystrokes needed. Entering '0' now adds all options and '.' chooses the default if available. The Netscreen output stage now uses a default zone if none are specified.

Read Policy and Logs for:

Checkpoint FW1 (in odumper.csv / logexport format),

Netscreen ScreenOS (in get config / syslog format),

Cisco ASA (show run / syslog format),

360-FAAR uses both inclusive and exclusive CIDR and text filters, permitting you to split large policies into smaller ones for virutalisation at the same time as removing unused connectivity.

360-FAAR supports, policy to log association, object translation, rulebase reordering and simplification, rule moves and duplicate matching automatically. Allowing you to seamlessly move rules to where you need them.

Download 360-FAAR Firewall Analysis Audit And Repair 0.4.1

Read More

[360-FAAR] Firewall Analysis Audit And Repair 0.3.6

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file!

Read Policy and Logs for:

Checkpoint FW1 (in odumper.csv / logexport format),
Netscreen ScreenOS (in get config / syslog format),
Cisco ASA (show run / syslog format),

360-FAAR uses both inclusive and exclusive CIDR and text filters, permitting you to split large policies into smaller ones for virutalisation at the same time as removing unused connectivity.

360-FAAR supports, policy to log association, object translation, rulebase reordering and simplification, rule moves and duplicate matching automatically. Allowing you to seamlessly move rules to where you need them.

TRY: 'print' mode. One command, and spreadsheet for your audit needs!

Features

• WRITTEN IN SIMPLE Perl - NEEDS ONLY STANDARD MODULES - IS ONE FILE
• .
• Easy to Edit Menu Driven Text Interface
• Capable of manipulating tens of thousands of rules, objects and groups
• Handles infinitely deep groups
• Capable of CIDR filtering connectivity in/out of policy rulebases.
• Capable of merging rulebases.
• Identifies existing connectivity in rulebases and policies
• Automatically performs cleanup if a log file is provided.
• Keeps DR connecitvity via any text or IP tag
• Encryption rules can be added during policy moves to remove the "merge from" rules for traffic that would be encrypted by the time it reached the firewall on which the "merge to" policy is to be installed - sounds complicated but its not in practice - apropriate ike and esp rules should be added manually
• Runs consistency checks on its own objects and rule definitions
• Extendable via a simple elsif in the user interaction loop section.
• .
• EASY TO EXECUTE:
• ./360-faar.pl <FW CONFIG TYPE> <log> <config> <nats> <FW CONFIG TYPE> <log> <config> <nats> <FW CONFIG TYPE> <log> <config> <nats>
• .
• CONFIG TYPES: - cisco soon!
• od = logexported logs, object dumper format config, fwdoc format nat rules csv
• ns = syslog format logs, screenos6 format config, nats are included in policy but not processed fuly yet, fwdoc format nats can be used though
• cs = cisco asa syslog file, cisco ASA format config, - not ready yet
• .
• OUTPUT TYPES:
• od = output an odumper/ofiller format config to file, and print the dbedit for the rulebase creation to screen
• ns = outputs netscreen screenos6 objects and policies (requires a netscreen config or zone info)
• cs = cisco asa format config - not ready yet
• .
• By default 360-FAAR accepts exactly 3 configs on the command line.
• Make an empty file called "fake" and and use this as the file name, for log config and nats if you want to process less than 3 configs at once.
• Log file headders in fw1 logexported logs are found automatically so many files can be cated together
• .
• FUTHER PROCESSING AND MANUAL EDITING:
• Output odumper/ofiller format files and make them more readable (watchout for spaces in names) using the numberrules helper script
• Edit these csv's in Openoffice or Excell using any of the object or group definitions from the three loaded configs.
• You can then use this file as a template to translate to many different firewalls using the 'bldobjs' mode

DOWNLOAD 360-FAAR Firewall Analysis Audit And Repair 0.3.6

Screens

Read More