[ODA] Online Web Based Disassembler

ODA stands for Online DisAssembler. ODA is a general purpose machine code disassembler that supports a myriad of machine architectures. Built on the shoulders of libbfd and libopcodes (part of binutils), ODA allows you to explore an executable by dissecting its sections, strings, symbols, raw hex, and machine level instructions.

ODA is an online Web Based Disassembler for when you don’t have time or space for a thick client.

You can use it for a variety of purposes such as:

• Malware analysis
• Vulnerability research
• Visualizing the control flow of a group of instructions
• Disassembling a few bytes of an exception handler that is going off into the weeds
• Reversing the first few bytes of a Master Boot Record (MBR) that may be corrupt
• Debugging an embedded systems device driver

Online DisAssembler

Read More

[Comodo Instant Malware Analysis] Online Automated Analysis System

If you have a suspicious file, please submit it online by using the form below. Once the file is submitted, COMODO Automated Analysis System will scan it and report back its findings.

Comodo Instant Malware Analysis

Read More

[BTS PenTesting Lab] A vulnerable web application to learn common vulnerabilities

The most common question from students who is learning website hacking techniques is "how to test my skills legally without getting into troubles?".  So, i always suggest them to use some vulnerable web application such as DVWA. 

However, i felt dvwa is not suitable for new and advanced techniques.  Mutillidae is one of the best web application vulnerable app to date. However, I missed some techniques/features in Mutillidae.  so i thought it is better develop our own app to teach the web application pentesting for my readers and students. 

BTS PenTesting Lab is a vulnerable web application that allows you to learn from basic to advanced  vulnerability techniques. 

Currently, the app contains following vulnerability types:

• SQL Injection
• Cross Site scripting(XSS)
• Cross Site request Forgery(CSRF)
• Clickjacking
• Server Side Request Forgery(SSRF))
• File Inclusion(RFI and LFI)
• Command Execution

Download BTS PenTesting Lab

Read More

[Anubis] Online Analyzing Unknown Binaries

Anubis is a service for analyzing malware.

Submit your Windows executable or Android APK and receive an analysis report telling you what it does. Alternatively, submit a suspicious URL and receive a report that shows you all the activities of the Internet Explorer process when visiting this URL. 

Anubis

Read More

[VirusTotal] Online Malware Analysis Tool

VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners.

VirusTotal’s mission is to help in improving the antivirus and security industry and make the internet a safer place through the development of free tools and services.

VirusTotal

Read More

[SQL injection test environment] A collection of web pages vulnerable to SQL injection flaws

A collection of web pages vulnerable to SQL injection flaws and more:

• conf/ - operating system configuration files used by deployment.sh.
• dbs/ - standalone databases for some database management systems (e.g. Microsoft Access).
• libs/ - web API libraries to connect to the database management system, perform the provided statement and return its output.
• schema/ - SQL used to create the test database, a test table and populate it with test entries.
• Other directories - vulnerable pages for each database management system.
• deployment.sh - A bash script to deploy from scratch a fully-fledged Linux (Debian or Ubuntu) machine with all the relevant database management systems installed and configured, ready to be targeted.

SQL injection test environment

Read More

[aidSQL] PHP Application For SQL Injection Detection & Exploitation

aidSQL a PHP application provided for detecting security holes in your website/s. It’s a modular application, meaning that you can develop your very own plugins for SQL injection detection & exploitation.

The tool provides pen-testing capabilities for MS-SQL 2000, MySQL 5 and the author promises to add Oracle 10g support – but that doesn’t seem to be happening.

You can view a demo of the app here:

The output from Wavsep for aidSQL can also be seen here:
aidSQL vs Wavsep
Read more here.

Download aidSQL

Read More

[Retire.js] Command line Scanner and Chrome plugin

Retire.js is a command line scanner that helps you identify dependencies with known vulnerabilites in your application. Using the provided Grunt plugin you can easily include Retire.js into your build process. Retire.js also provides a chrome extension allowing you to detect libraries while surfing your website.

To detect a given version of a given component, Retire.js uses filename or URL. If that fails, it will download/open the file and look for specific comments within the file. If that also fails, there is the possibility to use hashes for minified files. And if that fails as well, the Chrome plugin will run code in a sandbox to try to detect the component and version. This last detection mechanims is not available in the command line scanner, as running arbitrary JavaScript-files in the node-process could have unwanted consequences. If anybody knows of a good way to sandbox the code on node, feel free to register and issue or contribute.

It's important to note that even though your site is using a vulnerable library, that does not necessarily mean your site is vulnerable. It depends on whether and how your site exercises the vulnerable code. That said, it's better to be safe than sorry.

Download Retire.js

Read More

[Laudanum] Collection of injectable files

Laudanum is a collection of injectable files, designed to be used in a pentest when SQL injection flaws are found and are in multiple languages for different environments.They provide functionality such as shell, DNS query, LDAP retrieval and others.

Download Laudanum

Read More

[Mellivora] Basic database driven CTF engine

Mellivora is a basic database driven CTF engine written in PHP.

Requirements

• LAMP: PHP 5.3+, MySQL 5.5+, Apache 2.2+. May work with other configurations but this is untested.

Installation

• Download to any directory, say: "/var/www/mellivora/".
• Create an Apache VHost and point DocumentRoot to "htdocs/". An example Apache config can be found in the "install/" directory.
• Create a database and import the structure from "install/db.sql".
• Edit "config.inc.php" and "db.inc.php" in "config/".
• Make the "writable/" directory and subdirectories writable by Apache.

Download Mellivora

Read More

[ByteScanner] Check your file that dangerous or not

This website is web service for checking file that you're uploaded is the malicious file or not. It's similar Virustotal.com, try it by yourself.

ByteScanner

Read More

[OWASP Broken Web Applications Project VM v1.1] Collection of vulnerable web applications

The Broken Web Applications (BWA) Project is a collection of vulnerable web applications that is distributed on a Virtual Machine.

The Broken Web Applications (BWA) Project produces a Virtual Machine running a variety of applications with known vulnerabilities for those interested in:

• Learning about web application security
• Testing manual assessment techniques
• Testing automated tools
• Testing source code analysis tools
• Observing web attacks
• Testing WAFs and similar code technologies
• All the while saving people interested in doing either learning or testing the pain of having to compile, configure, and catalog all of the things normally involved in doing this process from scratch.

Changelog v1.1 (2013-07-30)

• Updated Mutillidae, Cyclone, and WAVSEP.
• Updated OWASP Bricks and configured it to pull from SVN.
• Fixed ModSecurity CRS blocking and rebuilt ModSecurity to include LUA support.
• Increased VM’s RAM allocation to 1Gb.
• Set Tomcat to run as root (to allow some traversal issues tested by WAVSEP).
• Updated landing page for OWASP 1-Liner to reflect that the application is not fully functional.

More Information: here

Download OWASP Broken Web Applications Project VM v1.1

Read More

[SpiderFoot v2.0.4] Footprinting tool

SpiderFoot is a free, open-source footprinting tool, enabling you to perform various scans against a given domain name in order to obtain information such as sub-domains, e-mail addresses, owned netblocks, web server versions and so on. The main objective of SpiderFoot is to automate the footprinting process to the greatest extent possible, freeing up a penetration tester’s time to focus their efforts on the security testing itself.

Main features

• Fast, Easy to Use
• Highly Configurable
• For Windows & Linux
• Create your own modules in Python

Changelog v2.04

• New module: Search all Internet TLDs for targets with the same name (sfp_searchtld), with threading and handling wildcard DNS
• New module: Obtain SSL certificate information (issued to, issued by) and check for host-mismatch, expiry and approaching expiry
• Improve sfp_dns to identify and handle cases where wildcard DNS is enabled
• A number of bug fixes, should improve the amount of results returned

Full Changelog: here

More Information:http://www.spiderfoot.net/

Download SpiderFoot v2.0.4

Read More

[CookieCatcher] Session Hijacking Tool

CookieCatcher is an open source application which was created to assist in the exploitation of XSS (Cross Site Scripting) vulnerabilities within web applications to steal user session IDs (aka Session Hijacking). The use of this application is purely educational and should not be used without proper permission from the target application.

Features:
- Prebuilt payloads to steal cookie data
- Just copy and paste payload into a XSS vulnerability
- Will send email notification when new cookies are stolen
- Will attempt to refresh cookies every 3 minutes to avoid inactivity timeouts
- Provides full HTTP requests to hijack sessions through a proxy (BuRP, etc)
- Will attempt to load a preview when viewing the cookie data
- PAYLOADS
- Basic AJAX Attack
- HTTPONLY evasion for Apache CVE-20120053
- More to come

Video Demo: http://www.youtube.com/watch?v=2GH6RRozOpY

Download CookieCatcher

Read More

[MISP v2.1] Malware Information Sharing Platform

The problem that we experienced in the past was the difficulty to exchange information about (targeted) malwares and attacks within a group of trusted partners, or a bilateral agreement. Even today much of the information exchange happens in unstructured reports where you have to copy-paste the information in your own text-files that you then have to parse to export to (N)IDS and systems like log-searches, etc…

A huge challenge in the Cyber Security domain is the information sharing inside and between organizations. This platform has as goal to facilitate:

• central IOC database: storing technical and non-technical information about malwares and attacks, … Data from external instances is also imported into your local instance
• correlation: automatically creating relations between malwares, events and attributes
• storing data in a structured format (allowing automated use of the database for various purposes)
• export: generating IDS, OpenIOC, plain text, xml output to integrate with other systems (network IDS, host IDS, custom tools, …)
• import: batch-import, import from OpenIOC, GFI sandbox, ThreatConnect CSV, …
• data-sharing: automatically exchange and synchronization with other parties and trust-groups

Exchanging info results in faster detection of targeted attacks and improves the detection ratio while reducing the false positives. We also avoid reversing similar malware as we know very fast that others already worked on this malware.

Download MISP v2.1

Read More

[WATOBO 0.9.13] THE Web Application Toolbox

WATOBO is intended to enable security professionals to perform highly efficient (semi-automated) web application security audits. WATOBO works like a local proxy, similar to Webscarab, Paros or BurpSuite. Additionally, WATOBO supports passive and active checks. Passive checks are more like filter functions. They are used to collect useful information, e.g. email or IP addresses. Passive checks will be performed during normal browsing activities. No additional requests are sent to the (web) application.

New Features:

* WATOBO has Session Management capabilities! You can define login scripts as well as logout signatures.

* WATOB can act as a transparent proxy (requires nfqueue)

* WATOBO can perform vulnerability checks out of the box

* WATOBO can perform checks on functions which are protected by Anti-CSRF-/One-Time-Tokens 

* WATOBO supports Inline De-/Encoding.

* WATOBO has smart filter functions, so you can find and navigate to the most interesting parts of the application easily. 

* WATOBO is written in (FX)Ruby and enables you to easily define your own checks

* WATOBO runs on Windows, Linux, MacOS ... every OS supporting (FX)Ruby 

* WATOBO is free software ( licensed under the GNU General Public License Version 2)  

Download WATOBO 0.9.13

Read More

[RIPS] A static source code analyser for vulnerabilities in PHP scripts

RIPS is a tool written in PHP to find vulnerabilities in PHP applications using static code analysis. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by userinput (influenced by a malicious user) during the program flow. Besides the structured output of found vulnerabilities RIPS also offers an integrated code audit framework for further manual analysis.

     vulnerabilities

• Code Execution
• Command Execution
• Cross-Site Scripting
• Header Injection
• File Disclosure
• File Inclusion
• File Manipulation
• LDAP Injection
• SQL Injection
• Unserialize with POP
• XPath Injection
• ... other

code audit interface

• scan and vulnerability statistics
• grouped vulnerable code lines (bottom up or top down)
• vulnerability description with example code, PoC, patch
• exploit creator
• file list and graph (connected by includes)
• function list and graph (connected by calls)
• userinput list (application parameters)
• source code viewer with highlighting
• active jumping between function calls
• search through code by regular expression
• 8 syntax highlighting designs
• ... much more

static code analysis

• fast
• tokenizing with PHP tokenizer extension
• taint analysis for 232 sensitive sinks
• inter- and intraprocedural analysis
• handles very PHP-specific behaviour
• handles user-defined securing
• reconstruct file inclusions
• detect blind/non-blind exploitation
• detect backdoors
• 5 verbosity levels
• over 100 testcases
• ... much more

Download RIPS

Read More

[WebVulScan] Web Application Vulnerability Scanner

WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the status of the scan, the number of URLs found on the web application, the number of vulnerabilities found and details of the vulnerabilities found.

After a scan is complete, a detailed PDF report is emailed to the user. The report includes descriptions of the vulnerabilities found, recommendations and details of where and how each vulnerability was exploited. 

The vulnerabilities tested by WebVulScan are:

• Reflected Cross-Site Scripting
• Stored Cross-Site Scripting
• Standard SQL Injection
• Broken Authentication using SQL Injection
• Autocomplete Enabled on Password Fields
• Potentially Insecure Direct Object References
• Directory Listing Enabled
• HTTP Banner Disclosure
• SSL Certificate not Trusted
• Unvalidated Redirects

Features:

• Crawler: Crawls a website to identify and display all URLs belonging to the website.
• Scanner: Crawls a website and scans all URLs found for vulnerabilities.
• Scan History: Allows a user to view or download PDF reports of previous scans that they performed.
• Register: Allows a user to register with the web application.
• Login: Allows a user to login to the web application.
• Options: Allows a user to select which vulnerabilities they wish to test for (all are enabled by default).
• PDF Generation: Dynamically generates a detailed PDF report.
• Report Delivery: The PDF report is emailed to the user as an attachment.

Download WebVulScan

Read More

[OWASP Bricks] Modular Deliberately Vulnerable Web Application

•  Bricks is a deliberately vulnerable web application built on PHP and MySQL.
• The project focuses on variations of commonly seen application security vulnerabilities and exploits.
• Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP).
• The mission is to 'break the bricks' and thus learn the various aspects of web application security.

 Bricks

Challenge	Page	URL	Documentations
1	Log in page #1	bricks/login-1/	Text, Video
2	File upload page #1	bricks/upload-1/	Text, Video
3	Content page #1	bricks/content-1/	Text, Video
4	Log in page #2	bricks/login-2/	Text, Video
5	Content page #2	bricks/content-2/	Open for public to break.

Road map

1. Demonstrate maximum variations of most common vulnerabilities
2. Help people to learn the need of secure codding practices and SSDLC
3. Attract people to design more bricks
4. Become a test bed for analyzing the performance of web application security scanners.
5. Help people learn the manual method of testing the applications
6. Demonstrate the possibilities of various security tools and techniques
7. Become a platform to teach web application security in a class room/lab environment. 

Download OWASP Bricks

Read More

[ExploitSearch.net] Exploit / Vulnerability Search Engine

Exploitsearch.net, is an attempt at cross referencing/correlating exploits and vulnerability data from various sources and making the resulting database available to everyone. 

Unlike other exploit search engines which are simply custom google searches, this site actually crawls the source databases/websites and parses the contained data. Once the data is collected and parsed, it is inserted into the www.exploitsearch.net database and becomes available for searching. 

ExploitSearch.net

Read More