SAMHAIN v3.1.2 - File Integrity Checker / Host-Based Intrusion Detection System

August 12, 2014, 5:31 pm

≫ Next: Suricata IDPE 2.0.3 - Open Source Next Generation Intrusion Detection and Prevention Engine

≪ Previous: SimpleProgramDebugger - Simple program debugger that shows all debug events

The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.

Samhain been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host.

Samhain is an open-source multiplatform application for POSIX systems (Unix, Linux, Cygwin/Windows).

Features

» Centralized monitoring

The client/server architecture allows central logging, central storage of baseline databases and client configurations, and central updates of baseline databases.

» Web-based management console

The web-based Beltane console, available as separate package, allows to monitor server and client activity, view client reports, and update the baseline databases.

» Flexible logging

Samhain supports multiple logging facilities, each of which can be configured individually.

» Tamper resistance

Samhain offers PGP-signed database and configuration files, a stealth mode, and several more features to protect its integrity.

Download SAMHAIN v3.1.2

↧

Suricata IDPE 2.0.3 - Open Source Next Generation Intrusion Detection and Prevention Engine

August 12, 2014, 5:57 pm

≫ Next: ParanoiDF - PDF Analysis Suite: Password cracking, redaction recovery, DRM removal, malicious JavaScript extraction, and more

≪ Previous: SAMHAIN v3.1.2 - File Integrity Checker / Host-Based Intrusion Detection System

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field.

OISF is part of and funded by the Department of Homeland Security's Directorate for Science and Technology HOST program (Homeland Open Security Technology), by the the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as through the very generous support of the members of the OISF Consortium. More information about the Consortium is available, as well as a list of our current Consortium Members.

The Suricata Engine and the HTP Library are available to use under the GPLv2.

The HTP Library is an HTTP normalizer and parser written by Ivan Ristic of Mod Security fame for the OISF. This integrates and provides very advanced processing of HTTP streams for Suricata. The HTP library is required by the engine, but may also be used independently in a range of applications and tools.

Download Suricata IDPE 2.0.3

↧

ParanoiDF - PDF Analysis Suite: Password cracking, redaction recovery, DRM removal, malicious JavaScript extraction, and more

August 13, 2014, 5:47 pm

≫ Next: Netsparker v3.5.5 - Web Application Security Scanner

≪ Previous: Suricata IDPE 2.0.3 - Open Source Next Generation Intrusion Detection and Prevention Engine

The swiss army knife of PDF Analysis Tools. Based on peepdf - http://peepdf.eternal-todo.com.

Features

Interactive Console: Type "help" to get a list of commands. Type "help [command]" to get a description/usage on specific command.

crackpw This executes Nacho Barrientos Arias's PDFCrack tool by performing an OS call. The command allows the user to input a custom dictionary, perform a benchmark or continue from a saved state file. If no custom dictionary is input, this command will attempt to brute force a password using a modifiable charset text file in directory "ParanoiDF/pdfcrack". (http://pdfcrack.sourceforge.net/)
decrypt This uses an OS call to Jay Berkenbilt's "QPDF" which decrypts the PDF document and outputs the decrypted file. This requires the user-password. (http://qpdf.sourceforge.net/)
encrypt Encrypts an input PDF document with any password you specify. Uses 128-bit RC4 encryption.
embedf Create a blank PDF document with an embedded file. This is for research purposes to show how files can be embedded in PDFs. This command imports Didier Stevens Make-pdf-embedded.py script as a module. (http://blog.didierstevens.com/programs/pdf-tools/)
embedjs Similiar to "embedf", but embeds custom JavaScript file inside a new blank PDF document. If no custom JavaScript file is input, a default app.alert messagebox is embedded (http://blog.didierstevens.com/programs/pdf-tools/)
extractJS This attempts to extract any embedded JavaScript in a PDF document. It does this by importing Blake Hartstein's Jsunpackn's "pdf.py" JavaScript tool as a module, then executing it on the file. (https://code.google.com/p/jsunpack-n/)
redact Generate a list of words that will fit inside a redaction box in a PDF document. The words (with a custom sentence) can then be parsed in a grammar parser and a custom amount can be displayed depending on their score. This command requires a tutorial to use. Please read "redactTutorial.pdf" in directory "ParanoiDF/docs".
removeDRM Remove DRM (editing, copying etc.) restrictions from PDF document and output to a new file. This does not need the owner-password and there is a possibility the document will lose some formatting. This command works by calling Kovid Goyal's Calibre's "ebook-convert" tool. (http://calibre-ebook.com/)

Download ParanoiDF

↧

Netsparker v3.5.5 - Web Application Security Scanner

August 13, 2014, 5:56 pm

≫ Next: Tor Browser 3.6.4 and 4.0-alpha-1 are released

≪ Previous: ParanoiDF - PDF Analysis Suite: Password cracking, redaction recovery, DRM removal, malicious JavaScript extraction, and more

Netsparker Web Application Security Scanner can find and report web application vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) and security issues on all web applications and websites regardless of the platform and the technology they are built on.

Netsparker is very easy to use and its unique detection and safe exploitation techniques allow it to be dead accurate in reporting hence it is the first and only False Positive Free web vulnerability scanner, therefore users can focus on remediating reported vulnerabilities and security issues without wasting time on learning how to use the web vulnerability scanner or verify its findings.

NEW FEATURES
* New option available to specify the type of parameter when configuring URL rewrite rules, e.g. numeric, date, alphanumeric

IMPROVEMENTS
* Improved the performance of the DOM Parser
* Improved the performance of the DOM cross-site scripting scanner
* Optimized DOM XSS Scanner to avoid scanning pages with same source code
* Changed the default HTTP User agent string of built-in policies to Chrome web browser User agent string
* Improved selected element simulation for select HTML elements
* Added new patterns for Open Redirect engine

FIXES
* Fixed a bug in WSDL parser which prevents web service detection if XML comments are present before the definitions tag
* Fixed a bug in WSDL parser which prevents web service detection if an external schema request gets a 404 not found response
* Fixed a bug that occurs when custom URL rewrite rules do not match the URL with injected attack pattern and request is not performed
* Fixed a configure form authentication wizard problem where the web browser does not load the page if the target site uses client certificates
* Fixed a crash in configure form authentication wizard that occurs when HTML source code contains an object element with data: URL scheme is requested
* Fixed a bug in DOM Parser where events are not simulated for elements inside frames
* Fixed a cookie parsing bug where a malformed cookie was causing an empty HTTP response

Download Netsparker v3.5.5

↧

Tor Browser 3.6.4 and 4.0-alpha-1 are released

August 13, 2014, 6:03 pm

≫ Next: FBCacheView v1.03 - View Facebook images stored in the cache of your Web browser

≪ Previous: Netsparker v3.5.5 - Web Application Security Scanner

The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.

The Tor Browser lets you use Tor on Windows, Mac OS X, or Linux without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained.

Here is the complete changelog for 3.6.4:

Tor Browser 3.6.4 -- All Platforms

Update Tor to 0.2.4.23
Update Tor launcher to 0.2.5.6
Update OpenSSL to 1.0.1i
Backported Tor Patches:

Bug 11654: Properly apply the fix for malformed bug11156 log message
Bug 11200: Fix a hang during bootstrap introduced in the initial
bug11200 patch.

Update NoScript to 2.6.8.36

Bug 9516: Send Tor Launcher log messages to Browser Console

Update Torbutton to 1.6.11.1

Bug 11472: Adjust about:tor font and logo positioning to avoid overlap
Bug 12680: Fix Torbutton about url.

In addition, we are also releasing the first alpha of the 4.0 series.

This alpha paves the way to our upcoming autoupdater by reorganizing the directory structure of the browser. This means that in-place upgrades from Tor Browser 3.6 (by extracting/copying over the old directory) will not work.

This release also features Tor 0.2.5.6, and some new defaults for NoScript to make the script permissions for a given url bar domain automatically cascade to all third parties by default (though this may be changed in the NoScript configuration).

Tor Browser 4.0-alpha-1 -- All Platforms

Ticket 10935: Include the Meek Pluggable Transport (version 0.10)

Two modes of Meek are provided: Meek over Google and Meek over Amazon

Update Firefox to 24.7.0esr
Update Tor to 0.2.5.6-alpha
Update OpenSSL to 1.0.1i
Update NoScript to 2.6.8.36

Script permissions now apply based on URL bar

Update HTTPS Everywhere to 5.0development.0
Update Torbutton to 1.6.12.0
- Bug 12221: Remove obsolete Javascript components from the toggle era
- Bug 10819: Bind new third party isolation pref to Torbutton security UI
- Bug 9268: Fix some window resizing corner cases with DPI and taskbar size.
- Bug 12680: Change Torbutton URL in about dialog.
- Bug 11472: Adjust about:tor font and logo positioning to avoid overlap
- Bug 9531: Workaround to avoid rare hangs during New Identity
Update Tor Launcher to 0.2.6.2

Bug 11199: Improve behavior if tor exits
Bug 12451: Add option to hide TBB's logo
Bug 11193: Change "Tor Browser Bundle" to "Tor Browser"
Bug 11471: Ensure text fits the initial configuration dialog
Bug 9516: Send Tor Launcher log messages to Browser Console

Bug 11641: Reorganize bundle directory structure to mimic Firefox
Bug 10819: Create a preference to enable/disable third party isolation
Backported Tor Patches:

Bug 11200: Fix a hang during bootstrap introduced in the initial
bug11200 patch.

Tor Browser 4.0-alpha-1 -- Linux Changes

Bug 10178: Make it easier to set an alternate Tor control port and password
Bug 11102: Set Window Class to "Tor Browser" to aid in Desktop navigation
Bug 12249: Don't create PT debug files anymore

Download Tor Browser 3.6.4

Download Tor Browser 4.0-alpha-1

↧

FBCacheView v1.03 - View Facebook images stored in the cache of your Web browser

August 19, 2014, 6:24 pm

≫ Next: GnuPG - Complete and free implementation of the OpenPGP

≪ Previous: Tor Browser 3.6.4 and 4.0-alpha-1 are released

FBCacheView is a simple tool that scans the cache of your Web browser (Internet Explorer, Firefox, or Chrome), and lists all images displayed in Facebook pages that you previously visited, including profile pictures, images uploaded to Facebook, and images taken from other Web sites. For every Facebook image, the following information is displayed: URL of the image, Web browser that was used to visit the page, image type, date/time of the image, visit time, image file size, and external URL (For images taken from another Web site).

System Requirements And Limitations

This utility works in any version of Windows, starting from Windows XP and up to Windows 8. Both 32-bit and 64-bit systems are supported.
The following Web browsers are supported: Internet Explorer, Mozilla Firefox, SeaMonkey, and Google Chrome. Opera is not supported because it stores the JPEG images in Webp format.
FBCacheView won't work if you configure your Web browser to clear the cache after closing it.
It's recommended to close all windows of your Web browser before using FBCacheView, to ensure that all cache files are saved to the disk.

Start Using FBCacheView

FBCacheView doesn't require any installation process or additional DLL files. In order to start using it, simply run the executable file - FBCacheView.exe

After running it, FBCacheView begins to scan the cache of your Web browser and displays the list of all images loaded from Facebook Web pages. You may need to wait up to a few minutes until the scanning process is finished. After the scanning process is finished, you can also watch the image in the lower pane of FBCacheView, by selecting the desired item in the upper pane.

If from some reason FBCacheView fails to detect the cache of your Web browser properly, you can go to 'Advanced Options' window (F9), and choose the desired cache folders to scan for each Web browser.

Columns Description

URL:The URL of the image on Facebook.
Web Browser:The Web browser that stores the specified Facebook image file in the cache.
Image Type:The type of the image: Profile image, uploaded image, or external image taken from another Web site. For 'External Image' type, the original URL of the image is displayed on 'External URL' column.
Image Time:The date/time of the image as returned by the Web server of Facebook. This column usually represents the time that the image was uploaded to Facebook.
Browsing Time:The last time that the specified Facebook image was loaded by your Web browser.
File Size:The file size of the image.
Filename:The full path of the image filename in the cache of your Web browser.
External URL:Displays the original URL of the image (Only for external images)

Download FBCacheView v1.03

↧

GnuPG - Complete and free implementation of the OpenPGP

August 19, 2014, 5:36 pm

≫ Next: WAF-FLE v0.6.4 - OpenSource ModSecurity Console

≪ Previous: FBCacheView v1.03 - View Facebook images stored in the cache of your Web browser

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available. Version 2 of GnuPG also provides support for S/MIME and Secure Shell (ssh).

GnuPG is Free Software (meaning that it respects your freedom). It can be freely used, modified and distributed under the terms of the GNU General Public License .

GnuPG comes in two flavours: 1.4.18 is the well known and portable standalone version, whereas 2.0.26 is the enhanced and modern version and suggested for most users.

Project Gpg4win provides a Windows version of GnuPG. It is nicely integrated into an installer and features several frontends as well as English and German manuals.

Project GPGTools provides a Mac OS X version of GnuPG. It is nicely integrated into an installer and features all required tools.

Download GnuPG

↧

WAF-FLE v0.6.4 - OpenSource ModSecurity Console

August 19, 2014, 5:48 pm

≫ Next: SearchMyFiles v2.50 - Alternative to 'Search For Files And Folders' module of Windows + Duplicates Search

≪ Previous: GnuPG - Complete and free implementation of the OpenPGP

WAF-FLE is a OpenSource ModSecurity Console, allows modsecurity admin to store, view and search events sent by sensors using a graphical dashboard to drill-down and find quickly the most relevant events. It is designed to be fast and flexible, while keeping a powerful and easy to use filter, with almost all fields clickable to use on filter.

The inicial resources required to run WAF-FLE are normaly low (check Deployment Guide in Documentation page). It is supported in virtual machines, and is supported in Linux and FreeBSD, but should run with other OS that support PHP and MySQL.

Features

Central event console
Support Modsecurity in “traditional” and “Anomaly Scoring”
Brings mlog2waffle as a replacement to mlogc
Receive events using mlog2waffle or mlogc
- mlog2waffle: in real-time, following log tail, or batch scheduled in crontab
- mlogc: in real-time, piped with ModSecurity log, in batch scheduled in crontab
No sensor limit
Drill down of events with filter
Dashboard with recent events information
Almost every event data and charts are “clickable” deepening the drill down filter
Inverted filter (to filter for “all but this item”)
Filter for network (in CIDR format, x.x.x.x/22)
Original format (Raw) to event download
Use Mysql as database
Wizard to help configure log feed between ModSecurity sensors and WAF-FLE
Open Source released under GPL v2

Changelog v0.6.4

Support to rules and mod_security compiled by Atomic Turtle;
Performance impact with high number of hostnames in database;
Custom tag ID new number, to avoid conflict with already present tag;
Better handling of “PCRE limits exceeded”;

Download WAF-FLE v0.6.4

↧

SearchMyFiles v2.50 - Alternative to 'Search For Files And Folders' module of Windows + Duplicates Search

August 19, 2014, 5:53 pm

≫ Next: Passera - Tool to generate strong unique passwords for each website

≪ Previous: WAF-FLE v0.6.4 - OpenSource ModSecurity Console

SearchMyFiles is an alternative to the standard "Search For Files And Folders" module of Windows. It allows you to easily search files in your system by wildcard, by last modified/created/last accessed time, by file attributes, by file content (text or binary search), and by the file size. SearchMyFiles allows you to make a very accurate search that cannot be done with Windows search. For Example: You can search all files created in the last 10 minutes with size between 500 and 700 bytes.

After you made a search, you can select one or more files, and save the list into text/html/csv/xml file, or copy the list to the clipboard.

SearchMyFiles is portable, and you can use it from a USB flash drive without leaving traces in the Registry of the scanned computer.

Future Versions

The following features might be added in future versions, according to user requests and my own ideas:

Add Explorer-like context-menu that will allow to do some actions on the files appeared in the search result.
Search files by alternate stream data.
Search the content of files by regular expressions.
An option to search file names by regular expression, as alternative for wildcard search.

Using SearchMyFiles

SearchMyFiles doesn't require any installation process or additional DLL files. In order to start using it, simply run the executable file - SearchMyFiles.exe

After running it, the 'Search Options' dialog-box is displayed. Select the base folders or drives that you want to search, the wildcard, and other search option that you need. After choosing the right search option, click 'Ok' in order to start the search. While in search process, the found files will be displayed in the main window. If you want to stop the search, you can simply click the 'Stop' menu.

After the search is finished, you can select one or more files, and then save the list into text/csv/html/xml file by using the 'Save Selected Items' option. You can also select a single file and open it with the default program by using the 'Open Selected File' option.

Search Options

Here's a small explanation about all available search options:

Base Folder: Specifies the folder that you want to scan. if 'Scan Subfolders' option is also checked, all subfolders under this folder will also be scanned. You can also specift multiple folders, delimited by semicolon. For example: c:\temp;d:\myfolder;d:\nirsoft
Excluded Folders: Allows you to specify one or more folders (delimited by semicolon) that you want to exclude from the scan. For example: If you want to scan you entire C: drive, but without C:\Windows and C:\Documents and Settings, you should type 'C:\' in the Base Folder, and 'C:\Windows;C:\Documents and Settings' in the Excluded Folders field.
Files Wildcard: Specifies the wildcard for scanning the files. You can specify multiple wildcards delimited by semicolon or by comma, for example: *.exe;*.dll;*.ocx or *.exe,*.dll,*.ocx. Be aware that if you want to search a filename containing semicolon or comma, you must put it in quotes. For example: "Hello, World.txt". If you don't put it in quotes, SearchMyFiles will consider it as 2 separated files.
Subfolders Wildcard: Specifies the wildcard for scanning the subfolders. For example, If you want to only scan the subfolders beginning with 'a' letter, you can specify a*.* in this field.
Exclude Files: Specifies one or more file extensions or wildcards to exclude from the search. You can specify multiple extensions or wildcards delimited by semicolon, by comma, or by space character, for example: exe, dll, ocx
File Contains: Allows you to search by the content of the files. You can make a text search or binary search. On binary search, you should specify the binary sequence that you want to search in Hex dump format, for example: 'A2 C5 2F 8A 9E AC'.
Search multiple values (comma delimited): When this option is selected, you can specify multiple values to search in the 'File Contains' field. The multiple values are delimited by comma, and optionally also with quotes.
For example:
NirSoft, Nir Sofer, Search, 123, "abc,123"
A1 82 A7 AC, 27 9A CC FF, A1 B2 71 22
File Size: Specifies that you want to search files in specified size range (For example: search all files with size between 238 and 741 bytes).
Attributes:Specifies that you want to search files with specific attributes. For example: if you want to find all files that are read-only but are not hidden, you should select 'Yes' for Read Only attribute and 'No' for Hidden attribute.
File Time:Allows you to search files that have been created, modified, or accessed in the specified time range. You can specify an accurate time range (For example: 10/12/2008 12:32:11 - 12/12/2008 13:32:56) or you can specify the last number of seconds/minutes/hours/days. For example, you can search all files that have been modified in the last 10 minutes.
Search Subfolders: If this option is checked, SearchMyFiles will scan all subfolders under the specified base folders.
Find Folders:If this option is checked, SearchMyFiles will search for folders according to the other search options. If this options is not selected, SearchMyFiles will only search for files.

Download SearchMyFiles

↧

Passera - Tool to generate strong unique passwords for each website

August 19, 2014, 6:05 pm

≫ Next: Viproy v2.0 - VoIP Penetration Testing and Exploitation Kit

≪ Previous: SearchMyFiles v2.50 - Alternative to 'Search For Files And Folders' module of Windows + Duplicates Search

A simple tool that allows users to have strong unique passwords for each website, without the need to store them either locally or with an online service. It is available as a command-line tool for Linux/Mac/Windows and an Android app.

Passera turns any entered text into a strong password up to 64 characters long and copies it to clipboard. Figure out a decent system for yourself that will allow unique passphrases for every website, such as combining website name/URL with a phrase that you would not forget. To login, fire up Passera and enter the passphrase you chose and your real password will be copied to clipboard.

Turn

githubPasswd123

into

dpu7{Lrby(vQLd8m

This software is for privacy-aware people who understand the need to have strong unique passwords for each website, yet don't want to use any password managing software or services. Relying on password managing software means trusting your passwords to be kept safe by a third-party company, or trusting them to a single file on your disk.

To make it somewhat more conspicuous, when you start Passera it copies a random password to clipboard. The real password is then only stored in clipboard for 10 seconds, before being overwritten by another random string.

Password security considerations

Passera is not designed to produce a hash of a given string by reinventing the wheel of cryptography. Instead, it produces a unique string of specified length, suitable for usage as a strong password. The cryptographic methods used are ensuring that the produced passwords are as "random" as possible, and are absolutely impossible to trace back to original passphrases.

Passwords, produced by Passera are impossible to brute-force, since it would take an extremely long time (as opposed to using combinations of real words and sentences as passwords). If a password gets leaked from a compromised website, an attacker would not be able to determine any of your other passwords. And if the attacker is aware that Passera has been used to create the password, brute-forcing with intent to find out the original passphrase would also take an extremely long time.

Passera does not ask for a website URL or a "master password" when generating a password, because these values would be included into the hashing algorithm in a particular way, potentially known to an attacker. Instead, users have the freedom to combine anything in any order, shape or form in the initial passphrase, making it exponentially more difficult to brute-force, to the point of being impossible.

Download Passera

↧

Viproy v2.0 - VoIP Penetration Testing and Exploitation Kit

August 20, 2014, 3:13 pm

≫ Next: CipherShed - Secure Encryption Software (fork of the TrueCrypt Project)

≪ Previous: Passera - Tool to generate strong unique passwords for each website

Viproy Voip Pen-Test Kit provides penetration testing modules for VoIP networks. It supports signalling analysis for SIP and Skinny protocols, IP phone services and network infrastructure. Viproy 2.0 is released at Blackhat Arsenal USA 2014 with TCP/TLS support for SIP, vendor extentions support, Cisco CDP spoofer/sniffer, Cisco Skinny protocol analysers, VOSS exploits and network analysis modules. Furthermore, Viproy provides SIP and Skinny development libraries for custom fuzzing and analyse modules.

Current testing modules:

SIP Register
SIP Invite
SIP Message
SIP Negotiate
SIP Options
SIP Subscribe
SIP Enumerate
SIP Brute Force
SIP Trust Hacking
SIP UDP Amplification DoS
SIP Proxy Bounce
Skinny Register
Skinny Call
Skinny Call Forward
VOSS Call Forwarder (September 2014)
VOSS Speed Dial Manipulator (September 2014)
MITM Proxy TCP
MITM Proxy UDP
Cisco CDP Spoofer

Download Viproy

↧

CipherShed - Secure Encryption Software (fork of the TrueCrypt Project)

August 20, 2014, 4:52 pm

≫ Next: Mobius - Forensic Framework written in Python/GTK

≪ Previous: Viproy v2.0 - VoIP Penetration Testing and Exploitation Kit

CipherShed is free (as in free-of-chargeandfree-speech) encryption software for keeping your data secure and private. It started as a fork of the now-discontinued TrueCrypt Project.

CipherShed is a program that can be used to create encrypted files or encrypt entire drives (including USB flash drives and external HDDs). There’s no complicated commands or knowledge required; a simple wizard guides you step-by-step through every process.

After creating an encrypted file or disk drive, the encrypted volume is mounted through CipherShed. The mounted volume shows up as a regular disk that can be read and written to on-the-fly. The encryption is transparent to the operating system and any programs. When finished, the volume can be unmounted, and stored or transported elsewhere, fully secured. Encryption volumes can be moved from OS-to-OS (eg, Windows to Mac) with full compatibility.

CipherShed is cross-platform; It will be available for Windows, Mac OS and GNU/Linux.

Download CipherShed

↧

Mobius - Forensic Framework written in Python/GTK

August 25, 2014, 5:36 pm

≫ Next: dos_ssh - Use BIOS ram hacks to make a SSH server

≪ Previous: CipherShed - Secure Encryption Software (fork of the TrueCrypt Project)

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tool.

Release 0.5.20 published

This release introduces the CellPhone Agent extension, an extension to browse Cellebrite's report.xml files. Minor improvements have been made and a few bugs have been fixed. See the ChangeLog:

new extension cellphone-agent
report-model: new service report.run-dialog
report-model: verbatim generates '%' instead of '%%'
report-model: do not generate duplicated methods in .py
gtk-ui: forbid treeitem DND onto itself
gtk-ui: case treeview icon cache implemented
gtk-ui: do not expand selected item when item.children is modified
skype-agent: "generate report" option
skype-agent: account view disables DND when not selected
skype-agent: account tile image repositioned
ice: use service report.run-dialog
sdi-window-manager: call to on_widget_started eliminated
partition-viewer: scan only partition-system components
partition-agent: update item.children only if it detects partitions
partition-agent-dos: keep item.children when building components
turing: test dictionary option fixed

Download Mobius

↧

dos_ssh - Use BIOS ram hacks to make a SSH server

August 25, 2014, 5:42 pm

≫ Next: WiFi software Acrylic WiFi Free v2.0 - Real-time WLAN information and network analysis

≪ Previous: Mobius - Forensic Framework written in Python/GTK

Use BIOS ram hacks to make a SSH server out of any INT 10 13h app (MS-DOS is one of those)
You can find a demo Youtube Video here below:

Download dos_ssh

↧

WiFi software Acrylic WiFi Free v2.0 - Real-time WLAN information and network analysis

August 25, 2014, 5:49 pm

≫ Next: Nmap 6.47 - Free Security Scanner For Network Exploration & Security Audits

≪ Previous: dos_ssh - Use BIOS ram hacks to make a SSH server

New Acrylic WiFi software update. WiFi software for network analysis has gone through many changes since the first free version and finally reaches version v2.0 with more power than ever and long awaited features for network and channel analysis under Windows and with any wireless card.

Acrylic WiFi Free and Professional WiFi software news:

The main improvements of the new Acrylic WiFi software release are as follows:

Acrylic Free WiFi program incorporates information about the maximum speeds supported by the WiFi access point.
Fixed install and uninstall issues with NDIS capture driver under x64
Enhanced NDIS driver to avoid packet loss under heavy network capture with monitor mode.
Enhanced Wireshark integration for better performance and fixed radiotap header issues
Fixed compatibility with Windows Vista.
Added additional Visual studio dependencies.
Fixed issues when requesting trial licenses for Acrylic WiFi professional.
New exception handler module to detect Acrylic bugs.
Execute Acrylic as user: Acrylic can be installed and executed as user, without administrator rights. Note that without admin privileges monitor mode won’t be available
Added additional software tooltips.
Added social network buttons to share information about Acrylic WiFi software with all your friends and followers :).
Improved graphical interface and usability.
Acrylic WiFi Free starts with data capture automatically once the program is executed.

Download WiFi software Acrylic WiFi Free v2.0

↧

Nmap 6.47 - Free Security Scanner For Network Exploration & Security Audits

August 26, 2014, 7:02 am

≫ Next: Lynis 1.6.0 - Security auditing tool for Unix/Linux systems

≪ Previous: WiFi software Acrylic WiFi Free v2.0 - Real-time WLAN information and network analysis

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.

Nmap is ...

Flexible: Supports dozens of advanced techniques for mapping out networks filled with IP filters, firewalls, routers, and other obstacles. This includes many port scanning mechanisms (both TCP & UDP), OS detection, version detection, ping sweeps, and more. See the documentation page.
Powerful: Nmap has been used to scan huge networks of literally hundreds of thousands of machines.
Portable: Most operating systems are supported, including Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, Amiga, and more.
Easy: While Nmap offers a rich set of advanced features for power users, you can start out as simply as "nmap -v -A targethost". Both traditional command line and graphical (GUI) versions are available to suit your preference. Binaries are available for those who do not wish to compile Nmap from source.
Free: The primary goals of the Nmap Project is to help make the Internet a little more secure and to provide administrators/auditors/hackers with an advanced tool for exploring their networks. Nmap is available for free download, and also comes with full source code that you may modify and redistribute under the terms of the license.
Well Documented: Significant effort has been put into comprehensive and up-to-date man pages, whitepapers, tutorials, and even a whole book! Find them in multiple languages here.
Supported: While Nmap comes with no warranty, it is well supported by a vibrant community of developers and users. Most of this interaction occurs on the Nmap mailing lists. Most bug reports and questions should be sent to the nmap-dev list, but only after you read the guidelines. We recommend that all users subscribe to the low-traffic nmap-hackers announcement list. You can also find Nmap on Facebook and Twitter. For real-time chat, join the #nmap channel on Freenode or EFNet.
Acclaimed: Nmap has won numerous awards, including "Information Security Product of the Year" by Linux Journal, Info World and Codetalker Digest. It has been featured in hundreds of magazine articles, several movies, dozens of books, and one comic book series. Visit the press pagefor further details.
Popular: Thousands of people download Nmap every day, and it is included with many operating systems (Redhat Linux, Debian Linux, Gentoo, FreeBSD, OpenBSD, etc). It is among the top ten (out of 30,000) programs at the Freshmeat.Net repository. This is important because it lends Nmap its vibrant development and user support communities.

Changelog Nmap 6.47:

o Integrated all of your IPv4 OS fingerprint submissions since June 2013
  (2700+ of them). Added 366 fingerprints, bringing the new total to 4485.
  Additions include Linux 3.10 - 3.14, iOS 7, OpenBSD 5.4 - 5.5, FreeBSD 9.2,
  OS X 10.9, Android 4.3, and more. Many existing fingerprints were improved.
  Highlights: http://seclists.org/nmap-dev/2014/q3/325 [Daniel Miller]

o (Windows, RPMs) Upgraded the included OpenSSL to version 1.0.1i. [Daniel Miller]

o (Windows) Upgraded the included Python to version 2.7.8. [Daniel Miller]

o Removed the External Entity Declaration from the DOCTYPE in Nmap's XML. This
  was added in 6.45, and resulted in trouble for Nmap XML parsers without
  network access, as well as increased traffic to Nmap's servers. The doctype
  is now:


o [Ndiff] Fixed the installation process on Windows, which was missing the
  actual Ndiff Python module since we separated it from the driver script.
  [Daniel Miller]

o [Ndiff] Fixed the ndiff.bat wrapper in the zipfile Windows distribution,
  which was giving the error, "\Microsoft was unexpected at this time." See
  https://support.microsoft.com/kb/2524009 [Daniel Miller]

o [Zenmap] Fixed the Zenmap .dmg installer for OS X. Zenmap failed to launch,
  producing this error:
    Could not import the zenmapGUI.App module:
    'dlopen(/Applications/Zenmap.app/Contents/Resources/lib/python2.6/lib-dynload/glib/_glib.so, 2):
    Library not loaded: /Users/david/macports-10.5/lib/libffi.5.dylib\n
    Referenced from:
    /Applications/Zenmap.app/Contents/Resources/lib/python2.6/lib-dynload/glib/_glib.so\n
    Reason: image not found'.

o [Ncat] Fixed SOCKS5 username/password authentication. The password length was
  being written in the wrong place, so authentication could not succeed.
  Reported with patch by Pierluigi Vittori.

o Avoid formatting NULL as "%s" when running nmap --iflist. GNU libc converts
  this to the string "(null)", but it caused segfault on Solaris. [Daniel Miller]

o [Zenmap][Ndiff] Avoid crashing when users have the antiquated PyXML package
  installed. Python tries to be nice and loads it when we import xml, but it
  isn't compatible. Instead, we force Python to use the standard library xml
  module. [Daniel Miller]

o Handle ICMP admin-prohibited messages when doing service version detection.
  Crash reported by Nathan Stocks was: Unexpected error in NSE_TYPE_READ
  callback.  Error code: 101 (Network is unreachable) [David Fifield]

o [NSE] Fix a bug causing http.head to not honor redirects. [Patrik Karlsson]

o [Zenmap] Fix a bug in DiffViewer causing this crash:
     TypeError: GtkTextBuffer.set_text() argument 1 must be string or read-only
     buffer, not NmapParserSAX
  Crash happened when trying to compare two scans within Zenmap. [Daniel Miller]

Download Nmap 6.47

↧

Lynis 1.6.0 - Security auditing tool for Unix/Linux systems

August 30, 2014, 2:00 pm

≫ Next: zAnti - Android Penetration Testing Toolkit (Free!)

≪ Previous: Nmap 6.47 - Free Security Scanner For Network Exploration & Security Audits

Lynis is an open sourcesecurity auditing tool. Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based system (including Mac). Even the installation of the software itself is optional!

How it works

Lynis will perform hundreds of individual tests to determine the security state of the system. Many of these tests are also part of common security guidelines and standards. Examples include searching for installed software and determine possible configuration flaws. Lynis goes further and does also test individual software components, checks related configuration files and measures performance. After these tests, a scan report will be displayed with all discovered findings.

Typical use cases for Lynis:

Security auditing
Vulnerability scanning
System hardening

Why open source?

Open source software provides trust by having people look into the code. Adjustments are easily made, providing you with a flexible solution for your business. But can you trust systems and software with your data? Lynis provides you this confidence. It does so with extensive auditing of your systems. This way you can verify and stay in control of your security needs.

Download Lynis 1.6.0

↧

zAnti - Android Penetration Testing Toolkit (Free!)

September 3, 2014, 10:16 pm

≫ Next: LinSSID - Graphical wireless scanning for Linux (similar to Inssider)

≪ Previous: Lynis 1.6.0 - Security auditing tool for Unix/Linux systems

zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety.

zANTI offers a comprehensive range of fully customizable scans to reveal everything from authentication, backdoor and brute-force attempts to database, DNS and protocol-specific attacks – including rogue access points.

zANTI produces an Automated Network Map that shows any vulnerabilities of a given target.

Pick your audit

zANTI offers a host of penetration-testing features, including everything from Man-In-The-Middle and password complexity audits to port monitoring and a sophisticated packet sniffer.

End the discussion

zANTI employs advanced cloud-based reporting that makes it easy to demonstrate flaws and rationalize budgeting for necessary network upgrades.

Keep it simple

zANTI offers a user-friendly web-based interface that turns complex audits into a walk in the park; to quote Forbes, it’s “as polished as a video game”.

Download zAnti

↧

LinSSID - Graphical wireless scanning for Linux (similar to Inssider)

September 6, 2014, 9:43 pm

≫ Next: PHP Secure Configuration Checker - Check current PHP configuration for potential security flaws

≪ Previous: zAnti - Android Penetration Testing Toolkit (Free!)

LinSSID is graphically and functionally similar to Inssider (Microsoft™ Windows®). It is written in C++ using Linux wireless tools, Qt5, and Qwt 6.1.

LinSSID may be installed either by downloading source or binary from this site, or if you're using Debian/Ubuntu or one of its brethren, adding a ppa to your software sources and then installing it with your favorite application manager. The ppa is:

deb http://ppa.launchpad.net/wseverin/ppa/ubuntu myversion main

(substitute 'precise', 'quantal', 'raring', 'saucy', 'trusty' or 'utopic' for 'myversion')

Builds are available for amd64 and i386. Please report problems on the 'discussion' tab.

Version 2.2 and above now built on Qt5 using version 6.1 of the Qwt library, based on a 'trusty' development environment. Several small bugs have been fixed and there is now a status message in the top panel.

LinSSID is not bug-free. If you find one please report it on the discussion page and let's fix it.

Download LinSSID

↧

PHP Secure Configuration Checker - Check current PHP configuration for potential security flaws

September 8, 2014, 7:11 pm

≫ Next: XSScrapy - Fast, thorough XSS vulnerability spider

≪ Previous: LinSSID - Graphical wireless scanning for Linux (similar to Inssider)

Among the most tedious tasks of PHP security testing is the check for insecure PHP configuration. As a successor of our PHP Security Poster, we have created a script to help system administrators as well as security professionals to assess the state of php.ini and related topics as quickly and as thoroughly as possible. For later reference, the script is called "PHP Secure Configuration Checker" , or pcc.

Inspiration and previous work

phpinfo(): Just like phpinfo() the pcc is supposed to give a brief overview of security related configuration issues.
phpsecinfo: This is an alternative project that appears to have been discontinued in 2007.
SektionEins PHP Security Poster (2009-2011): Some text snippets and recommendations of our own work we put into the popular poster have been reused.

Ideas, Features and Software Design

One single file for easy distribution: In respect to an update process and access restrictions, a single file can be handled easier than a whole web application monster.
Simple tests for each security related ini entry: Testing php.ini on a live system is the main aspect of this project. Each entry is supposed to be checked or otherwise actively ignored.
A few other tests: pcc is not restricted to php.ini checks. Other ideas can be implemented as well.
Compatibility: PHP 5.4 is supposed to work. Older PHP versions are not supposed to be used in the wild anyway.
NO complicated/overengineered code, e.g. no classes/interfaces, test-frameworks, libraries, ...: In most cases, a recommendation is based on a simple boolean decision, e.g. is it 1 or is it 0. The corresponding code is supposed to reflect this simplicity. Also, simple code leads to fewer programming errors.
Novice factor: The result is supposed to help secure the PHP environment. There is no need to obfuscate, encrypt or hide the code. Even unexperienced developers or system administrators may take a glance at the code - free of charge.
NO (or very few) dependencies: pcc is supposed to run in the most simplistic (yet still realistically sane) PHP environment. Writing files and loading bloated library code should be avoided.
Safeguards: In order to prevent information disclosure, IP restrictions are implemented, as well as a lock-out mechanism based on the script's modification time.
Suhosin: pcc checks the correct configuration of the Suhosin extension.

Download PHP Secure Configuration Checker