[Exploit Pack] The most advanced and easy to use tool for pentesters

December 4, 2013, 5:45 pm

≫ Next: [ike-scan] Discover & Fingerprint IKE Hosts (IPsec VPN Servers)

≪ Previous: [OWASP GoatDroid] Project that will help educate security to application developers Android

$

0

0

Exploit Pack is an open source GPLv3 licensed bundle of scripts ( known as exploits ) with an easy to use GUI and a SID IDE. It’s built on JAVA and Python, which means it’s easy to customize and works very nicely on any device. Like every software that has an open source license you can patch, extend or add your own ideas to it. Just checkout the code and go for it. This tool was made thinking on the end-user, it's not going to replace any other security tool on the market, but it's for sure a must-have for every security enthusiast, researcher or paranoid user.

It's easy to use

Not a security savvy but wanna IDDQD?

Hello script kiddie. Don't you worry, you can always use this tool without reading any kind of documentation. But shame on you.

Multi OS support

No matter which platform you like.

It was developed thinking on multi platform support by default for x86 but it will run on Windows, Linux, FreeBSD and Mac OSX.

IDE for Exploit Dev's

Start coding your own exploits.

A must-have for effective exploit development, extend or add more features and include your own exploit codes. 

Download  Exploit Pack

---

[ike-scan] Discover & Fingerprint IKE Hosts (IPsec VPN Servers)

December 4, 2013, 5:49 pm

≫ Next: [Wapiti 2.3.0] Web Application Vulnerability Scanner

≪ Previous: [Exploit Pack] The most advanced and easy to use tool for pentesters

$

0

0

ike-scan discovers IKE hosts and can also fingerprint them using the retransmission backoff pattern.
ike-scan can perform the following functions:

• Discovery Determine which hosts in a given IP range are running IKE. This is done by displaying those hosts which respond to the IKE requests sent by ike-scan.
• Fingerprinting Determine which IKE implementation the hosts are using, and in some cases determine the version of software that they are running. This is done in two ways: firstly by UDP backoff fingerprinting which involves recording the times of the IKE response packets from the target hosts and comparing the observed retransmission backoff pattern against known patterns; and secondly by Vendor ID fingerprinting which compares Vendor ID payloads from the VPN servers against known vendor id patterns.
• Transform Enumeration Find which transform attributes are supported by the VPN server for IKE Phase-1 (e.g. encryption algorithm, hash algorithm etc.).
• User Enumeration For some VPN systems, discover valid VPN usernames.
• Pre-Shared Key Cracking Perform offline dictionary or brute-force password cracking for IKE Aggressive Mode with Pre-Shared Key authentication. This uses ike-scan to obtain the hash and other parameters, and psk-crack (which is part of the ike-scan package) to perform the cracking.

The retransmission backoff fingerprinting concept is discussed in more detail in the UDP backoff fingerprinting paper which should be included in the ike-scan kit as UDP Backoff Fingerprinting Paper.

The program sends IKE phase-1 (Main Mode or Aggressive Mode) requests to the specified hosts and displays any responses that are received. It handles retry and retransmission with backoff to cope with packet loss. It also limits the amount of bandwidth used by the outbound IKE packets.
IKE is the Internet Key Exchange protocol which is the key exchange and authentication mechanism used by IPsec. Just about all modern VPN systems implement IPsec, and the vast majority of IPsec VPNs use IKE for key exchange. Main Mode is one of the modes defined for phase-1 of the IKE exchange (the other defined mode is aggressive mode). RFC 2409 section 5 specifies that main mode must be implemented, therefore all IKE implementations can be expected to support main mode. Many also support Aggressive Mode.
Building and Installing

• Run git clone https://github.com/royhills/ike-scan.git to obtain the project source code
• Run cd ike-scan to enter source directory
• Run autoreconf --install to generate a viable ./configure file
• Run ./configure or ./configure --with-openssl to use the OpenSSL libraries
• Run make to build the project
• Run make check to verify that everything works as expected
• Run make install to install (you’ll need root or sudo for this part)

Download ike-scan

[Wapiti 2.3.0] Web Application Vulnerability Scanner

December 4, 2013, 6:15 pm

≫ Next: [Wireless Attack Toolkit (WAT)] A push-button wireless hacking and Man-in-the-Middle attack toolkit

≪ Previous: [ike-scan] Discover & Fingerprint IKE Hosts (IPsec VPN Servers)

$

0

0

Wapiti allows you to audit the security of your web applications.

It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data.

Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.

Wapiti can detect the following vulnerabilities :

• File disclosure (Local and remote include/require, fopen, readfile...)
• Database Injection (PHP/JSP/ASP SQL Injections and XPath Injections)
• XSS (Cross Site Scripting) injection (reflected and permanent)
• Command Execution detection (eval(), system(), passtru()...)
• CRLF Injection (HTTP Response Splitting, session fixation...)
• XXE (XmleXternal Entity) injection
• Use of know potentially dangerous files (thanks to the Nikto database)
• Weak .htaccess configurations that can be bypassed
• Presence of backup files giving sensitive information (source code disclosure)

Wapiti supports both GET and POST HTTP methods for attacks.

It also supports multipart and can inject payloads in filenames (upload).

Display a warning when an anomaly is found (for example 500 errors and timeouts)

Makes the difference beetween permanent and reflected XSS vulnerabilities.

General features :

• Generates vulnerability reports in various formats (HTML, XML, JSON, TXT...)
• Can suspend and resume a scan or an attack
• Can give you colors in the terminal to highlight vulnerabilities
• Different levels of verbosity
• Fast and easy way to activate/deactivate attack modules
• Adding a payload can be as easy as adding a line to a text file

Browsing features

Support HTTP and HTTPS proxies

Authentication via several methods : Basic, Digest, Kerberos or NTLM

Ability to restrain the scope of the scan (domain, folder, webpage)

Automatic removal of a parameter in URLs

Safeguards against scan endless-loops (max number of values for a parameter)

Possibility to set the first URLs to explore (even if not in scope)

Can exclude some URLs of the scan and attacks (eg: logout URL)

Import of cookies (get them with the wapiti-cookie and wapiti-getcookie tools)

Can activate / deactivate SSL certificates verification

Extract URLs from Flash SWF files

Try to extract URLs from javascript (very basic JS interpreter)

HTML5 aware (understand recent HTML tags)

Wapiti is a command-line application.

Here is an exemple of output against a vulnerable web application.

You may find some useful informations in the README and the INSTALL files.

Download Wapiti

[Wireless Attack Toolkit (WAT)] A push-button wireless hacking and Man-in-the-Middle attack toolkit

December 4, 2013, 6:18 pm

≫ Next: [Splinter] RAT open source

≪ Previous: [Wapiti 2.3.0] Web Application Vulnerability Scanner

$

0

0

This project is designed to run on Embedded ARM platforms (specifically v6 and RaspberryPi but I'm working on more).

It provides users with automated wireless attack tools that air paired with man-in-the-middle tools to effectively and silently attack wireless clients.

Some of the tools included in the kit are:

• Custom regex-based DNS Server
• DHCP
• Aircrack-ng suite
• Browser Exploitation Framework (Preconfigured for metasploit)
• Metasploit
• Python-based Transparent Injection Proxy
• Pushbutton configuration
• "Limpet Mine" mode for attacking existing networks

 You basically answer three questions in the start script, wait a bit, then log into the BEEF console to start attacking clients

Download Wireless Attack Toolkit (WAT)

[Splinter] RAT open source

December 4, 2013, 6:27 pm

≫ Next: [SQL injection test environment] A collection of web pages vulnerable to SQL injection flaws

≪ Previous: [Wireless Attack Toolkit (WAT)] A push-button wireless hacking and Man-in-the-Middle attack toolkit

$

0

0

Splinter The Rat es una RAT (Remote Administration Tool). Este tipo de herramientas normalmente nos permite tomar el control de un bot (sistema comprometido).

Splinter The Rat actúa como BotMaster o controlador de la botnet y está diseñado para trabajar con distintos tipos de backdoors o puertas traseras: netcat listeners o implantes creados en Java o Python, ya precompilados en el sistema. En el futuro también se integrará con Armitage y Raven.

Además este RAT también permite la transferencia y navegación de ficheros, geolocalización, acceso y/o modificación del portapapeles de la víctima, capturas de pantalla y grabación, etc.

Splinter The RAT es un proyecto educativo del que podemos aprender como crear herramientas de este tipo y que además son totalmente funcionales. El objetivo de éste según sus autores es el de mostrar lo fácil que es crear una herramienta de este tipo.

Este proyecto está activamente siendo desarrollado y algunas de las características que podemos esperar en futuras versiones son:

• Desarrollos de implantes en Python, PowerShell y C++.
• Estaganogfía, TCP/DNS tunneling.
• Drive-by-downloaders y droppers Javascript
• Creación de implantes polimórficos y cifrado de la comunicación de los payloads
• Escaneo de redes internas
• Explotación de dispositivos móviles
• Etc

Si alguna vez has pensado crear la infraestructura detrás de una botnet, aquí tienes un buen ejemplo para crear la tuya propia o construirla sobre ésta.

Fuente

Descarga Splinter

[SQL injection test environment] A collection of web pages vulnerable to SQL injection flaws

December 4, 2013, 6:37 pm

≫ Next: [MKBRUTUS] Password bruteforcer for MikroTik devices or boxes running RouterOS

≪ Previous: [Splinter] RAT open source

$

0

0

A collection of web pages vulnerable to SQL injection flaws and more:

• conf/ - operating system configuration files used by deployment.sh.
• dbs/ - standalone databases for some database management systems (e.g. Microsoft Access).
• libs/ - web API libraries to connect to the database management system, perform the provided statement and return its output.
• schema/ - SQL used to create the test database, a test table and populate it with test entries.
• Other directories - vulnerable pages for each database management system.
• deployment.sh - A bash script to deploy from scratch a fully-fledged Linux (Debian or Ubuntu) machine with all the relevant database management systems installed and configured, ready to be targeted.

SQL injection test environment

[MKBRUTUS] Password bruteforcer for MikroTik devices or boxes running RouterOS

December 4, 2013, 6:43 pm

≫ Next: [Canaima GNU/Linux] Distro socio-tecnológica

≪ Previous: [SQL injection test environment] A collection of web pages vulnerable to SQL injection flaws

$

0

0

Mikrotik brand devices (www.mikrotik.com), which runs the RouterOS operative system, are worldwide known and popular with a high networking market penetration. Many companies choose them as they are a great combination of low-cost and good performance. RouterOS can be also installed on other devices such as PC.

This system can be managed by the following ways:

• Telnet
• SSH
• Winbox (proprietary GUI of Mikrotik)
• HTTP
• API

Many network sysadmins choose to close Telnet, SSH and HTTP ports, leaving the Winbox port open for graphical management or to another client (developed by third parties) which uses the RouterOS API port, such as applications for Android (managing routers and Hotspots) or web front-ends. At this point, MKBRUTUS comes into play ;)

Both, Winbox and API ports uses a RouterOS proprietary protocol to "talk" with management clients.

It is possible that in the midst of a pentesting project, you can find the ports 8291/TCP (Winbox) and 8728/TCP (API) open and here we have a new attack vector.

Because the port 8291/TCP is only possible to authenticate using the Winbox tool (at least by now ;), we realized the need of develop a tool to perform dictionary-based attacks over the API port (8728/TCP), in order to allow the pentester to have another option to try to gain access.

DICTIONARY-BASED ATTACK

MKBRUTUS is a tool developed in Python 3 that performs bruteforce attacks (dictionary-based) systems against RouterOS (ver. 3.x or newer) which have the 8728/TCP port open. Currently has all the basic features of a tool to make dictionary-based attacks, but in the future we plan to incorporate other options. There are many sites from where you can download wordlists, here are some:

http://wiki.skullsecurity.org/Passwords

http://wordlist.sourceforge.net/

Download MKBRUTUS

[Canaima GNU/Linux] Distro socio-tecnológica

December 9, 2013, 8:25 am

≫ Next: [Orchid] Tor Client for Java

≪ Previous: [MKBRUTUS] Password bruteforcer for MikroTik devices or boxes running RouterOS

$

0

0

Canaima GNU/Linux es un proyecto socio-tecnológico abierto, construido de forma colaborativa, centrado en el desarrollo de herramientas y modelos productivos basados en las Tecnologías de Información (TI) Libres de software y sistemas operativos cuyo objetivo es generar capacidades nacionales, desarrollo endógeno, apropiación y promoción del libre conocimiento, sin perder su motivo original: la construcción de una nación venezolana tecnológicamente preparada.

Actualmente Canaima impulsa grandes proyectos nacionales tanto a nivel público como privado, entre los que se encuentran el Proyecto Canaima Educativo, el Plan Internet equipado de CANTV, entre otros.

En esta nueva versión 4.0 se encuentran las siguientes novedades:

- Escritorio Gnome Shell 3.4

- Kernel Linux 3.2.0.

- Servidor de ventanas X.org 7.7.

- Suite Ofimática LibreOffice 4.0.1.

- Navegador Web Cunaguaro 22.0.

- Cliente de Correo Guácharo 17.0.5.

- Programa de manipulación de imágenes GIMP 2.8.

- Centro de Software.

- Canaima Bienvenido (Basado en huayra-bullets) .

- Jockey (Detector de Hardware).

- Canaima Fondos dinámicos.

- Editor de gráficos vectoriales Inkscape 0.48.

- Lenguaje Python 2.7/3.2.

- Lenguaje Perl 5.14.

Descargar Canaima GNU/Linux

---

[Orchid] Tor Client for Java

December 9, 2013, 8:30 am

≫ Next: [sb0x] Caja de herramientas para pruebas de penetración

≪ Previous: [Canaima GNU/Linux] Distro socio-tecnológica

$

0

0

Orchid is a Tor client implementation and library written in pure Java.

It was written from the Tor specification documents, which are available here.

Orchid runs on Java 5+ and the Android devices.

How can Orchid be used?

In a basic use case, running Orchid will open a SOCKS5 listener which can be used as a standalone client where Tor would otherwise be used. 

Orchid can also be used as a library by any application running on the JVM. This is what Orchid was really designed for and this is the recommended way to use it. Orchid can be used as a library in any Java application, or any application written in a language that compiles bytecode that will run on the Java virtual machine, e.g., JRuby, Clojure, Scala..

Why was Orchid developed?

Orchid was developed for seamless integration of Tor into Java applications. The first application to have built-in Tor support is Martus, a human rights application developed by Benetech. 

Another reason Orchid was developed was to work through and debug the Tor specification documents. Orchid was also created to provide a reference implementation in Java. This may be easier to understand for those who are unfamiliar with the C programming language. The implementation is also simpler because only the client has been implemented.

Should Orchid be used with a regular browser for anonymous browsing?

Probably not. We recommend that the Tor Browser Bundle (or better yet, Tails) be used, as there are privacy leaks through the browser that are unrelated to Tor. However, Orchid can be used with the Tor Browser bundle in the place of native Tor.

Orchid's strength is that it can be used to Torify Java and JVM applications with near transparency.

Download Orchid

[sb0x] Caja de herramientas para pruebas de penetración

December 9, 2013, 8:33 am

≫ Next: [SkyJack] Drone engineered to autonomously seek out, hack, and wirelessly take full control over any other drones

≪ Previous: [Orchid] Tor Client for Java

$

0

0

Ruquirment Sistema: para ejecutar sb0x necesita instalar Python 2.7.x

Características Herramientas:

1. WordPress fuerza bruta
2. Escáner servidor
3. Web de administración buscador
4. FTP fuerza bruta del servidor
5. Perl bind shell
6. DSL fuerza bruta enrutador
7. NETGEAR fuerza bruta Router
8. MS12-020 de Windows RDP Dos explotar

Descargar sb0x

[SkyJack] Drone engineered to autonomously seek out, hack, and wirelessly take full control over any other drones

December 9, 2013, 8:41 am

≫ Next: [Python eBooks] Free eBooks to learn Python

≪ Previous: [sb0x] Caja de herramientas para pruebas de penetración

$

0

0

SkyJack is a drone engineered to autonomously seek out, hack, and wirelessly take full control over any other drones within wireless or flying distance, creating an army of zombie drones under your control.

by @SamyKamkar // code@samy.pl // http://samy.pl // Dec 2, 2013

Overview

Today Amazon announced they're planning to use unmanned drones to deliver some packages to customers within five years. Cool! How fun would it be to take over drones, carrying Amazon packages…or take over any other drones, and make them my little zombie drones. Awesome.

Using a Parrot AR.Drone 2, a Raspberry Pi, a USB battery, an Alfa AWUS036H wireless transmitter, aircrack-ng, node-ar-drone, node.js, and my SkyJack software, I developed a drone that flies around, seeks the wireless signal of any other drone in the area, forcefully disconnects the wireless connection of the true owner of the target drone, then authenticates with the target drone pretending to be its owner, then feeds commands to it and all other possessed zombie drones at my will.

SkyJack also works when grounded as well, no drone is necessary on your end for it to work. You can simply run it from your own Linux machine/Raspberry Pi/laptop/etc and jack drones straight out of the sky.

SkyJack (available from github) is primarily a perl application which runs off of a Linux machine, runs aircrack-ng in order to get its wifi card into monitor mode, detects all wireless networks and clients around, deactivates any clients connected to Parrot AR.drones, connects to the now free Parrot AR.Drone as its owner, then uses node.js with node-ar-drone to control zombie drones.
I detect drones by seeking out any wireless connections from MAC addresses owned by the Parrot company, which you can find defined in the Registration Authority OUI.

aircrack-ng

I use aircrack-ng to put our wireless device into monitor mode to find our drones and drone owners. I then use aireplay-ng to deauthenticate the true owner of the drone I'm targeting. Once deauthenticated, I can connect as the drone is waiting for its owner to reconnect.

node-ar-drone

I use node-ar-drone to control the newly enslaved drone via Javascript and node.js.

Hardware

Parrot AR.Drone 2

The Parrot AR.Drone 2 is the drone that flies around seeking other drones, controlled from an iPhone, iPad or Android, and is also the type of drone SkyJack seeks out in order to control. SkyJack is also capable of seeking out Parrot AR.Drone version 1.
The Parrots actually launch their own wireless network which is how the owner of the drone connects. We take over by deauthenticating the owner, then connecting now that the drone is waiting for its owner to connect back in, exploiting the fact that we destroyed their wireless connection temporarily.

Raspberry Pi

I use a Raspberry Pi to drive the project as it's inexpensive, reasonably light, has USB, and runs Linux.

Alfa AWUS036H wireless adapter

I use the Alfa AWUS036H wireless card which supports raw packet injection and monitor mode which allow me to deauthenticate users who are legitimately connected to their drones.

Edimax EW-7811Un wireless adapter

I also use the Edimax EW-7811Un wireless USB adapter in order for SkyJack to launch its own network. This allows me to connect to SkyJack from my laptop or iPad and watch all the other drones as they're being controlled.

USB Battery

I suggest any USB battery which is light (under 100 grams), and can output close to an amp (1000mAh). The Raspberry Pi + wifi will likely use about this much juice. You could also possibly hook up three AAA batteries together to get about 4.5V out which would be a bit lighter, though I'm not sure how much current it will be able to output.

Download SkyJack

[Python eBooks] Free eBooks to learn Python

December 9, 2013, 8:49 am

≫ Next: [NOSQLMap] NoSQLMap-Automated NoSQL Database pwnage

≪ Previous: [SkyJack] Drone engineered to autonomously seek out, hack, and wirelessly take full control over any other drones

$

0

0

• Think Python
•  Learn Python the Hard way, 3rd edition
• Advance Python Features Gone Bad
• Invent Your Own Computer Game With Python
• Hacking Secret Ciphers With Python

[NOSQLMap] NoSQLMap-Automated NoSQL Database pwnage

December 9, 2013, 9:02 am

≫ Next: [Evil Foca] IPv4 and IPv6 Penetration testing tool

≪ Previous: [Python eBooks] Free eBooks to learn Python

$

0

0

What is NoSQLMap?

NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases, as well as web applications using NoSQL in order to disclose data from the database.  It is named as a tribute to Bernardo Damele and Miroslav's Stampar's popular SQL injection tool SQLmap, and its concepts are based on and extensions of Ming Chow's excellent presentation at Defcon 21, "Abusing NoSQL Databases".  Presently the tool's exploits are focused around MongoDB, but additional support for other NoSQL based platforms such as CouchDB, Redis, and Cassandra are planned in future releases; right now the goal is to provide a proof of concept tool to debunk the premise that NoSQL is impervious to SQL injection attacks.

Features

• Automated MongoDB database enumeration and cloning attacks.
• PHP application parameter injection attacks against MongoClient to return all database records.
• Javascript function variable escaping and arbitrary code injection to return all database records.
• Timing based attacks similar to blind SQL injection to validate Javascript injection vulnerabilities with no feedback from the application.
• More coming soon!

Download NOSQLMap

[Evil Foca] IPv4 and IPv6 Penetration testing tool

December 9, 2013, 8:58 am

≫ Next: [Sandboxie] Sandbox Your Browser / Software / Programs In Windows

≪ Previous: [NOSQLMap] NoSQLMap-Automated NoSQL Database pwnage

$

0

0

Evil Foca is a tool for Pentesters and Security Auditors to perform security testing in IPv4/ IPv6 data networks.

• The tool is capable to do different attacks such as:
• MITM on IPv4 networks using ARP Spoofing and DHCP ACK injection.
• MITM on IPv6 networks using Neighbor Advertisement Spoofing, SLAAC Attack, fake DHCPv6.
• DoS (Denial of Service) on IPv4 networks using ARP Spoofing.
• DoS (Denial of Service) on IPv6 networks using SLAAC Attack.
• DNS Hijacking. 

Download Evil Foca

[Sandboxie] Sandbox Your Browser / Software / Programs In Windows

December 9, 2013, 9:00 am

≫ Next: [Blue|Smash] Bluetooth Penetration Testing Suite

≪ Previous: [Evil Foca] IPv4 and IPv6 Penetration testing tool

$

0

0

Sandboxie enables you to easily sandbox your browser and other programs, it runs your applications in an isolated abstraction area called a sandbox. Under the supervision of Sandboxie, an application operates normally and at full speed, but can’t effect permanent changes to your computer. Instead, the changes are effected only in the sandbox.

For those too lazy to set up a full on vm image for testing stuff, this is a pretty good alternative.

Benefits of the Isolated Sandbox

• Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.
• Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don’t leak into Windows.
• Secure E-mail: Viruses and other malicious software that might be hiding in your email can’t break out of the sandbox and can’t infect your real system.
• Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox.

Registration is optional but there is a nag screen after 30 days.

Download Sandboxie

---

[Blue|Smash] Bluetooth Penetration Testing Suite

December 16, 2013, 5:16 pm

≫ Next: [THC-Hydra 7.5] Fast Parallel Network Logon Cracker

≪ Previous: [Sandboxie] Sandbox Your Browser / Software / Programs In Windows

$

0

0

Blue|Smash is a free open source bluetooth pentest suite, powered by python for linux. I built Blue|Smash to aid me in my bluetooth adventures and thought others might benefit from my work :D. Here is a list of some of the tools included.

• Sorbo's Frontline bluetooth sniffer.
• A bruteforce scanner
• Mac address spoofer
• Load's of exploits
• Autopwn vunrebility checker
• CSR Firmware Backup/Updater

Download Blue|Smash

[THC-Hydra 7.5] Fast Parallel Network Logon Cracker

December 16, 2013, 5:25 pm

≫ Next: [Sahi] Web Test Automation Tool

≪ Previous: [Blue|Smash] Bluetooth Penetration Testing Suite

$

0

0

Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast.

Features

• IPv6 Support
• Graphic User Interface
• Internationalized support (RFC 4013)
• HTTP proxy support
• SOCKS proxy support

The tool supports the following protocols

Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

Changelog for 7.5

• Added module for Asterisk Call Manager
• Added support for Android where some functions are not available
• hydra main:
• – reduced the screen output if run without -h, full screen with -h
• – fix for ipv6 and port parsing with service://[ipv6address]:port/OPTIONS
• – fixed -o output (thanks to www417)
• – warning if HYDRA_PROXY is defined but the module does not use it
• – fixed an issue with large input files and long entries
• hydra library:
• – SSL connections are now fixed to SSLv3 as some SSL servers fail otherwise, report if this gives you problems
• – removed support for old OPENSSL libraries
• HTTP Form module:
• – login and password values are now encoded if special characters are present
• – ^USER^ and ^PASS^ are now also supported in H= header values
• – if you the colon as a value in your option string, you can now escape it with \: – but do not encode a \ with \\
• Mysql module: protocol 10 is now supported
• SMTP, POP3, IMAP modules: Disabled the TLS in default. TLS must now be defined as an option “TLS” if required. This increases performance.
• Cisco module: fixed a small bug (thanks to Vitaly McLain)
• Postgres module: libraries on Cygwin are buggy at the moment, module is therefore disabled on Cygwin

Download THC-Hydra 7.5

[Sahi] Web Test Automation Tool

December 16, 2013, 5:39 pm

≫ Next: [IP-reputation-snort-rule-generator] A tool to generate Snort rules based on public IP reputation data

≪ Previous: [THC-Hydra 7.5] Fast Parallel Network Logon Cracker

$

0

0

Sahi Pro is a powerful tool for automation of web application testing. Sahi Pro helps test web applications across different browsers with high reliability and low maintenance. Existing testing teams with minimal programming knowledge can easily get started and contribute to test automation.

Sahi is especially suited for cross-browser/multi-browser testing of complex web 2.0 applications with lots of AJAX and dynamic content. Sahi works well in Agile development environments, enabling rapid automation and maintenance and easily integrating with build systems. Sahi saves time and effort with faster development, less maintenance and fast distributed playback. Sahi runs on any modern browser which supports javascript.

For testing teams in product companies and captive IT units which need rapid reliable web automation, Sahi would be the best choice among web automation tools. 

Record & Playback on Any Browser

Record and playback any web application on any browser, any operating system. Recording saves time and helps non-technical users contribute to automation. The Sahi Controller helps easily identify and experiment with elements on any browser. The same script works on all browsers 

Smart Accessor Identification

Sahi identifies elements in simple stable ways. Sahi works even on applications with dynamic ids, using _near, _in etc. APIs to easily locate one element with respect to another. Sahi can automate applications built using ExtJS, ZK, Dojo, YUI or any other framework. 

AJAX? No Timeout Issues

Sahi’s technology eliminates need for wait statements even for inconsistent page loads and AJAX. Sahi tests are stable and do not fail because of timing issues. Sahi scripts need less code and are easier to maintain. 

Rich Inbuilt Reports and Logs

See complete information of script execution. From concise summaries and graphs across runs, to exact line of script failure in code, get full end to end reporting. All logs are stored in database. Reports can be easily customized. 

Fast Parallel Batch Playback

Club together thousands of Sahi scipts in a suite file and let Sahi execute them in parallel on one machine or distribute it across machines. Cut play back time by upto 90%. Run from command line, ant or build and continuous integration systems. 

Simple Powerful Scripting

Sahi Script is based on Javascript. Interact with your File-System, Databases, Excel sheets, CSV files with ease. Call any Java code or library from Sahi Script to get added power. 

Inbuilt Excel Framework

Use the inbuilt Excel Framework to let your business analysts and non technical testers contribute to testing. Easily test from the Controller. Get detailed inbuilt reports.

Download Sahi

[IP-reputation-snort-rule-generator] A tool to generate Snort rules based on public IP reputation data

December 17, 2013, 4:21 pm

≫ Next: [Harald scan] Bluetooth discovery scanning

≪ Previous: [Sahi] Web Test Automation Tool

$

0

0

A tool to generate Snort rules or Cisco IDS signatures based on public IP/domain reputation data.

Usage

./tepig.pl [ [--file=LOCAL_FILE] | [--url=URL] ] [--csv=FIELD_NUM] [--sid=INITIAL_SID] [--ids=[snort|cisco]] | --help

LOCAL_FILE is a file stored locally that contains a list of malicious domains, IP addresses and/or URLs. If omitted then it is assumed that a URL is provided. URL is a URL that contains a list of malicious domains, IP addresses or URLs. The default is https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist. FIELD_NUM is the field number (indexing from 0) that contains the information of interest. If omitted then the file is treated as a simple list. INITIAL_SID is the SID that will be applied to the first rule. Every subsequent rule will increment the SID value. The default is 9000000.

Examples

Malicious IP address

./tepig.pl --url=https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist
https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist is a plain text file containing a list of known bad IP addresses. At the time of writing, the first entry is 108.161.130.191. The first rule output would be:
alert ip any any <> 108.161.130.191 any (msg:"Traffic to known bad IP (108.161.130.191)"; reference:"url,https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist"; sid:9000000; rev:0;)
This rule looks for any traffic going to or coming from the bad IP address.

Malicious Domain

./tepig.pl --url=http://doc.emergingthreats.net/pub/Main/RussianBusinessNetwork/Storm_2_domain_objects_3-11-2011.txt
http://doc.emergingthreats.net/pub/Main/RussianBusinessNetwork/Storm_2_domain_objects_3-11-2011.txt is a plain text file containing a list of known bad domain names. At the time of writing the first entry is *.bethira.com. The first rule output would be:
alert udp any any -> any 53 (msg:"Suspicious DNS lookup for *.bethira.com"; reference:"url,http://doc.emergingthreats.net/pub/Main/RussianBusinessNetwork/Storm_2_domain_objects_3-11-2011.txt"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth: 10; offset: 2; content:"|07|bethira|03|com"; nocase; distance:0; sid:9000000; rev:0;)
This rule looks for any DNS lookup for the bad domain.

Download IP-reputation-snort-rule-generato

[Harald scan] Bluetooth discovery scanning

December 17, 2013, 4:29 pm

≫ Next: [Cryptocat] Chat Client with encrypted conversations on iPhone and Android

≪ Previous: [IP-reputation-snort-rule-generator] A tool to generate Snort rules based on public IP reputation data

$

0

0

Harald Scan is able to determine Major and Minor device class of device, as well as attempt to resolve the device's MAC address to the largest known Bluetooth MAC address Vendor list.

If you are running Harald Scan and see a entry with 'Unknown' in the vendor column please email me the file which is created in the same directory with the first 8 characters of the MAC address.
Feature Requests If you would like to see a feature added the Harald Scan, Fill in a Issue report and set the label as Type-Enhancement

Download Harald scan