Quantcast
Channel: KitPloit - PenTest Tools!
Viewing all 5854 articles
Browse latest View live

IP Obfuscator - Simple Tool To Convert An IP Into Integer, Hexadecimal Or Octal Form

December 20, 2018, 4:08 am
$
0
0

IP Obfuscator is a simple tool written in python to convert an IP into different obfuscated forms. This tool will help you to obfuscate host addresses into integer, hexadecimal or octal form.

What is Obfuscation?
"In software development, obfuscation is the deliberate act of creating source or machine code that is difficult for humans to understand. Like obfuscation in natural language, it may use needlessly roundabout expressions to compose statements. Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic or implicit values embedded in it, primarily, in order to prevent tampering, deter reverse engineering, or even as a puzzle or recreational challenge for someone reading the source code. This can be done manually or by using an automated tool, the latter being the preferred technique in industry." -wikipedia-
Example:
Standard readable URL of Google looks like this https://www.google.com. But every single URL can be called by server's IP address as well. Therefore http://74.125.68.99 is the equivalant server IP of https://www.google.com. This tool hides this plain text IPv4 address so that it is is difficult for humans to understand. Following are the obfuscated forms of http://74.125.68.99


How to Install and Run in Linux
[1] Enter the following command in the terminal to download it.
git clone https://github.com/Sameera-Madhushan/IP-Obfuscator.py
[2] After downloading the program, enter the following command to navigate to the Digger directory and listing the contents
cd IP-Obfuscator && ls
[3] Now run the script with following command.
python3 IP-Obfuscator.py

How to Install and Run in Windows
[1] Download and run Python 2.7.x and Python 3.7 setup file from Python.org
  • In Install Python 3.7, enable Add Python 3.6 to PATH
[2] Download and run Git setup file from Git-scm.com, choose Use Git from Windows Command Propmt.
[3] Afther that, Run Command Propmt and enter this commands:
git clone https://github.com/Sameera-Madhushan/IP-Obfuscator
cd IP-Obfuscator
python3 IP-Obfuscator.py


Search

Doppelganger - Python Script To Scan Duplicate Copies In A Given Directory

December 20, 2018, 12:26 pm
$
0
0

Doppelganger is a python script to scan duplicate copies in a given directory. This tool compare not only file names, but also file hashes to ensure no false search results.

Features
  • Find duplicate music
  • Find duplicate videos
  • Find duplicate pictures
  • Find duplicate documents

How doppelganger search duplicate files


How to Install and Run in Linux
[1] Enter the following command in the terminal to download it.
git clone https://github.com/Sameera-Madhushan/Doppelganger
[2] After downloading the program, enter the following command to navigate to the Digger directory and listing the contents
cd Doppelganger && ls
[3] Now run the script with following command.
python3 doppelganger.py

How to Install and Run in Windows
[1] Download and run Python 2.7.x and Python 3.7 setup file from Python.org
In Install Python 3.7, enable Add Python 3.6 to PATH [2] Download and run Git setup file from Git-scm.com, choose Use Git from Windows Command Propmt.
[3] Afther that, Run Command Propmt and enter this commands:
cd Doppelganger  python3 doppelganger.py


W3Brute - Automatic Web Application Brute Force Attack Tool

December 21, 2018, 4:32 am
$
0
0

w3brute is an open source penetration testing tool that automates attacks directly to the website's login page. w3brute is also supported for carrying out brute force attacks on all websites.

Features
  1. Scanner:
w3brute has a scanner feature that serves to support the bruteforce attack process. this is a list of available scanners:
  • automatically detects target authentication type.
  • admin page scanner.
  • SQL injection scanner vulnerability.
  1. Attack Method:
w3brute can attack using various methods of attack. this is a list of available attack methods:
  • SQL injection bypass authentication
  • mixed credentials (username + SQL injection queries)
  1. Support:
  • multiple target
  • google dorking
  • a list of supported web interface types to attack:
    • web shell
    • HTTP 401 UNAUTHORIZED (Basic and Digest)
  • create file results brute force attack. supported file format type:
    • CSV (default)
    • HTML
    • SQLITE3
  • custom credentials (username, password, domain) (supported zip file)
  • custom HTTP requests (User-Agent, timeout, etc)
  • and much more...

Installation
You can download the latest version of the tarball file here or zipball here. If you have installed the git package, you can clone the Git repository in a way, as below:
git clone https://github.com/aprilahijriyan/w3brute.git
w3brute can be run with Python version 2.6.x or 2.7.x on all platforms.

Usage
To get all list of options on w3brute tool:
python w3brute.py -h
Examples:
# basic usage
$ python w3brute.py -t http://www.example.com/admin/login.php
# look for the admin page
$ python w3brute.py -t http://www.example.com/ --admin
# uses a password file zip list. (syntax => <path><;filename>[:password])
$ python w3brute.py -t http://www.example.com/ --admin -u admin -p /path/to/file.zip;filename.txt # (if the file is encrypted: /path/to/file.zip;filename.txt:password)
# slice the password from the list. (syntax => <start>[:stop][:step])
$ python w3brute.py -t http://www.example.com/ --admin -u admin -sP 20000

Video


Links


Ustealer - Ubuntu Stealer, Steal Ubuntu Information In Local PC

December 21, 2018, 12:56 pm
$
0
0

Ubuntu stealer, steal ubuntu information in local pc (nice with usb key)

Require
  • G++
    sudo apt-get install g++
  • libsqlite3
    sudo apt-get install libsqlite3-dev

Compilation
Go in Ustealer/ folder and run makefile
make

Use
./ustealer


SharpWeb - .NET 2.0 CLR Project To Retrieve Saved Browser Credentials From Google Chrome, Mozilla Firefox And Microsoft Internet Explorer/Edge

December 22, 2018, 5:10 am
$
0
0

SharpWeb is a .NET 2.0 CLR compliant project that can retrieve saved logins from Google Chrome, Firefox, Internet Explorer and Microsoft Edge. In the future, this project will be expanded upon to retrieve Cookies and History items from these browsers.

Usage
Usage:
    .\SharpWeb.exe arg0 [arg1 arg2 ...]

Arguments:
    all       - Retrieve all Chrome, FireFox and IE/Edge credentials.
    full      - The same as 'all'
    chrome    - Fetch saved Chrome logins.
    firefox   - Fetch saved FireFox logins.
    edge      - Fetch saved Internet Explorer/Microsoft Edge logins.

Example: Retrieve Edge and Firefox Credentials
.\SharpWeb.exe edge firefox

Example: Retrieve All Saved Browser Credentials
.\SharpWeb.exe all

Standing on the Shoulders of Giants
This project uses the work of @plainprogrammer and his work on a compliant .NET 2.0 CLR compliant SQLite parser, which can be found here. In addition, @gourk created a wonderful ASN parser and cryptography helpers for decrypting and parsing the FireFox login files. It uses a revised version of his work (found here) to parse these logins out. Without their work this project would not have come together nearly as quickly as it did.


nodeCrypto - Ransomware Written In NodeJs

December 22, 2018, 12:44 pm
$
0
0

Ransomware written in NodeJs.

Install and run
git clone https://github.com/atmoner/nodeCrypto.git
cd nodeCrypto && npm install
You must edit first variable in index.js
Once your configuration is complete, you can start the ransomware.
node index.js
The files at the root of the web server will encrypt and send to the server.

Install server
Upload all file of server/ folder on your webserver.
Create a sql database and import sql/nodeCrypto.sql
Edit server/libs/db.php and add your SQL ID.


BruteX v1.9 - Automatically Brute Force All Services Running On A Target

December 23, 2018, 4:45 am
$
0
0

Automatically brute force all services running on a target
  • Open ports
  • Usernames
  • Passwords

INSTALL:
./install.sh

USAGE:
brutex target <port>

DOCKER:
docker build -t brutex .
docker run -it brutex target <port>

DEMO VIDEO:



Hatch - Tool To Brute Force Most Websites

December 23, 2018, 12:44 pm
$
0
0

Hatch is a brute force tool that is used to brute force most websites

Installation Instructions
git clone https://github.com/MetaChar/Hatch
python2 main.py

Requirements
pip2 install selenium
pip2 install pyvirtualdisplay
pip2 install requests
sudo apt-get install xserver-xephyr
chrome driver and chrome are also required! link to chrome driver: http://chromedriver.chromium.org/downloads copy it to bin!

How to use (text)
1). Find a website with a login page
2). Inspect element to find the Selector of the username form
3). Do the same for the password field
4). The the login form
5). When Asked put in the username to brute force
6). Watch it go!

How to use (Video)



Search

SQLiScanner - Automatic SQL Injection With Charles And Sqlmap API

December 24, 2018, 4:46 am
$
0
0

Automatic SQL injection with Charles and sqlmapapi

Dependencies
  • Django
  • PostgreSQL
  • Celery
  • sqlmap
  • redis

Supported platforms
  • Linux
  • osx

Installation
Preferably, you can download SQLiScanner by cloning the Git repository:
git clone https://github.com/0xbug/SQLiScanner.git --depth 1
You can download sqlmap by cloning the Git repository:
git clone https://github.com/sqlmapproject/sqlmap.git --depth 1
SQLiScanner works with Python version 3.x on Linux and osx.
Create virtualenv and install requirements
cd SQLiScanner/
virtualenv --python=/usr/local/bin/python3.5 venv
source venv/bin/activate
pip install -r requirements.txt

Setting
DATABASES Setting
SQLiScanner/settings.py:85
DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql',
        'NAME': '',
        'USER': '',
        'PASSWORD': '',
        'HOST': '127.0.0.1',
        'PORT': '5432',
    }
}
SendEmail Setting
SQLiScanner/settings.py:158
# Email

EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_USE_TLS = False
EMAIL_HOST = ''
EMAIL_PORT = 25
EMAIL_HOST_USER = ''
EMAIL_HOST_PASSWORD = ''
DEFAULT_FROM_EMAIL = ''
scanner/tasks.py:14
class SqlScanTask(object):
    def __init__(self, sqli_obj):
        self.api_url = "http://127.0.0.1:8775"
        self.mail_from = ""
        self.mail_to = [""]

Syncdb
python manage.py makemigrations scanner
python manage.py migrate

Create superuser
python manage.py createsuperuser

Run
redis-server
python sqlmapapi.py -s -p 8775
python manage.py celery worker --loglevel=info
python manage.py runserver


PA Toolkit - A Collection Of Traffic Analysis Plugins Focused On Security

December 24, 2018, 12:32 pm
$
0
0

PA Toolkit is a collection of traffic analysis plugins to extend the functionality of Wireshark from a micro-analysis tool and protocol dissector to the macro analyzer and threat hunter. PA Toolkit contains plugins (both dissectors and taps) covering various scenarios for multiple protocols, including:
  • WiFi (WiFi network summary, Detecting beacon, deauth floods etc.)
  • HTTP (Listing all visited websites, downloaded files)
  • HTTPS (Listing all websites opened on HTTPS)
  • ARP (MAC-IP table, Detect MAC spoofing and ARP poisoning)
  • DNS (Listing DNS servers used and DNS resolution, Detecting DNS Tunnels)
The project is under active development and more plugins will be added in near future.
This material was created while working on "Traffic Analysis: TSHARK Unleashed" course. Those interested can check the course here: https://www.pentesteracademy.com/course?id=42

Installation
Steps:
  1. Copy the "plugins" directory to Wireshark plugins directory.
  2. Start wireshark. :)
One can get the location of wireshark plugins directory by checking Help > About Wireshark > Folders



Tool featured at

Author
Under the guidance of Mr. Vivek Ramachandran, CEO, Pentester Academy


Documentation
For more details refer to the "PA-Toolkit.pdf" PDF file. This file contains the slide deck used for presentations.


Screenshots
PA Toolkit after installation


List of websites visited over HTTP


Search functionality


Domain to IP mappings



Pocsuite v2.0.8 - Remote Vulnerability Testing Framework Developed By The Knownsec Security Team

December 25, 2018, 4:39 am
$
0
0
Pocsuite is an open-sourced remotevulnerabilitytesting and proof-of-concept development framework developed by the Knownsec Security Team. It comes with a powerful proof-of-concept engine, many niche features for the ultimate penetration testers and security researchers.

How to use

Pocsuite with seebug PoC search and zoomeye dork


Pocsuite with seebug PoC and zoomeye dork


Pocsuite with zoomeye API


Pocsuite with seebug PoC API online


Requirements
  • Python 2.6+
  • Works on Linux, Windows, Mac OSX, BSD

Installation
The quick way:
$ pip install pocsuite
Or click here to download the latest source zip package and extract
$ wget https://github.com/knownsec/Pocsuite/archive/master.zip
$ unzip master.zip
The latest version of this software is available from: http://pocsuite.org

Documentation
Documentation is available in the english docs / chinese docs directory.

Links


stoQ - An Open Source Framework For Enterprise Level Automated Analysis

December 25, 2018, 12:20 pm
$
0
0


stoQ is a automation framework that helps to simplify the more mundane and repetitive tasks an analyst is required to do. It allows analysts and DevSecOps teams the ability to quickly transition from different data sources, databases, decoders/encoders, and numerous other tasks. stoQ was designed to be enterprise ready and scalable, while also being lean enough for individual security researchers.
Want to learn more? Read some of the blog posts we've written to learn more.

Plugins
stoQ currently has over 40 publicly available plugins. These plugins are available separately in the plugin repository

Installation and Documenation
Want to get started quickly? Check out the docker image.
stoQ requires a minimum of python 3.4. Installation on Debian based systems is as simple as running a script. For detailed instructions on how to install stoQ, to include the installation script, please visit stoQ's install documentation. If you're interested in learning more about stoQ, to include how to develop your own plugins, checkout the full documentation.


Keyfinder - A Tool For Finding And Analyzing Private (And Public) Key Files, Including Support For Android APK Files

December 26, 2018, 4:24 am
$
0
0

CERT Keyfinder is a utility for finding and analyzing key files on a filesystem as well as contained within Android APK files. CERT Keyfinder development was sponsored by the United States Department of Homeland Security (DHS). Installation requirements:
  1. Python (3.x recommended)
    • androguard
    • python-magic
    • PyOpenSSL
  2. apktool
  3. grep
  4. OpenSSL
  5. Java

Installation
  1. Obtain the Keyfinder code. This can be accomplished by performing a git clone of the Keyfinder repository, or by downloading a zip file of the repository.
  2. Install Python dependencies: $ pip3 install androguard python-magic PyOpenSSL On Windows platforms, use the python-magic-bin package instead of python-magic. This will provide the DLL required to analyze file magic.

Keyfinder Usage
$ python3 keyfinder.py
usage: A tool for analyzing key files, with Android APK support
       [-h] [-e EXTRACT_APK] [-u] [-k CHECK_KEYFILE] [-p PASSWORD] [-v] [-d]
       [apkpath]

positional arguments:
  apkpath               APK file or directory

optional arguments:
  -h, --help            show this help message and exit
  -e EXTRACT_APK, --extract EXTRACT_APK
                        Extract specified APK using apktool
  -u, --checkused       Check if the key file is referenced by the app (slow)
  -k CHECK_KEYFILE, --key CHECK_KEYFILE
                        Key file or directory
  -p PASSWORD, --password PASSWORD
                        Specify password
  -v, --verbose         Verbose output
  -d, --debug           Debug output

Key Parsing
CERT Keyfinder can be used to scan the files on your system, reporting only private and/or password-protected key files by default.

Simple Example
For example, running Keyfinder on the ~ directory on a CERT Tapioca system:
$ python keyfinder.py -k ~/tapioca
keyfile: /home/tapioca/tapioca/.mitmproxy/mitmproxy-ca-cert.p12
type: pkcs12
protected: True

=====================

keyfile: /home/tapioca/tapioca/.mitmproxy/mitmproxy-ca.pem
private: True
protected: False
iskey: True
iscert: True
encoding: pem
type: pkcs8
certhash: 902073e933d0bf9b3da49a3a120d0adecdf031960f87576947bdc3157cd62d8e
keyhash: 3aae8d85450bae20aaf360d046bc0d90b2998800b3a7356f0742ef6a8824e423

=====================
The above command line will look at every file in the specified directory, determine if it is a possible key file by using the file extension and file magic, and finally it will display brief details for any file that is determined to be a private and/or password-protected key file.

Verbose Output
If we wish to get more details, we can run the same command line, but with the verbose -v flag:
$ python keyfinder.py -k ~/tapioca -v
keyfile: /home/tapioca/tapioca/.mitmproxy/mitmproxy-ca-cert.cer
x509text: 
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15259797775478 (0xde0f2d36476)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=mitmproxy, O=mitmproxy
        Validity
            Not Before: May  8 19:16:17 2018 GMT
            Not After : May  9 19:16:17 2021 GMT
        Subject: CN=mitmproxy, O=mitmproxy
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b0:91:be:f6:cc:62:5f:fd:af:9e:48:1e:b9:c5:
                    59:ca:36:f0:02:a7:e5:62:48:5c:26:1b:78:c1:3a:
                    74:02:0f:af:85:74:0c:d7:24:5f:85:4c:ce:e0:9b:
                    2f:3f:0a:85:ba:8f:36:3e:bc:4b:3b:3c:13:d8:8f:
                    b9:46:38:42:69:9c:b2:7e:51:fa:cc:ab:fc:57:95:
                    49:89:45:5c:a2:17:b9:6c:fc:a3:f6:0c:df:50:9e:
                    36:28:71:1e:43:d2:e7:13:0a:ec:25:e1:5d:27:a5:
                    69:5d:48:75:f2:4c:44:3f:b6:cd:33:a2:db:49:d3:
                    97:4d:4f:2c:60:ac:a0:4f:4a:96:19:52:d9:4d:b9:
                    ce:70:49:e6:2d:eb:99:c6:cb:45:8c:5b:df:79:0a:
                    10:53:44:ac:c2:a3:6c:fd:7d:a3:04:93:73:5e:2e:
                    d2:d9:b9:c9:f2:5d:ad:a0:68:6e:b9:43:31:2e:2b:
                    31:b5:8d:2b:09:04:7b:63:1e:79:5a:0b:cc:02:16:
                    7e:6c:7e:0b:04:d0:07:d6:3b:f9:6d:f8:80:e4:b5:
                    e2:36:73:ee:c2:6a:a2:b3:ad:20:ac:42:00:24:61:
                    ad:ff:ed:8d:3d:e7:9f:36:ed:51:a1:91:cf:13:60:
                    b4:40:1c:e4:82:29:4e:d5:05:43:36:2d:04:b2:37:
                    c5:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            Netscape Cert Type: 
                SSL CA
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication, E-mail Protection, Time Stamping, Microsoft Individual Code Signing, Microsoft Commercial Code Signing, Microsoft Trust List Signing, Microsoft Server Gated Crypto, Microsoft Encrypted File System, Netscape Server Gated Crypto
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Key Identifier: 
                18:85:41:4C:5B:CD:3F:32:0B:BE:12:F2:C8:6E:98:78:6E:B6:EA:33
    Signature Algorithm: sha256WithRSAEncryption
         9a:84:35:8c:50:81:ae:53:46:cd:25:31:24:22:3a:25:a3:b0:
         c9:bd:68:d9:7f:06:3c:88:cd:23:0e:24:00:06:55:c6:91:0f:
         81:a9:b6:1d:3d:01:58:54:8b:bc:e6:38:f3:0b:1d:fb:6c:d8:
         67:46:d4:0e:cc:5c:ff:17:a4:e6:d0:95:e7:8c:c3:95:4c:80:
         40:51:5b:b7:32:65:2d:50:25:26:0b:4a:d4:9d:35:59:f0:d9:
         cc:1e:2b:54:47:24:02:64:6d:f3:01:85:02:c8:4e:7d:02:13:
         30:0c:92:c8:7c:48:2a:c6:dd:64:54:5f:8e:65:ce:c6:91:27:
         61:e9:c6:51:25:f2:f4:f7:33:7e:48:c5:0e:a1:c1:86:83:6a:
         5a:84:b7:3d:73:28:0b:0c:5a:98:eb:64:1f:a8:72:fd:ca:71:
         3c:e7:37:b4:ff:94:ce:15:3d:d5:f4:e0:18:75:41:3c:f9:63:
         01:6e:de:73:73:1e:bf:e2:02:d7:47:a6:4a:9e:70:2d:ce:06:
         c4:a9:e5:a5:3b:b9:5f:d8:b6:9d:33:58:fc:38:ce:fb:80:0b:
         ad:5d:6f:56:62:ca:81:d1:27:36:5e:6f:03:7b:2b:75:29:bd:
         85:d3:cd:11:a3:32:b7:72:09:d2:87:10:cd:fd:4b:bb:88:28:
         ce:15:3e:d2
SHA256 Fingerprint=90:20:73:E9:33:D0:BF:9B:3D:A4:9A:3A:12:0D:0A:DE:CD:F0:31:96:0F:87:57:69:47:BD:C3:15:7C:D6:2D:8E
-----BEGIN CERTIFICATE-----
MIIDoTCCAomgAwIBAgIGDeDy02R2MA0GCSqGSIb3DQEBCwUAMCgxEjAQBgNVBAMM
CW1pdG1wcm94eTESMBAGA1UECgwJbWl0bXByb3h5MB4XDTE4MDUwODE5MTYxN1oX
DTIxMDUwOTE5MTYxN1owKDESMBAGA1UEAwwJbWl0bXByb3h5MRIwEAYDVQQKDAlt
aXRtcHJveHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwkb72zGJf
/a+eSB65xVnKNvACp+ViSFwmG3jBOnQCD6+FdAzXJF+FTM7gmy8/CoW6jzY+vEs7
PBPYj7lGOEJpnLJ+UfrMq/xXlUmJRVyiF7ls/KP2DN9QnjYocR5D0ucTCuwl4V0n
pWldSHXyTEQ/ts0zottJ05dNTyxgrKBPSpYZUtlNuc5wSeYt65nGy0WMW995ChBT
RKzCo2z9faMEk3NeLtLZucnyXa2gaG65QzEuKzG1jSsJBHtjHnlaC8wCFn5sfgsE
0AfWO/lt+IDkteI2c+7CaqKzrSCsQgAkYa3/7Y0955827VGhkc8TYLRAHOSCKU7V
BUM2LQSyN8XLAgMBAAGjgdAwgc0wDwYDVR0TAQH/BAUwAwEB/zARBglghkgBhvhC
AQEEBAMCAgQweAYDVR0lBHEwbwYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcD
BAYIKwYBBQUHAwgGCisGAQQBgjcCARUGCisGAQQBgjcCARYGCisGAQQBgjcKAwEG
CisGAQQBgjcKAwMGCisGAQQBgjcKAwQGCWCGSAGG+EIEATAOBgNVHQ8BAf8EBAMC
AQYwHQYDVR0OBBYEFBiFQUxbzT8yC74S8shumHhutuozMA0GCSqGSIb3DQEBCwUA
A4IBAQCahDWMUIGuU0bNJTEkIjolo7DJvWjZfwY8iM0jDiQABlXGkQ+BqbYdPQFY
VIu85jjzCx37bNhnRtQOzFz/F6Tm0JXnjMOVTIBAUVu3MmUtUCUmC0rUnTVZ8NnM
HitURyQCZG3zAYUCyE59AhMwDJLIfEgqxt1kVF+OZc7GkSdh6cZRJfL09zN+SMUO
ocGGg2pahLc9cygLDFqY62QfqHL9ynE85ze0/5TOFT3V9OAYdUE8+WMBbt5zcx6/
4gLXR6ZKnnAtzgbEqeWlO7lf2LadM1j8OM77gAutXW9WYsqB0Sc2Xm8Deyt1Kb2F
080RozK3cgnShxDN/Uu7iCjOFT7S
-----END CERTIFICATE-----

private: False
protected: False
type: certificate

=====================

keyfile: /home/tapioca/tapioca/.mitmproxy/mitmproxy-dhparam.pem
private: False
type: DH

=====================

keyfile: /home/tapioca/tapioca/.mitmproxy/mitmproxy-ca-cert.p12
type: pkcs12
protected: True

=====================

keyfile: /home/tapioca/tapioca/.mitmproxy/mitmproxy-ca.pem
private: True
protected: False
iskey: True
iscert: True
encoding: pem
type: pkcs8
certhash: 902073e933d0bf9b3da49a3a120d0adecdf031960f87576947bdc3157cd62d8e
x509text: 
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15259797775478 (0xde0f2d36476)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=mitmproxy, O=mitmproxy
        Validity
            Not Before: May  8 19:16:17 2018 GMT
            Not After : May  9 19:16:17 2021 GMT
        Subject: CN=mitmproxy, O=mitmproxy
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b0:91:be:f6:cc:62:5f:fd:af:9e:48:1e:b9:c5:
                    59:ca:36:f0:02:a7:e5:62:48:5c:26:1b:78:c1:3a:
                    74:02:0f:af:85:74:0c:d7:24:5f:85:4c:ce:e0:9b:
                    2f:3f:0a:85:ba:8f:36:3e:bc:4b:3b:3c:13:d8:8f:
                    b9:46:38:42:69:9c:b2:7e:51:fa:cc:ab:fc:57:95:
                    49:89:45:5c:a2:17:b9:6c:fc:a3:f6:0c:df:50:9e:
                    36:28:71:1e:43:d2:e7:13:0a:ec:25:e1:5d:27:a5:
                    69:5d:48:75:f2:4c:44:3f:b6:cd:33:a2:db:49:d3:
                    97:4d:4f:2c:60:ac:a0:4f:4a:96:19:52:d9:4d:b9:
                    ce:70:49:e6:2d:eb:99:c6:cb:45:8c:5b:df:79:0a:
                    10:53:44:ac:c2:a3:6c:fd:7d:a3:04:93:73:5e:2e:
                    d2:d9:b9:c9:f2:5d:ad:a0:68:6e:b9:43:31:2e:2b:
                    31:b5:8d:2b:09:04:7b:63:1e:79:5a:0b:cc:02:16:
                    7e:6c:7e:0b:04:d0:07:d6:3b:f9:6d:f8:80:e4:b5:
                    e2:36:73:ee:c2:6a:a2:b3:ad:20:ac:42:00:24:61:
                    ad:ff:ed:8d:3d:e7:9f:36:ed:51:a1:91:cf:13:60:
                    b4:40:1c:e4:82:29:4e:d5:05:43:36:2d:04:b2:37:
                    c5:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            Netscape Cert Type: 
                SSL CA
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication, E-mail Protection, Time Stamping, Microsoft Individual Code Signing, Microsoft Commercial Code Signing, Microsoft Trust List Signing, Microsoft Server Gated Crypto, Microsoft Encrypted File System, Netscape Server Gated Crypto
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Key Identifier: 
                18:85:41:4C:5B:CD:3F:32:0B:BE:12:F2:C8:6E:98:78:6E:B6:EA:33
    Signature Algorithm: sha256WithRSAEncryption
         9a:84:35:8c:50:81:ae:53:46:cd:25:31:24:22:3a:25:a3:b0:
         c9:bd:68:d9:7f:06:3c:88:cd:23:0e:24:00:06:55:c6:91:0f:
         81:a9:b6:1d:3d:01:58:54:8b:bc:e6:38:f3:0b:1d:fb:6c:d8:
         67:46:d4:0e:cc:5c:ff:17:a4:e6:d0:95:e7:8c:c3:95:4c:80:
         40:51:5b:b7:32:65:2d:50:25:26:0b:4a:d4:9d:35:59:f0:d9:
         cc:1e:2b:54:47:24:02:64:6d:f3:01:85:02:c8:4e:7d:02:13:
         30:0c:92:c8:7c:48:2a:c6:dd:64:54:5f:8e:65:ce:c6:91:27:
         61:e9:c6:51:25:f2:f4:f7:33:7e:48:c5:0e:a1:c1:86:83:6a:
         5a:84:b7:3d:73:28:0b:0c:5a:98:eb:64:1f:a8:72:fd:ca:71:
         3c:e7:37:b4:ff:94:ce:15:3d:d5:f4:e0:18:75:41:3c:f9:63:
         01:6e:de:73:73:1e:bf:e2:02:d7:47:a6:4a:9e:70:2d:ce:06:
         c4:a9:e5:a5:3b:b9:5f:d8:b6:9d:33:58:fc:38:ce:fb:80:0b:
         ad:5d:6f:56:62:ca:81:d1:27:36:5e:6f:03:7b:2b:75:29:bd:
         85:d3:cd:11:a3:32:b7:72:09:d2:87:10:cd:fd:4b:bb:88:28:
         ce:15:3e:d2
SHA256 Fingerprint=90:20:73:E9:33:D0:BF:9B:3D:A4:9A:3A:12:0D:0A:DE:CD:F0:31:96:0F:87:57:69:47:BD:C3:15:7C:D6:2D:8E
-----BEGIN CERTIFICATE-----
MIIDoTCCAomgAwIBAgIGDeDy02R2MA0GCSqGSIb3DQEBCwUAMCgxEjAQBgNVBAMM
CW1pdG1wcm94eTESMBAGA1UECgwJbWl0bXByb3h5MB4XDTE4MDUwODE5MTYxN1oX
DTIxMDUwOTE5MTYxN1owKDESMBAGA1UEAwwJbWl0bXByb3h5MRIwEAYDVQQKDAlt
aXRtcHJveHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwkb72zGJf
/a+eSB65xVnKNvACp+ViSFwmG3jBOnQCD6+FdAzXJF+FTM7gmy8/CoW6jzY+vEs7
PBPYj7lGOEJpnLJ+UfrMq/xXlUmJRVyiF7ls/KP2DN9QnjYocR5D0ucTCuwl4V0n
pWldSHXyTEQ/ts0zottJ05dNTyxgrKBPSpYZUtlNuc5wSeYt65nGy0WMW995ChBT
RKzCo2z9faMEk3NeLtLZucnyXa2gaG65QzEuKzG1jSsJBHtjHnlaC8wCFn5sfgsE
0AfWO/lt+IDkteI2c+7CaqKzrSCsQgAkYa3/7Y0955827VGhkc8TYLRAHOSCKU7V
BUM2LQSyN8XLAgMBAAGjgdAwgc0wDwYDVR0TAQH/BAUwAwEB/zARBglghkgBhvhC
AQEEBAMCAgQweAYDVR0lBHEwbwYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcD
BAYIKwYBBQUHAwgGCisGAQQBgjcCARUGCisGAQQBgjcCARYGCisGAQQBgjcKAwEG
CisGAQQBgjcKAwMGCisGAQQBgjcKAwQGCWCGSAGG+EIEATAOBgNVHQ8BAf8EBAMC
AQYwHQYDVR0OBBYEFBiFQUxbzT8yC74S8shumHhutuozMA0GCSqGSIb3DQEBCwUA
A4IBAQCahDWMUIGuU0bNJTEkIjolo7DJvWjZfwY8iM0jDiQABlXGkQ+BqbYdPQFY
VIu85jjzCx37bNhnRtQOzFz/F6Tm0JXnjMOVTIBAUVu3MmUtUCUmC0rUnTVZ8NnM
HitURyQCZG3zAYUCyE59AhMwDJLIfEgqxt1kVF+OZc7GkSdh6cZRJfL09zN+SMUO
ocGGg2pahLc9cygLDFqY62QfqHL9ynE85ze0/5TOFT3V9OAYdUE8+WMBbt5zcx6/
4gLXR6ZKnnAtzgbEqeWlO7lf2LadM1j8OM77gAutXW9WYsqB0Sc2Xm8Deyt1Kb2F
080RozK3cgnShxDN/Uu7iCjOFT7S
-----END CERTIFICATE-----

keyhash: 3aae8d85450bae20aaf360d046bc0d90b2998800b3a7356f0742ef6a8824e423

=====================

keyfile: /home/tapioca/tapioca/.mitmproxy/mitmproxy-ca-cert.pem
x509text: 
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15259797775478 (0xde0f2d36476)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=mitmproxy, O=mitmproxy
        Validity
            Not Before: May  8 19:16:17 2018 GMT
            Not After : May  9 19:16:17 2021 GMT
        Subject: CN=mitmproxy, O=mitmproxy
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b0:91:be:f6:cc:62:5f:fd:af:9e:48:1e:b9:c5:
                    59:ca:36:f0:02:a7:e5:62:48:5c:26:1b:78:c1:3a:
                    74:02:0f:af:85:74:0c:d7:24:5f:85:4c:ce:e0:9b:
                    2f:3f:0a:85:ba:8f:36:3e:bc:4b:3b:3c:13:d8:8f:
                    b9:46:38:42:69:9c:b2:7e:51:fa:cc:ab:fc:57:95:
                    49:89:45:5c:a2:17:b9:6c:fc:a3:f6:0c:df:50:9e:
                    36:28:71:1e:43:d2:e7:13:0a:ec:25:e1:5d:27:a5:
                    69:5d:48:75:f2:4c:44:3f:b6:cd:33:a2:db:49:d3:
                    97:4d:4f:2c:60:ac:a0:4f:4a:96:19:52:d9:4d:b9:
                    ce:70:49:e6:2d:eb:99:c6:cb:45:8c:5b:df:79:0a:
                    10:53:44:ac:c2:a3:6c:fd:7d:a3:04:93:73:5e:2e:
                    d2:d9:b9:c9:f2:5d:ad:a0:68:6e:b9:43:31:2e:2b:
                    31:b5:8d:2b:09:04:7b:63:1e:79:5a:0b:cc:02:16:
                    7e:6c:7e:0b:04:d0:07:d6:3b:f9:6d:f8:80:e4:b5:
                    e2:36:73:ee:c2:6a:a2:b3:ad:20:ac:42:00:24:61:
                    ad:ff:ed:8d:3d:e7:9f:36:ed:51:a1:91:cf:13:60:
                    b4:40:1c:e4:82:29:4e:d5:05:43:36:2d:04:b2:37:
                    c5:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            Netscape Cert Type: 
                SSL CA
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication, E-mail Protection, Time Stamping, Microsoft Individual Code Signing, Microsoft Commercial Code Signing, Microsoft Trust List Signing, Microsoft Server Gated Crypto, Microsoft Encrypted File System, Netscape Server Gated Crypto
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Key Identifier: 
                18:85:41:4C:5B:CD:3F:32:0B:BE:12:F2:C8:6E:98:78:6E:B6:EA:33
    Signature Algorithm: sha256WithRSAEncryption
         9a:84:35:8c:50:81:ae:53:46:cd:25:31:24:22:3a:25:a3:b0:
         c9:bd:68:d9:7f:06:3c:88:cd:23:0e:24:00:06:55:c6:91:0f:
         81:a9:b6:1d:3d:01:58:54:8b:bc:e6:38:f3:0b:1d:fb:6c:d8:
         67:46:d4:0e:cc:5c:ff:17:a4:e6:d0:95:e7:8c:c3:95:4c:80:
         40:51:5b:b7:32:65:2d:50:25:26:0b:4a:d4:9d:35:59:f0:d9:
         cc:1e:2b:54:47:24:02:64:6d:f3:01:85:02:c8:4e:7d:02:13:
         30:0c:92:c8:7c:48:2a:c6:dd:64:54:5f:8e:65:ce:c6:91:27:
         61:e9:c6:51:25:f2:f4:f7:33:7e:48:c5:0e:a1:c1:86:83:6a:
         5a:84:b7:3d:73:28:0b:0c:5a:98:eb:64:1f:a8:72:fd:ca:71:
         3c:e7:37:b4:ff:94:ce:15:3d:d5:f4:e0:18:75:41:3c:f9:63:
         01:6e:de:73:73:1e:bf:e2:02:d7:47:a6:4a:9e:70:2d:ce:06:
         c4:a9:e5:a5:3b:b9:5f:d8:b6:9d:33:58:fc:38:ce:fb:80:0b:
         ad:5d:6f:56:62:ca:81:d1:27:36:5e:6f:03:7b:2b:75:29:bd:
         85:d3:cd:11:a3:32:b7:72:09:d2:87:10:cd:fd:4b:bb:88:28:
         ce:15:3e:d2
SHA256 Fingerprint=90:20:73:E9:33:D0:BF:9B:3D:A4:9A:3A:12:0D:0A:DE:CD:F0:31:96:0F:87:57:69:47:BD:C3:15:7C:D6:2D:8E
-----BEGIN CERTIFICATE-----
MIIDoTCCAomgAwIBAgIGDeDy02R2MA0GCSqGSIb3DQEBCwUAMCgxEjAQBgNVBAMM
CW1pdG1wcm94eTESMBAGA1UECgwJbWl0bXByb3h5MB4XDTE4MDUwODE5MTYxN1oX
DTIxMDUwOTE5MTYxN1owKDESMBAGA1UEAwwJbWl0bXByb3h5MRIwEAYDVQQKDAlt
aXRtcHJveHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwkb72zGJf
/a+eSB65xVnKNvACp+ViSFwmG3jBOnQCD6+FdAzXJF+FTM7gmy8/CoW6jzY+vEs7
PBPYj7lGOEJpnLJ+UfrMq/xXlUmJRVyiF7ls/KP2DN9QnjYocR5D0ucTCuwl4V0n
pWldSHXyTEQ/ts0zottJ05dNTyxgrKBPSpYZUtlNuc5wSeYt65nGy0WMW995ChBT
RKzCo2z9faMEk3NeLtLZucnyXa2gaG65QzEuKzG1jSsJBHtjHnlaC8wCFn5sfgsE
0AfWO/lt+IDkteI2c+7CaqKzrSCsQgAkYa3/7Y0955827VGhkc8TYLRAHOSCKU7V
BUM2LQSyN8XLAgMBAAGjgdAwgc0wDwYDVR0TAQH/BAUwAwEB/zARBglghkgBhvhC
AQEEBAMCAgQweAYDVR0lBHEwbwYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcD
BAYIKwYBBQUHAwgGCisGAQQBgjcCARUGCisGAQQBgjcCARYGCisGAQQBgjcKAwEG
CisGAQQBgjcKAwMGCisGAQQBgjcKAwQGCWCGSAGG+EIEATAOBgNVHQ8BAf8EBAMC
AQYwHQYDVR0OBBYEFBiFQUxbzT8yC74S8shumHhutuozMA0GCSqGSIb3DQEBCwUA
A4IBAQCahDWMUIGuU0bNJTEkIjolo7DJvWjZfwY8iM0jDiQABlXGkQ+BqbYdPQFY
VIu85jjzCx37bNhnRtQOzFz/F6Tm0JXnjMOVTIBAUVu3MmUtUCUmC0rUnTVZ8NnM
HitURyQCZG3zAYUCyE59AhMwDJLIfEgqxt1kVF+OZc7GkSdh6cZRJfL09zN+SMUO
ocGGg2pahLc9cygLDFqY62QfqHL9ynE85ze0/5TOFT3V9OAYdUE8+WMBbt5zcx6/
4gLXR6ZKnnAtzgbEqeWlO7lf2LadM1j8OM77gAutXW9WYsqB0Sc2Xm8Deyt1Kb2F
080RozK3cgnShxDN/Uu7iCjOFT7S
-----END CERTIFICATE-----

private: False
protected: False
type: certificate

=====================
Here we can see public keys and X509 text output for certificates.

APK Parsing
CERT Keyfinder started its life as part of the framework used to perform my experiment to find private keys in Android apps. As such, Keyfinder includes the ability to parse Android application APK files.

Simple APK Example
$ python3 keyfinder.py com.shopgate.android.app21760.apk 
Reached a NAMESPACE_END without having the namespace stored before? Prefix ID: 24, URI ID: 25
testapks/com.shopgate.android.app21760.apk distributes its signing key as: res/raw/keystore.jks
testapks/com.shopgate.android.app21760.apk includes private,protected key:  res/raw/keystore.jks (Java KeyStore)
testapks/com.shopgate.android.app21760.apk includes protected key:  res/raw/shopgate_bks_neu.bks (BouncyCastle Keystore V1)
test@test-virtual-machine:/mnt/v1/keyfinder$
Here we can see that the application in question includes a Java KeyStore file that is protected, and also that it includes a private key in it. Even thouth the Java KeyStore is protected with a password, the KeyStore file does not hide what the contents are. Keyfinder leverages this weakness to change the KeyStore password and then parse the contents using the native Java keytool utility. Also of interest in this case is the fact that the private key res/raw/keystore.jks contains the private key used to sign the Android application itself. Google indicates that managing your key and keeping it secure are very important, both for you and for your users, but in this case the application author has distributed it to the public!

crt.sh Checking
For any key found by Keyfinder, the key's SHA256 signature is queried in the crt.sh website. This website monitors several certificate transparency sources to check whether a key or certificate has been seen in the wild. The usual reason for this is because an HTTPS web server is using a specified key or a certificate. CERT Keyfinder will query crt.sh using two sources of information:
  • The hash of a certificate that is located in a keystore that contains a private key
  • The hash of a public key that has been extracted from a private key
When CERT Keyfinder reports that a key is located in crt.sh, this is likely a cause for concern. The reason for this concern is because a private key associated with a certificate listed in a certificate transparency database is likely a key that should not be accessible to the public. For example, any Android APK from the Google Play is obviously publicly available. This is not the place for a private key for an HTTPS website key
$ python3 keyfinder.py apks/ireland.numt.aplykey.apk
apks/ireland.numt.aplykey.apk includes private key:  assets/sample-keys/ca.key (pkcs5)
apks/ireland.numt.aplykey.apk includes private key:  assets/sample-keys/client.key (pkcs5)
Enter pass phrase for keys/ireland.numt.aplykey/assets/sample-keys/pass.key:apks/ireland.numt.aplykey.apk includes private,protected key:  assets/sample-keys/pass.key (pkcs5)
apks/ireland.numt.aplykey.apk includes protected key:  assets/sample-keys/pkcs12.p12 (pkcs12)
apks/ireland.numt.aplykey.apk includes private key:  assets/sample-keys/server.key (pkcs5)
apks/ireland.numt.aplykey.apk key assets/sample-keys/server.key is listed in crt.sh: https://crt.sh/?spkisha256=493f34228ad3179e2dad25a392acae4d2dcaebcf633240a9df9d7f4413c4e681
$
Here we can see that the file assets/sample-keys/server.key is listed in crt.sh as: https://crt.sh/?spkisha256=493f34228ad3179e2dad25a392acae4d2dcaebcf633240a9df9d7f4413c4e681. Because this query is for a public key hash, rather than a certificate itself, we need to click through to any of the seen certificates to get details about what the private key may be used for. By clicking through to https://crt.sh/?id=35604116, we can see that the certificate was issued by Comodo CA Limited for the domain names oxsv.meta-level.de and www.oxsv.meta-level.de. Because this certificate expired in 2013, this issue is perhaps not terribly important. However, one might wonder how the private key assets/sample-keys/server.key ended up in a publicly-released Android application, and also was used by a publicly-available server. The impact of such a key leak may depend on how the server in question is being used.

Key File Usage
Keyfinder includes another capability that can help to determine the functionality of a key used by an Android application. By using the -u option, Keyfinder will extract the APK contents using apktool and then check for APK contents that reference that key file. For example:
$ python3 keyfinder.py apks/by_sha256/06/14/49/06144936809844bcb120d360ecc148679e33fd013c2bdac8bd9d7b63d71a57a4/tntapp.trinitymember.apk -u
I: Using Apktool 2.3.1-dirty on tntapp.trinitymember.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /tmp/tntapp.trinitymember/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
res/raw/sm_private is referenced by extracted/tntapp.trinitymember/smali/tntapp/trinitymember/R$raw.smali
res/raw/sm_private is referenced by extracted/tntapp.trinitymember/res/values/public.xml
apks/by_sha256/06/14/49/06144936809844bcb120d360ecc148679e33fd013c2bdac8bd9d7b63d71a57a4/tntapp.trinitymember.apk includes private key:  res/raw/sm_private (pkcs5)
Here we can see that the Anrdoid code R$raw.smali makes reference to the sm_private key file. If we look at the R$raw.smali file, we can see one reference to sm_private:
.field public static final sm_private:I = 0x7f060001
If we look for 0x7f060001 in the application's code, we can see that it's referenced in smali/tntapp/trinitymember/model/RSA.smali
    const v18, 0x7f060001
    invoke-virtual/range {v17 .. v18}, Landroid/content/res/Resources;->openRawResource(I)Ljava/io/InputStream;
    move-result-object v7
    .line 114
    .local v7, "is":Ljava/io/InputStream;
    new-instance v3, Ljava/io/BufferedReader;
    new-instance v17, Ljava/io/InputStreamReader;
    const-string v18, "UTF-8"
    move-object/from16 v0, v17
    move-object/from16 v1, v18
...
smali code isn't too pretty to look at, so we can decompile the code into Java, which is a little more readable:
    public static byte[] decryptRSA(Context arg20, String arg21) throws Exception {
        System.out.println(":" + arg21);
        byte[] v14 = Base64.decode(arg21.getBytes("UTF-8"), 0);
        BufferedReader v3 = new BufferedReader(new InputStreamReader(arg20.getResources().openRawResource(0x7F060001), "UTF-8"));
        ArrayList v13 = new ArrayList();
        while(true) {
            String v12 = v3.readLine();
            if(v12 == null) {
                break;
            }

            ((List)v13).add(v12);
        }
...
Here we can clearly see that we have a function called decryptRSA, which is opening the private key, which is referenced as resource 0x7F060001. If we trace further into the application code, we can get a better idea of what the private key is being used for. But we'll leave that as an exercise for the reader.


ThunderDNS - Tool To Forward TCP Traffic Over DNS Protocol

December 26, 2018, 12:35 pm
$
0
0
This tool can forward TCP traffic over DNS protocol. Non-compile clients + socks5 support.

Run

Setting up NS records on our domain:


Please wait for clearing DNS-cache.

Simple server run:
python3 ./server.py --domain oversec.ru

Simple server run (Dockerfile):
docker run <imageid> -e DOMAIN='<domain>'

Simple client run (Bash):
bash ./bash_client.sh -d oversec.ru -n <clientname>

Simple client run (PowerShell):
PS:> ./ps_client.ps1 -domain oversec.ru -clientname <clientname>

Show registered clients list:
python3 ./proxy.py --dns 138.197.178.150 --dns_port 9091 --clients

Run proxy:
python3 ./proxy.py --dns 138.197.178.150 --dns_port 9091 --socks5 --localport 9090 --client 1

Video demonstration




Infoga - Email OSINT

December 27, 2018, 4:34 am
$
0
0

Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source (search engines, pgp key servers and shodan) and check if emails was leaked using haveibeenpwned.com API. Is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company in the Internet. 

Installation
$ git clone https://github.com/m4ll0k/Infoga.git infoga
$ cd infoga
$ python setup.py install
$ python infoga.py

Usage
$ python infoga.py --domain nsa.gov --source all --breach -v 2 --report ../nsa_gov.txt


$ python infoga.py --info m4ll0k@protonmail.com --breach -v 3 --report ../m4ll0k.txt




Search

Smap - Shellcode Mapper

December 27, 2018, 12:16 pm

Top 20 Most Popular Hacking Tools in 2018

December 28, 2018, 4:12 am
$
0
0

It is the end of the year and we bring you the most popular tools of 2018 in Kitploit, we ordered the 20 tools that had most visitors from March to December 2018.

For professionals working in information security, many of this tools are the same ones the hackers are using, to understand the holes in your system, you have to be able to see it in the same way that your potential adversaries can see it.

Topics of the tools focus on OSINT, Information Gathering, Android Hacking Tools, Automation Tools, Phishing, among others.

Without going into further details, we have prepared a useful list of the most popular tools in Kitploit 2018:

  1. EagleEye - Stalk Your Friends. Find Their Instagram, FB And Twitter Profiles Using Image Recognition And Reverse Image Search

  2. Hijacker v1.5 - All-in-One Wi-Fi Cracking Tools for Android

  3. LOIC 1.0.8 (Low Orbit Ion Cannon) - A network stress testing application

  4. Trape - People tracker on the Internet (The evolution of phishing attacks) OSINT

  5. BlackEye - The Most Complete Phishing Tool, With 32 Templates +1 Customizable

  6. Mercury - A Hacking Tool Used To Collect Information And Use The Information To Further Hurt The Target

  7. VOOKI - Web Application Vulnerability Scanner

  8. Devploit v3.6 - Information Gathering Tool

  9. Tinfoleak v2.4 - The Most Complete Open-Source Tool For Twitter Intelligence Analysis


  10. ANDRAX - The First And Unique Penetration Testing Platform For Android Smartphones

  11. SocialBox - A Bruteforce Attack Framework (Facebook, Gmail, Instagram, Twitter)

  12. Th3Inspector - Tool for Information Gathering

  13. Pure Blood v2.0 - A Penetration Testing Framework Created For Hackers / Pentester / Bug Hunter

  14. Kali Linux 2018.3 Release - Penetration Testing and Ethical Hacking Linux Distribution

  15. Wifite 2.1.0 - Automated Wireless Attack Tool

  16. Infection Monkey - An Automated Pentest Tool

  17. Trackerjacker - Like Nmap For Mapping Wifi Networks You'Re Not Connected To, Plus Device Tracking

  18. BadMod - Detect Website CMS, Website Scanner & Auto Exploiter

  19. Photon - Incredibly Fast Crawler Which Extracts Urls, Emails, Files, Website Accounts And Much More

  20. SocialFish - Ultimate phishing tool with Ngrok integrated


Happy New Year wishes the KitPloit team!


MISP - Malware Information Sharing Platform and Threat Sharing

January 2, 2019, 4:32 am
$
0
0

The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Intrusion Detection System (NIDS), LIDS but also log analysis tools, SIEMs.MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently.

MISP, Malware Information Sharing Platform and Threat Sharing, core functionalities are:
  • An efficient IOC and indicators database allowing to store technical and non-technical information about malware samples, incidents, attackers and intelligence.
  • Automatic correlation finding relationships between attributes and indicators from malware, attacks campaigns or analysis. attacks campaigns or analysis. Correlation engine includes correlation between attributes and more advanced correlations like Fuzzy hashing correlation (e.g. ssdeep) or CIDR block matching. Correlation can be also enabled or event disabled per attribute.
  • A flexible data model where complex objects can be expressed and linked together to express threat intelligence, incidents or connected elements.
  • Built-in sharing functionality to ease data sharing using different model of distributions. MISP can synchronize automatically events and attributes among different MISP. Advanced filtering functionalities can be used to meet each organization sharing policy including a flexible sharing group capacity and an attribute level distribution mechanisms.
  • An intuitive user-interface for end-users to create, update and collaborate on events and attributes/indicators. A graphical interface to navigate seamlessly between events and their correlations. An event graph functionality to create and view relationships between objects and attributes. Advanced filtering functionalities and warning list to help the analysts to contribute events and attributes and limit the risk of false-positives.
  • storing data in a structured format (allowing automated use of the database for various purposes) with an extensive support of cyber security indicators along fraud indicators as in the financial sector.
  • export: generating IDS, OpenIOC, plain text, CSV, MISP XML or JSON output to integrate with other systems (network IDS, host IDS, custom tools), Cache format (used for forensic tools), STIX (XML and JSON) 1 and 2, NIDS export (Suricata, Snort and Bro) or RPZ zone. Many other formats easily added via the misp-modules.
  • import: bulk-import, batch-import, import from OpenIOC, GFI sandbox, ThreatConnect CSV, MISP standard format or STIX 1.1/2.0. Many other formats easily added via the misp-modules.
  • Flexible free text import tool to ease the integration of unstructured reports into MISP.
  • A gentle system to collaborate on events and attributes allowing MISP users to propose changes or updates to attributes/indicators.
  • data-sharing: automatically exchange and synchronization with other parties and trust-groups using MISP.
  • delegating of sharing: allows a simple pseudo-anonymous mechanism to delegate publication of event/indicators to another organization.
  • Flexible API to integrate MISP with your own solutions. MISP is bundled with PyMISP which is a flexible Python Library to fetch, add or update events attributes, handle malware samples or search for attributes. An exhaustive restSearch API to easily search for indicators in MISP and exports those in all the format supported by MISP.
  • Adjustable taxonomy to classify and tag events following your own classification schemes or existing classification. The taxonomy can be local to your MISP but also shareable among MISP instances.
  • Intelligence vocabularies called MISP galaxy and bundled with existing threat actors, malware, RAT, ransomware or MITRE ATT&CK which can be easily linked with events and attributes in MISP.
  • Expansion modules in Python to expand MISP with your own services or activate already available misp-modules.
  • Sighting support to get observations from organizations concerning shared indicators and attributes. Sighting can be contributed via MISP user-interface, API as MISP document or STIX sighting documents.
  • STIX support: import and export data in the STIX version 1 and version 2 format.
  • Integrated encryption and signing of the notifications via GnuPG and/or S/MIME depending of the user preferences.
  • Real-time publish-subscribe channel within MISP to automatically get all changes (e.g. new events, indicators, sightings or tagging) in ZMQ (e.g. misp-dashboard) or ElasticSearch logging.
Exchanging info results in faster detection of targeted attacks and improves the detection ratio while reducing the false positives. We also avoid reversing similar malware as we know very fast that others team or organizations who already analyzed a specific malware.


A sample event encoded in MISP:


Website / Support
Checkout the website for more information about MISP software, standards, tools and communities.
Information, news and updates are also regularly posted on the MISP project twitter account or the news page.

Documentation
MISP user-guide (MISP-book) is available online or as PDF or as EPUB or as MOBI/Kindle.
For installation guide see INSTALL or the download section.


Cuteit - Make A Malicious IP A Bit Cuter (IP Obfuscator)

January 2, 2019, 12:38 pm
$
0
0

A simple python tool to help you to social engineer, bypass whitelisting firewalls, potentially break regex rules for command line logging looking for IP addresses and obfuscate cleartext strings to C2 locations within the payload.

All of that is simply done with obfuscating ip to many forms.

The Docker Bench For Security - A Script That Checks For Dozens Of Common Best-Practices Around Deploying Docker Containers In Production

January 3, 2019, 4:38 am
$
0
0

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production. The tests are all automated, and are inspired by the CIS Docker Community Edition Benchmark v1.1.0. We are releasing this as a follow-up to our Understanding Docker Security and Best Practices blog post.
We are making this available as an open-source utility so the Docker community can have an easy way to self-assess their hosts and docker containers against this benchmark.

Running Docker Bench for Security
We packaged docker bench as a small container for your convenience. Note that this container is being run with a lot of privilege -- sharing the host's filesystem, pid and network namespaces, due to portions of the benchmark applying to the running host. Don't forget to adjust the shared volumes according to your operating system, for example it might not use systemd.
The easiest way to run your hosts against the Docker Bench for Security is by running our pre-built container:
docker run -it --net host --pid host --userns host --cap-add audit_control \
    -e DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST \
    -v /var/lib:/var/lib \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v /usr/lib/systemd:/usr/lib/systemd \
    -v /etc:/etc --label docker_bench_security \
    docker/docker-bench-security
Docker bench requires Docker 1.13.0 or later in order to run.
Note that when distributions doesn't contain auditctl, the audit tests will check /etc/audit/audit.rules to see if a rule is present instead.
Distribution specific Dockerfiles that fixes this issue are available in the distros directory.
The distribution specific Dockerfiles may also help if the distribution you're using haven't yet shipped Docker version 1.13.0 or later.

Docker Bench for Security options
  -b           optional  Do not print colors
  -h           optional  Print this help message
  -l FILE      optional  Log output in FILE
  -c CHECK     optional  Comma delimited list of specific check(s)
  -e CHECK     optional  Comma delimited list of specific check(s) to exclude
  -i INCLUDE   optional  Comma delimited list of patterns within a container name to check
  -x EXCLUDE   optional  Comma delimited list of patterns within a container name to exclude from check
By default the Docker Bench for Security script will run all available CIS tests and produce logs in the current directory named docker-bench-security.sh.log.json and docker-bench-security.sh.log. The CIS based checks are named check_<section>_<number>, e.g. check_2_6 and community contributed checks are named check_c_<number>. A complete list of checks are present in functions_lib.sh.
sh docker-bench-security.sh -l /tmp/docker-bench-security.sh.log -c check_2_2 will only run check2.2 Ensure the logging level is set to 'info'.
sh docker-bench-security.sh -l /tmp/docker-bench-security.sh.log -e check_2_2 will run all available checks except 2.2 Ensure the logging level is set to 'info'.
Note that when submitting checks, provide information why it is a reasonable test to add and please include some kind of official documentation verifying that information.

Building Docker Bench for Security
If you wish to build and run this container yourself, you can follow the following steps:
git clone https://github.com/docker/docker-bench-security.git
cd docker-bench-security
docker build --no-cache -t docker-bench-security .
docker run -it --net host --pid host --cap-add audit_control \
    -e DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST \
    -v /var/lib:/var/lib \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v /usr/lib/systemd:/usr/lib/systemd \
    -v /etc:/etc --label docker_bench_security \
    docker-bench-security
or use Docker Compose:
git clone https://github.com/docker/docker-bench-security.git
cd docker-bench-security
docker-compose run --rm docker-bench-security
Also, this script can also be simply run from your base host by running:
git clone https://github.com/docker/docker-bench-security.git
cd docker-bench-security
sudo sh docker-bench-security.sh
This script was built to be POSIX 2004 compliant, so it should be portable across any Unix platform.


Viewing all 5854 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>