Quantcast
Channel: KitPloit - PenTest Tools!
Viewing all 5816 articles
Browse latest View live

Hash Kracker v2.5 - All-in-one Hash Password Recovery Software

April 23, 2014, 5:07 pm
$
0
0

Hash Kracker is the free all-in-one tool to recover the hash password for multiple hash types.
Currently it supports password recovery from following popular Hash types
  • MD5
  • SHA1
  • SHA256
  • SHA384
  • SHA512
It uses dictionary based cracking method which makes the cracking operation simple and easier.

Though it supports only Dictinary Crack method, you can easily use tools like Crunch, Cupp to generate brute-force based or any custom password list file and then use it with 'Hash Kracker'.


Search

WhoIsConnectedSniffer - Network discovery tool that listens to network packets on your network

April 24, 2014, 11:25 am
$
0
0

WhoIsConnectedSniffer is a network discovery tool that listens to network packets on your network adapter using a capture driver (WinpCap or MS network monitor) and accumulates a list of computer and devices currently connected to your network. WhoIsConnectedSniffer uses various protocols to detect the computers connected to your network, including ARP, UDP, DHCP, mDNS, and BROWSER.

For every detected computer or device, the following information is displayed: (Some of the fields might be empty if the information cannot be found inside the packets) IP Address, MAC Address, name of the device/computer, description, Operating System, Network Adapter Company, IPv6 Address.

After collecting the connected computers/devices information, you can easily export the list to tab-delimited/comma-delimited/xml/html file.

Protocols supported by WhoIsConnectedSniffer

  • ARP:WhoIsConnectedSniffer listens to this protocol to get the IP address and MAC address of computers and devices.
  • UDP:When a computer broadcasts a UDP packet to all other computers, WhoIsConnectedSniffer extracts from it the IP address and the MAC address.
  • DHCP:When a computer connects to the network, it usually sends a DHCP request. WhoIsConnectedSniffer uses this request to get the host name and IP address of the computer.
  • mDNS:This protocol is used on Linux and Mac OS systems. WhoIsConnectedSniffer uses it to get the host name and IP address of the computer, and also the operating system (on Linux)
  • BROWSER:This protocol is mainly used by Windows, but some Linux systems supports this protocol too. WhoIsConnectedSniffer uses it to get the name of the computer, description text of the computer, and the operating system. 


WebPwn3r - Web Applications Security Scanner

April 24, 2014, 5:31 pm
$
0
0


WebPwn3r is a Web Applications Security Scanner coded in Python to help Security Researchers to scan Multiple links in the same time against Remote Code/Command Execution & XSS Vulnerabilities.

You can extract the URL’s from Burp Suite and save it in list.txt then pass it to WebPwn3r.

You can also use your own crowler to gather URL’s for a certain domain or a random domains, and save it in list.txt then pass it to WebPwn3r.

WebPwn3r got below Features:

1- Scan a URL or List of URL’s
2- Detect and Exploit Remote Code  Injection Vulnerabilities.
3- ~ ~ ~ Remote Command  Execution Vulnerabilities.
4- ~ ~ ~ Typical XSS Vulnerabilities.
5- Detect WebKnight WAF.
6- Improved Payloads to bypass Security Filters/WAF’s.
7- Finger-Print the backend Technologies.




Pyrasite - Inject arbitrary code into a running Python process

April 25, 2014, 11:35 am
$
0
0

Pyrasite is a library and a set of tools for injecting code into running Python programs.
usage: pyrasite [-h] [--gdb-prefix GDB_PREFIX] [--verbose] pid [filename]

pyrasite - inject code into a running python process

positional arguments:
  pid                   The ID of the process to inject code into
  filename              The second argument must be a filename

optional arguments:
  -h, --help            show this help message and exit
  --gdb-prefix GDB_PREFIX
                        GDB prefix (if specified during installation)
  --verbose             Verbose mode

For updates, visit https://github.com/lmacken/pyrasite


Dll Hijack Auditor v3.5 - Smart Tool to Audit the DLL Hijack Vulnerability

April 25, 2014, 5:40 pm
$
0
0

DLL Hijack Auditor is the smart tool to Audit against the Dll Hijacking Vulnerability in any Windows application.

This is one of the critical security issue affecting almost all Windows systems. Though most of the apps have been fixed, but still many Windows applications are susceptible to this vulnerability which can allow any attacker to completely take over the system.

DllHijackAuditor helps in discovering all such Vulnerable Dlls in a Windows application which otherwise can lead to successful exploitation resulting in total compromise of the system.

With its simple GUI interface DllHijackAuditor makes it easy for anyone to instantly perform the auditing operation. It also presents detailed technical Audit report which can help the developer in fixing all vulnerable points in the application.

Dll Hijack Auditor is a fully portable and works on wide range of platforms starting from Windows XP to Windows 8.


NetworkLatencyView - Calculates the network latency (in milliseconds)

April 26, 2014, 11:55 am
$
0
0

NetworkLatencyView is a simple tool for Windows that listens to the TCP connections on your system and calculates the network latency (in milliseconds) for every new TCP connection detected on your system. For every IP address, NetworkLatencyView displays up to 10 network latency values, and their average. The latency value calculated by NetworkLatencyView is very similar to the result you get from pinging to the same IP address.

NetworkLatencyView also allows you to easily export the latency information to text/csv/tab-delimited/html/xml file, or copy the information to the clipboard and then paste it to Excel or other application.


IronWASP 2014 - One of the world's best web security scannners

April 26, 2014, 5:02 pm
$
0
0

Find security issues on your website automatically using IronWASP, one of the world's best web security scannners.

Here's what is new:

1) Login recording
Now you can easily just record a login sequence and use it in vulnerability scans and other automated tests. See video tutorial.

2) Automatically testing for CSRF, Broken Authentication, Privilege Escalation and Hidden Parameters
Now IronWASP has a new section called Interactive Testing tools that let you automatically discover vulnerabilities that could only be discovered by manual testing.

3) Browser pre-configured for Manual Crawling
The most common problem with intercepting proxies is that you have to change your browser's proxy settings and import the tool's certificate as a trusted CA for SSL traffic. Even after doing this there is change that traffic from your regular browsing will get mixed with your test traffic. IronWASP solves all of these problems, it comes with a browser pre-configured to use IronWASP as proxy, it handles SSL certificate errors automatically (no need to import as CA) and since this is a separate browser it does not affect the regular browsing that you are doing in your other browser. See video.

4) DOM XSS Analyzer
If you understand what DOM XSS sources and sinks are and have the ability to understand and analyse JavaScript code then you will find this new utility really useful. It makes the process of discovering DOM XSS really easy for manual testers. See video tutorial.

5) XmlChor - XPATH Injection Exploitation tool
This version comes with a new Module called XmlChor written by Harshal Jamdade. This module can be used to automatically exploit XPATH Injection vulnerabilities and extract the backend XML file from the server. See video tutorial.

6) WiHawk - WiFi Router Vulnerability Scanner
There version has one more awesome module called WiHawk written by Anamika Singh. This module can be used to scan a range of IP addresses for WiFi routers that have default password and authentication bypass vulnerabilities. It also supports Shodan API to scan large number of devices on the internet. See video tutorial.


NetworkTrafficView - Monitor the traffic on your network adapter

April 28, 2014, 12:04 pm
$
0
0

NetworkTrafficView is a network monitoring tool that captures the packets pass through your network adapter, and displays general statistics about your network traffic. The packets statistics is grouped by the Ethernet Type, IP Protocol, Source/Destination Addresses, and Source/Destination ports. For every statistics line, the following information is displayed: Ethernet Type (IPv4, IPv6, ARP), IP Protocol (TCP, UDP, ICMP), Source Address, Destination Address, Source Port, Destination Port, Service Name (http, ftp, and so on), Packets Count, Total Packets Size, Total Data Size, Data Speed, Maximum Data Speed, Average Packet Size, First/Last Packet Time, Duration, and process ID/Name (For TCP connections).


Search

Hashcat-Utils - Set of small utilities that are useful in advanced password cracking

April 29, 2014, 7:05 am
$
0
0

Hashcat-utils are a set of small utilities that are useful in advanced password cracking. They all are packed into multiple stand-alone binaries.

All of these utils are designed to execute only one specific function. Since they all work with STDIN and STDOUT you can group them into chains.

The programs are available for Linux and Windows on both 32 bit and 64 bit architectures. The programs are also available as open source.

List of Utilities

  • combinator: This program is a stand-alone implementation of the Combinator Attack.
    Each word from file2 is appended to each word from file1 and then printed to STDOUT.
    Since the program is required to rewind the files multiple times it cannot work with STDIN and requires real files.
  • cutb: This program (new in hashcat-utils-0.6) is designed to cut up a wordlist (read from STDIN) to be used in Combinator attack. Suppose you notice that passwords in a particular dump tend to have a common padding length at the beginning or end of the plaintext, this program will cut the specific prefix or suffix length off the existing words in a list and pass it to STDOUT.
  • expander: This program has no parameters to configure. Each word going into STDIN is parsed and split into all its single chars, mutated and reconstructed and then sent to STDOUT.

    There are a couple of reconstructions generating all possible patterns of the input word by applying the following iterations:


    All possible lengths of the patterns within a maximum of 7 (defined in LEN_MAX macro, which you can increase in the source).
    All possible offsets of the word.
    Shifting the word to the right until a full cycle.
    Shifting the word to the left until a full cycle.
  • gate: Each wordlist going into STDIN is parsed and split into equal sections and then passed to STDOUT based on the amount you specify. The reason for splitting is to distribute the workload that gets generated.The two important parameters are “mod” and “offset”.
    The mod value is the number of times you want to split your dictionary.
    The offset value is which section of the split is getting that feed.
  • hcstatgen: Tool used to generate .hcstat files for use with the statsprocessor.
  • len: Each word going into STDIN is parsed for its length and passed to STDOUT if it matches a specified word-length range.
  • morph: Basically morph generates insertion rules for the most frequent chains of characters from the dictionary that you provide and that, per position.
Dictionary = Wordlist used for frequency analysis.
Depth = Determines what “top” chains that you want. For example 10 would give you the top 10 (in fact, it seems to start with value 0 so that 10 would give the top 11).Width = Max length of the chain. With 3 for example, you will get up to 3 rules per line for the most frequent 3 letter chains.pos_min = Minimum position where the insertion rule will be generated. For example 5 would mean that it will make rule to insert the string only from position 5 and up.pos_max = Maximum position where the insertion rule will be generated. For example 10 would mean that it will make rule to insert the string so that it’s end finishes at a maximum of position 10.
  • permute: This program is a stand-alone implementation of the Permutation Attack. It has no parameters to configure. Each word going into STDIN is parsed and run through “The Countdown QuickPerm Algorithm” by Phillip Paul Fuchs.
  • prepare: This program is made as an dictionary optimizer for the Permutation Attack. Due to the nature of the permutation algorithm itself, the input words “BCA” and “CAB” would produce exactly the same password candidates.
  • req: Each word going into STDIN is parsed and passed to STDOUT if it matches an specified password group criteria. Sometimes you know that some password must include a lower-case char, a upper-case char and a digit to pass a specific password policy. That means checking passwords that do not match this policy will definitely not result in a cracked password. So we should skip it. This program is not very complex and it can not fully match all the common password policy criteria, but it does provide a little help.
  • rli: compares a single file against another file(s) and removes all duplicates. rli can be very useful to clean your dicts and to have one unique set of dictionaries.
  • rli2: Unlike rli, rli2 is not limited. But it requires infile and removefile to be sorted and uniqued before, otherwise it won’t work as it should.
  • splitlen: This program is designed to be a dictionary optimizer for oclHashcat. oclHashcat has a very specific way of loading dictionaries, unlike hashcat or oclHashcat. The best way to organize your dictionaries for use with oclHashcat is to sort each word in your dictionary by its length into specific files, into a specific directory, and then to run oclHashcat in directory mode.

Download Hashcat-Utils

oclHashcat v1.20 - Worlds fastest password cracker

April 29, 2014, 7:10 am
$
0
0

oclHashcat is a GPGPU-based multi-hash cracker using a brute-force attack (implemented as mask attack), combinator attack, dictionary attack, hybrid attack, mask attack, and rule-based attack.

This GPU cracker is a fusioned version of oclHashcat-plus and oclHashcat-lite.


GPU Driver requirements:
  • NV users require ForceWare 331.67 or later
  • AMD users require Catalyst 14.4 or later

Changelog v1.20

  • Added algorithms
  • AMD Catalyst v14.x (Mantle) driver
  • Improved distributed cracking support
  • Added outfiles directory
  • Rewrote restore system from scratch
  • Rewrote multihash structure
  • Added debugging support for rules
  • Added support for $HEX[]
  • Added tweaks for AMD OverDrive 6 and better fan speed control
  • Adding new password candidates on-the-fly
  • Rewrote weak-hash check
  • Reload previously-cracked hashes from potfile
Full Changelog: here
Features
  • Worlds fastest password cracker
  • Worlds first and only GPGPU based rule engine
  • Free
  • Multi-GPU (up to 128 gpus)
  • Multi-Hash (up to 100 million hashes)
  • Multi-OS (Linux & Windows native binaries)
  • Multi-Platform (OpenCL & CUDA support)
  • Multi-Algo (see below)
  • Low resource utilization, you can still watch movies or play games while cracking
  • Focuses highly iterated modern hashes
  • Focuses dictionary based attacks
  • Supports distributed cracking
  • Supports pause / resume while cracking
  • Supports sessions
  • Supports restore
  • Supports reading words from file
  • Supports reading words from stdin
  • Supports hex-salt
  • Supports hex-charset
  • Built-in benchmarking system
  • Integrated thermal watchdog
  • 100+ Algorithms implemented with performance in mind

Attack-Modes
  • Straight (accept Rules)
  • Combination
  • Brute-force
  • Hybrid dict + mask
  • Hybrid mask + dict

Algorithms
  • MD4
  • MD5
  • SHA1
  • SHA-256
  • SHA-512
  • SHA-3 (Keccak)
  • RipeMD160
  • Whirlpool
  • GOST R 34.11-94
  • HMAC-MD5 (key = $pass)
  • HMAC-MD5 (key = $salt)
  • HMAC-SHA1 (key = $pass)
  • HMAC-SHA1 (key = $salt)
  • HMAC-SHA256 (key = $pass)
  • HMAC-SHA256 (key = $salt)
  • HMAC-SHA512 (key = $pass)
  • HMAC-SHA512 (key = $salt)
  • LM
  • NTLM
  • DCC
  • DCC2
  • NetNTLMv1
  • NetNTLMv1 + ESS
  • NetNTLMv2
  • Kerberos 5 AS-REQ Pre-Auth etype 23
  • AIX {smd5}
  • AIX {ssha1}
  • AIX {ssha256}
  • AIX {ssha512}
  • FreeBSD MD5
  • OpenBSD Blowfish
  • descrypt
  • md5crypt
  • bcrypt
  • sha256crypt
  • sha512crypt
  • DES(Unix)
  • MD5(Unix)
  • SHA256(Unix)
  • SHA512(Unix)
  • OSX v10.4
  • OSX v10.5
  • OSX v10.6
  • OSX v10.7
  • OSX v10.8
  • OSX v10.9
  • Cisco-ASA
  • Cisco-IOS
  • Cisco-PIX
  • GRUB 2
  • Juniper Netscreen/SSG (ScreenOS)
  • RACF
  • Samsung Android Password/PIN
  • MSSQL
  • MySQL
  • Oracle
  • Postgres
  • Sybase
  • DNSSEC (NSEC3)
  • IKE-PSK
  • IPMI2 RAKP
  • iSCSI CHAP
  • WPA
  • WPA2
  • 1Password, cloudkeychain
  • 1Password, agilekeychain
  • Lastpass
  • Password Safe SHA-256
  • TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES
  • TrueCrypt 5.0+ PBKDF2 HMAC-SHA512 + AES
  • TrueCrypt 5.0+ PBKDF2 HMAC-Whirlpool + AES
  • TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES + boot-mode
  • TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES + hidden-volume
  • TrueCrypt 5.0+ PBKDF2 HMAC-SHA512 + AES + hidden-volume
  • TrueCrypt 5.0+ PBKDF2 HMAC-Whirlpool + AES + hidden-volume
  • TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES + hidden-volume + boot-mode
  • SAP CODVN B (BCODE)
  • SAP CODVN F/G (PASSCODE)
  • Citrix Netscaler
  • Netscape LDAP SHA/SSHA
  • Apache MD5-APR
  • hMailServer
  • EPiServer
  • Drupal
  • IPB
  • Joomla
  • MyBB
  • osCommerce
  • Redmine
  • SMF
  • vBulletin
  • Woltlab Burning Board
  • xt:Commerce
  • WordPress
  • phpBB3
  • Half MD5 (left, mid, right)
  • Double MD5
  • Double SHA1
  • md5($pass.$salt)
  • md5($salt.$pass)
  • md5(unicode($pass).$salt)
  • md5($salt.unicode($pass))
  • md5(sha1($pass))
  • sha1($pass.$salt)
  • sha1($salt.$pass)
  • sha1(unicode($pass).$salt)
  • sha1($salt.unicode($pass))
  • sha1(md5($pass))
  • sha256($pass.$salt)
  • sha256($salt.$pass)
  • sha256(unicode($pass).$salt)
  • sha256($salt.unicode($pass))
  • sha512($pass.$salt)
  • sha512($salt.$pass)
  • sha512(unicode($pass).$salt)
  • sha512($salt.unicode($pass))

OWASP ZAP v2.3.0 - An easy to use integrated penetration testing tool for finding vulnerabilities in web applications

April 29, 2014, 6:59 pm
$
0
0


OWASP Zed Attack Proxy (ZAP) An easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.

Changelog v2.3.0, highlights

  • A ZAP ‘lite’ version in addition to the existing ‘full’ version
  • View, intercept, manipulate, resend and fuzz client-side (browser) events
  • Enhanced authentication support
  • Support for non standard apps
  • Input Vector scripts
  • Scan policy – fine grained control
  • Advanced Scan dialog
  • Extended command line options
  • More API support
  • Internationalized help file
  • Keyboard shortcuts
  • New UI options
  • More functionality moved to add-ons
  • New and improved active and passive scanning rules

BluetoothLogView - Creates a log of Bluetooth devices activity around you

April 29, 2014, 7:02 pm
$
0
0

BluetoothLogView is a small utility that monitors the activity of Bluetooth devices around you, and displays a log of Bluetooth devices on the main window. Every time that a new Bluetooth device arrives to your area and when the device leaves your area, a new log line is added with the following information: Device Name, Device Address, Event Time, Event Type ('Device Arrival' or 'Device Left'), Device Type, and the company that created the device. BluetoothLogView also allows you to specify a description for every device (according to its MAC address) that will appear under the 'Description' column.


BlackArch Linux v2014.04.21 - Lightweight expansion to Arch Linux for pentesters and security researchers

April 29, 2014, 7:09 pm
$
0
0

BlackArch Linux is an Arch-based GNU/Linux distribution for pentesters and security researchers. The BlackArch package repository is compatible with existing Arch installs.

Changelog v2014.04.21

  • added new system packages: mplayer, abs, ack, bc, bridge-utils, darkhttpd, flashplugin, inotify-tools, irssi, makepasswd, mercurial, mplayer, rtorrent, scrot, strace, tor-browser-en
  • added .Xresources with entries for xterm
  • added wicd to system start (systemctl)
  • added wicd and wicd-gtk networkmanager
  • removed ‘xset r rate 150 100′ entry for X
  • updated menu entries
  • added more than 150 new tools
  • replaced zathura pdf reader with mupdf
Main Features
  • Support for i686, x86_64, armv6h and armv7h architectures
  • Over 750 tools (constantly increasing)
  • Modular package groups
  • A live ISO with multiple window managers, including dwm, fluxbox, openbox, awesome, wmii, i3 and spectrwm.
  • An installer with the ability to build from source.

RAWR - Rapid Assessment of Web Resources

April 30, 2014, 12:20 pm
$
0
0

Introducing RAWR (Rapid Assessment of Web Resources). There’s a lot packed in this tool that will help you get a better grasp of the threat landscape that is your client’s web resources. It has been tested from extremely large network environments, down to 5 node networks. It has been fine-tuned to promote fast, accurate, and applicable results in usable formats. RAWR will make the mapping phase of your next web assessment efficient and get you producing positive results faster!

Features
  • A customizable CSV containing ordered information gathered for each host, with a field for making notes/etc.
  • An elegant, searchable, JQuery-driven HTML report that shows screenshots, diagrams, and other information.
  • a CSV Treat Matrix for an easy view of open ports across all provided hosts. (Use -a to show all ports.)
  • Default password suggestions using a list compiled from several online sources.
  • Supports the use of a proxy (Burp, Zap, W3aF)
  • Captures/stores SSL Certificates, Cookies, and Cross-domain.xml
  • Customizable crawl of links within the host’s domain.
  • PNG Diagram of all pages found during crawl
  • List of links crawled in tiered format.
  • List of documents seen for each site.
  • Automation-Friendly output (JSON strings)
Requirements
  • nmap – at least 6.00 – required for SSL strength assessment
  • graphviz – site diagram from crawl (optional)
  • python-lxml – parsing xml & html
  • python-pygraphviz – site layout from crawl (optional)
  • phantomJS – tested with 1.9.1, can be downloaded/installed in local folder during –check-install

Wireshark v1.11.3 - The world’s foremost network protocol analyzer

April 30, 2014, 3:25 pm
$
0
0
Wireshark is the world’s foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions.

Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

Changelog v1.11.3

New and Updated Features
The following features are new (or have been significantly updated) since version 1.11.1:
  • Qt port:
    • The About dialog has been added
    • The Capture Interfaces dialog has been added.
    • The Decode As dialog has been added. It managed to swallow up the User Specified Decodes dialog as well.
    • The Export PDU dialog has been added.
    • Several SCTP dialogs have been added.
    • The statistics tree (the backend for many Statistics and Telephony menu items) dialog has been added.
    • The I/O Graph dialog has been added.
    • French translation has updated.
The following features are new (or have been significantly updated) since version 1.11.1:
  • Mac OS X packaging has been improved.
The following features are new (or have been significantly updated) since version 1.11.0:
  • Dissector output may be encoded as UTF-8. This includes TShark output.
  • Qt port:
    • The Follow Stream dialog now supports packet and TCP stream selection.
    • A Flow Graph (sequence diagram) dialog has been added.
    • The main window now respects geometry preferences.
The following features are new (or have been significantly updated) since version 1.10:
  • Wireshark now uses the Qt application framework. The new UI should provide a significantly better user experience, particularly on Mac OS X and Windows.
  • The Windows installer now uninstalls the previous version of Wireshark silently. You can still run the uninstaller manually beforehand if you wish to run it interactively.
  • Expert information is now filterable when the new API is in use.
  • The “Number” column shows related packets and protocol conversation spans (Qt only).
  • When manipulating packets with editcap using the -C <choplen> and/or -s <snaplen> options, it is now possible to also adjust the original frame length using the -L option.
  • You can now pass the -C <choplen> option to editcap multiple times, which allows you to chop bytes from the beginning of a packet as well as at the end of a packet in a single step.
  • You can now specify an optional offset to the -C option for editcap, which allows you to start chopping from that offset instead of from the absolute packet beginning or end.
  • “malformed” display filter has been renamed to “_ws.malformed”. A handful of other filters have been given the “_ws.” prefix to note they are Wireshark application specific filters and not dissector filters.

Search

ModSecurity v2.8.0 - Open Source Web Application Firewall

May 7, 2014, 6:52 pm
$
0
0

ModSecurity™is an open source, free web application firewall (WAF) Apache module. With over 70% of all attacks now carried out over the web application level, organizations need all the help they can get in making their systems secure.

Changelog v2.8.0
Bug fix
  • Build issue: Now using autotools to identify if sys/utsname.h is present.
  • Changed configure.ac version to 2.8

Changelog v2.8.0-rc1:

New features
  • JSON Parser is no longer under tests. Now it is part of our mainline.
  • Connection limits (SecConnReadStateLimit/SecConnWriteStateLimit) now support white and suspicious list.
  • New variables: FULL_REQUEST and FULL_REQUEST_LENGTH were added, allowing the rules to access the full content of a request.
  • ModSecurity status is now part of our mainline.
  • New operator: @detectXSS was added. It makes usage of the newest libinjection XSS detection functionality.
  • Append and prepend are now supported on nginx (Ref: #635);
  • SecServerSignature is now available on nginx (Ref: #637);
Improvements 
  • Regression tests are not able to expect different values according to the platform;
  • Visual C++ 12/10 runtime dependencies are now part of the IIS installer, no need to have it installed prior ModSecurity installation (Ref: #627);
  • New script was added to the IIS versions to identify whenever there is a missing dependency (available through the Application Menu);
  • Memory usage improvement: using correct memory pools according to the context (Ref: #618#620,#619);
  • Independent API call to free the connection allocations, independently from the request objects, improvements on Nginx performance, vide issue for more information (Ref: #620#648);
  • IIS installer is now using the correct 32/64bits folders to install;
  • IIS Installer 32bits now refuses to install on 64bits environments;
  • IIS: Using new WiX options to build the package in the correct architecture;
  • While installing IIS version the installer will remove old ModSecurityIIS configuration or files before proceed with the installation, avoiding further errors;
  • CRS from IIS version was upgraded to 2.2.9;
  • IIS installer does not support repair anymore, in fact it was not working already and it is now disabled;
  • ModSecurity now warns the user who tries to use “proxy” in IIS or Nginx. Proxy is Apache only;
  • Remove warnings from the build process (Ref: #617);
  • Apache configuration in regression tests was changed making it more platform independent;
  • Reduced the amount of warnings during the compilation (Ref: #385a2828e87897bd611bd2a519727ef88dc6d632, #1e63e49db4a592d28e08a33fc60750c37a3886fe);
  • Regression tests were refactored to be more Nginx friendly;
  • Fixed some regression tests that were not being flexible to handle multiple platforms: (Ref #636);
    • Fixed config/00-load-modsec.t test case. Now it expects for Nginx loaded message as it does for Apache. (Ref: #643);
    • Fixed mixed/10-misc-directives.t. Now it does not expect for SecServerSignature on the logs, just in the headers as the Nginx does in silence;
    • Fixed tnf/10-tfn-cache.t, action/10-logging.t, config/10-misc-directives.t, config/10-request-directives.t, misc/00-multipart-parser.t , misc/10-tfn-cache.t, rule/20-exceptions.t, rule/00-basics.t, rule/10-xml.t;
    • Increased the timeout while reading the auditlog;
    • SecAuditLogType Concurrent was removed from the regression test case, not compatible with all ports yet;
    • Regression tests were speeded up, as the number of tests are growing it is impossible to have it slow;
    • Fixed regression tests scripts paths, to make it MacOS friendly;
    • Avoiding dead locks on Nginx regression tests by enforcing a timeout whenever a request appears to fail;
  • Updates to fix errors found by Parfait static code analysis (Ref: #612);
  • Cleaning up on the repository, by removing unused files;
  • IIS installer now supports to perform the installation without register the DLL on the system. It means that the user can download our MSI installer as it was a tarball archive (Ref #629#624);
  • IIS now support 32bits and 64bits pools, both are registered on IIS (Ref #628).
Bug fix

  • Correctly handling inet_pton in IIS version;
  • Nginx was missing a terminator while the charset string was mounted (Ref: #148);
  • Added mod_extract_forwarded.c to run before mod_security2.c (Ref: #594);
  • Added missing environment variables to regression tests;
  • Build system is now more flexible by looking at liblua at: /usr/local/lib;
  • Fixed typo in README file.
  • Removed the non standard compliant HTTP response status code 44 from modsecurity recommended file (Ref: #665);
  • Fixed segmentation fault if it fails to write on the audit log (Ref: #668);
  • Not rejecting a larger request with ProcessPartial. Regression tests were also added (Ref: #597);
  • Fixed UF8 to unicode conversion. Regression tests were also added(Ref: #672);
  • Avoiding segmentation fault by checking if a structure is null before access its members;
  • Removed double charset-header that used happen due a hardcoded charset in Nginx implementation (Ref: #650);
  • Now alerting the users that there is no memory to proceed loading the configuration instead of just die;
  • If SecRuleEngine is set to Off and SecRequestBodyAccess On Nginx returns error 500. Standalone is now capable to identify whenever ModSecurity is enabled or disabled, independently of ModSecurity core (Ref: #645);
  • Fixed missing headers on Nginx whenever SecResponseBodyAccess was set to On and happens to be a filter on phase equals or over 3. (Ref #634);
  • IIS is now picking the correct version of AppCmd while uninstalling or installing ModSecurityISS. (Ref#632).

Acunetix Web Vulnerability Scanner Version 9 - Web Application Security Testing Tool

May 7, 2014, 7:00 pm
$
0
0

Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.


Changelog v9.20140206

New Functionality in Acunetix Web Vulnerability Scanner v9
Improvements
  • Scanning of WordPress sites has been made more efficient
  • Improved coverage of ASP.NET based websites
  • Improved XSS testing script
Bug Fixes

  • Fixed bug in the pagination of the Scheduler Web Interface
  • The Login Sequence Recorder was ignoring the maximum size HTTP option
  • Fixed an issue causing the crawler to create multiple entries of the same custom cookie.
  • Fixed a bug causing the HTTP sniffer to always listen on localhost
  • Fixed a bug in the console application preventing scanning from older saved crawl results.
  • Fixed a crash caused at start-up caused by the DeepScan agent not starting.

Kautilya v0.4.5 - Pwnage with Human Interface Devices

May 12, 2014, 12:57 pm
$
0
0

Kautilya is a toolkit which provides various payloads for Teensy device which may help in breaking in a computer. The toolkit is written in Ruby.

  • The Windows payloads and modules are written mostly in powershell (in combination with native commands) and are tested on Windows 7.
  • The Linux payloads are mostly commands in combination with little Bash scripting. These are tested on Ubuntu 11.
  • The OS X payloads are shell scripts (those installed by default) with usage of native commands. Tested on OS X Lion running on a VMWare.

Changelog v0.4.5


  • Bug fixes and improvements in Time Based Exec. It now supports exfiltration and could be stopped remotely.
  • Less lines of code for HTTP Backdoor and Download Execute PS.
  • HTTP Backdoor, Download Execute PS, Hashdump and Exfiltrate and Dump LSA Secrets now execute the downloaded script in memory.
  • Shortened parameters passed to powershell.exe when the scripts are called. Thus, saving the time in “typing” by HID.
  • Added two new exfiltration options, POST requests and DNS TXT records.
  • Username and password for exfiltration would be asked only if you select gmail or pastebin.
  • Tinypaste as an option for exfiltration has been removed.
  • Payloads have been made more modular which results in smaller size.
  • Reboot Persistence has been added to HTTP Backdoor and DNS TXT Backdoor.
  • Menu redesign.
  • Bug fix in Dump LSA Secrets payload.
  • Added ./extras/Decode.ps1. Use this to decode data exfiltrated by HTTP Backdoor and DNS TXT Backdoor.
  • Added ./extras/Remove-Persistence.ps1. Use this to remove persistence by Keylogger, HTTP Backdoor and DNS TXT Backdoor.
  • Kautilya could be run on Windows if win32console gem is installed.

Tilt - Terminal Ip Lookup Tool

May 12, 2014, 1:03 pm
$
0
0

Tilt: Terminal ip lookup tool, is an easy and simple open source tool implemented in Python for ip/host passive reconnaissance. It's very handy for first reconnaissance approach and for host data retrieval.

Features


  • Host to IP conversion
  • IP to Host conversion
  • DNS to IPs
  • GeoIP Translation
  • Extensive information gathering trough Host-name
    • Whois with:
      • Registrar info
      • Dates
      • Name Server
      • SiteStatus
      • Owner information
      • Additional data
    • Sub domains
      • Percentage of access
    • Extensive Name Server
    • SOA Records
    • DNS Records with extensive data
  • Reverse IP Lookup
    • Extensive reverse IP lookup, looking for host with different IP on the same machine

Host-Extract - Enumerate All IP/Host Patterns In A Web Page

May 12, 2014, 4:46 pm
$
0
0
This little ruby script tries to extract all IP/Host patterns in page response of a given URL and JavaScript/CSS files of that URL.

With it, you can quickly identify internal IPs/Hostnames, development IPs/ports, cdn, load balancers, additional attack entries related to your target that are revealed in inline js, css, html comment areas and js/css files.

This is unlike web crawler which looks for new links only in anchor tags (<a) or the like.

(you might miss many additional targets if you ever use such web crawler or other GUI-based tools that shows you your main target and its relationship with its linked sub/off-site domains)
In some cases, host-extract may give you false positives when there are some words like - main-site_ver_10.2.1.3.swf.

With -v option, you can ask the tool to output html view-source snippets for each IP/Domain extracted. This will shorten your manual analysis time.

USAGE:
ruby host-extract.rb URL [option]

Usage: host-extract [options]
        -a               find all ip/host patterns
        -j               scan all js files
        -c               scan all css files
        -v               append view-source html snippet for manual verification


Viewing all 5816 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>