Acrylic WiFi enables identificating WiFi access points, obtaining information of the security mechanisms and obtaining generic WiFi passwords thanks to a plugins system.
↧
Acrylic WiFi Free - Real-time WLAN information and network analysis
↧
Online JavaScript Beautifier - Beautify, unpack or deobfuscate JavaScript and HTML
↧
↧
Cuckoo Sandbox v1.1 - Automated Malware Analysis
Cuckoo Sandbox is a malware analysis system. It simply means that you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment.
Cuckoo generates a handful of different raw data which include:
- Native functions and Windows API calls traces
- Copies of files created and deleted from the filesystem
- Dump of the memory of the selected process
- Full memory dump of the analysis machine
- Screenshots of the desktop during the execution of the malware analysis
- Network dump generated by the machine used for the analysis
In order to make such results more consumable to the end users, Cuckoo is able to process them and generate different type of reports, which could include:
- JSON report
- HTML report
- MAEC report
- MongoDB interface
- HPFeeds interface
Even more interestingly, thanks to Cuckoo’s extensive modular design, you are able to customize both the processing and the reporting stages. Cuckoo provides you all the requirements to easily integrate the sandbox into your existing frameworks and storages with the data you want, in the way you want, with the format you want.
Changelog v1.1
- Added imphash to static PE analysis
- Added search for URLs in the web interface
- Added search for PE Imphash in the web interface
- Added possibility in web interface to queue to all machines
- Added filtering by behavior category in Django web interface
- Added analyzer log to Django web interface
- Added REST API to retrieve screenshots associated with a task
- Added REST API to retrieve the PCAP associated with a task
- Added database migration utility
- Added remote submission to submit.py utility
- Added small stats utility (utils/stats.py)
- Added analysis package for PowerShell scripts
- Added overlay configuration for signatures (data/signatures_overlay.json)
- Fixed bug in MAEC report
- Fixed package selection for Office documents and CPL scripts
- Fixed issue with tcpdump filters
- Fixed unhandled exception when uploading files to the analysis machines
- Fixed issues in CuckooMon that resulted in Internet Explorer crashes
- Fixed bug in CuckooMon that caused mutexes to be resolved as file paths
- Fixed bug in behavior processing module that resulted in a trailing backslash in summary’s registry keys
↧
Tor Browser v3.6 - Anonymity Online and defend yourself against network surveillance and traffic analysis
The Tor Browser Bundle lets you use Tor on Windows, Mac OS X, or Linux without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained.
Changelog v3.6
Here is the complete changelog since TBB 3.5.4:
- All Platforms
- Update Firefox to 24.5.0esr
- Include Pluggable Transports by default:
- Obfsproxy3 0.2.4, Flashproxy 1.6, and FTE 0.2.13 are now included
- Bug 11586: Include license files for component software in Docs directory.
- Bug 9010: Add Turkish language support.
- Bug 9387 testing: Disable JS JIT, type inference, asmjs, and ion.
- Update NoScript to 2.6.8.20
- Update Tor Launcher to 0.2.5.4
- Bug 9665: Localize Tor’s unreachable bridges bootstrap error
- Bug 10418: Provide UI configuration for Pluggable Transports
- Bug 10604: Allow Tor status & error messages to be translated
- Bug 10894: Make bridge UI clear that helpdesk is a last resort for bridges
- Bug 10610: Clarify wizard UI text describing obstacles/blocking
- Bug 11074: Support Tails use case (XULRunner and optional customizations)
- Bug 11482: Hide bridge settings prompt if no default bridges.
- Bug 11484: Show help button even if no default bridges.
- Update Torbutton to 1.6.9.0:
- Bug 11242: Fix improper “update needed” message after in-place upgrade.
- Bug 10398: Ease translation of about:tor page elements
- Bug 9901: Fix browser freeze due to content type sniffing
- Bug 10611: Add Swedish (sv) to extra locales to update
- Bug 7439: Improve download warning dialog text.
- Bug 11384: Completely remove hidden toggle menu item.
- Backport Pending Tor Patches:
- Bug 9665: Report a bootstrap error if all bridges are unreachable
- Bug 11200: Prevent spurious error message prior to enabling network.
- Bug 5018: Don’t launch Pluggable Transport helpers if not in use
- Bug 9229: Eliminate 60 second stall during bootstrap with some PTs
- Bug 11069: Detect and report Pluggable Transport bootstrap failures
- Bug 11156: Prevent spurious warning about missing pluggable transports
- Mac:
- Linux:
- Windows:
- Bug 9308: Prevent install path from leaking in some JS exceptions on Mac and Windows
Here is the changelog since the 3.6-beta-2:
- All Platforms
- Update Firefox to 24.5.0esr
- Update Tor Launcher to 0.2.5.4
- Update Torbutton to 1.6.9.0
- Update NoScript to 2.6.8.20
- Update fte transport to 0.2.13
- Backport Pending Tor Patches:
- Bug 11156: Additional obfsproxy startup error message fixes
- Bug 11586: Include license files for component software in Docs directory.
- Windows and Mac:
- Bug 9308: Prevent install path from leaking in some JS exceptions on Mac and Windows builds
↧
WVS v9.5 - Acunetix Web Vulnerability Scanner
Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.
This week the latest version was released, Acunetix Vulnerability Scanner 9.5.
Features
- AcuSensor Technology
- Industry’s most advanced and in-depth SQL injection and Cross site scripting testing
- Advanced penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer
- Visual macro recorder makes testing web forms and password protected areas easy
- Support for pages with CAPTCHA, single sign-on and Two Factor authentication mechanisms
- Extensive reporting facilities including PCI compliance reports
- Multi-threaded and lightning fast scanner – processes thousands of pages with ease
- Intelligent crawler detects web server type, application language and smartphone-optimized sites.
- Acunetix crawls and analyzes different types of websites including HTML5, SOAP and AJAX
- Port scans a web server and runs security checks against network services running on the server
This new release adds the ability to run security scans on applications built with Google Web Toolkit (GWT). It can also automatically test JSON and XML data objects for vulnerabilities. In addition, vulnerabilities are now also classified using CVE, CWE and CVSS, and AcuSensor has been updated for .NET 4.5 web applications.
↧
↧
WPScan - WordPress Security Scanner
WPScan is a black box WordPress vulnerability scanner.
Features
- Username enumeration (from author querystring and location header)
- Weak password cracking (multithreaded)
- Version enumeration (from generator meta tag and from client side files)
- Vulnerability enumeration (based on version)
- Plugin enumeration (2220 most popular by default)
- Plugin vulnerability enumeration (based on plugin name)
- Plugin enumeration list generation
- Other misc WordPress checks (theme name, dir listing, …)
- Windows not supported
- Ruby >= 1.9.2 – Recommended: 1.9.3
- Curl >= 7.21 – Recommended: latest – FYI the 7.29 has a segfault
- RubyGems – Recommended: latest
- Git
Changelog v2.4
New- ‘–batch’ switch option added – Fix #454
- Add random-agent
- Added more CLI options
- Switch over to nist – Fix #301
- New choice added when a redirection is detected – Fix #438
- Removed ‘Total WordPress Sites in the World’ counter from stats
- Old wpscan repo links removed – Fix #440
- Fingerprinting Dev script removed
- Useless code removed
- Rspecs update
- Forcing Travis notify the team
- Ruby 2.1.1 added to Travis
- Equal output layout for interaction questions
- Only output error trace if verbose if enabled
- Memory improvements during wp-items enumerations
- Fixed broken link checker, fixed some broken links
- Couple more 404s fixed
- Themes & Plugins list updated
- WP 3.8.2 & 3.7.2 Fingerprints added – Fix #448
- WP 3.8.3 & 3.7.3 fingerprints
- WP 3.9 fingerprints
- Fix #380 – Redirects in WP 3.6-3.0
- Fix #413 – Check the version of the Timthumbs files found
- Fix #429 – Error WpScan Cache Browser
- Fix #431 – Version number comparison between ’2.3.3′ and ’0.42b’
- Fix #439 – Detect if the target goes down during the scan
- Fix #451 – Do not rely only on files in wp-content for fingerprinting
- Fix #453 – Documentation or inplemention of option parameters
- Fix #455 – Fails with a message if the target returns a 403 during the wordpress check
- Update WordPress Vulnerabilities
- Fixed some duplicate vulnerabilities
- Total vulnerable versions: 79; 1 is new
- Total vulnerable plugins: 748; 55 are new
- Total vulnerable themes: 292; 41 are new
- Total version vulnerabilities: 617; 326 are new
- Total plugin vulnerabilities: 1162; 146 are new
- Total theme vulnerabilities: 330; 47 are new
↧
w3af - Open Source Web Application Security Scanner
w3af, is a Web Application Attack and Audit Framework. The w3af core and it’s plugins are fully written in python, it identifies more than 200 vulnerabilities and reduce your site’s overall risk exposure. Identify vulnerabilities like SQL Injection, Cross-Site Scripting, Guessable credentials, Unhandled application errors and PHP misconfigurations.
Changelog v1.6
- Improved performance: your scans will run faster
- Improved quality: 1300+ unittests are run after each change to make sure we don’t add any regressions
- Now you’ll be able to easily integrate w3af into other projects with a simple import w3af
- Better documentation
↧
Onionshare - Securely and anonymously share a file of any size
OnionShare lets you securely and anonymously share a file of any size with someone. It works by starting a web server, making it accessible as a Tor hidden service, and generating an unguessable URL access and download the file. It doesn't require setting up a server on the internet somewhere or using a third party filesharing service. You host the file on your own computer and use a Tor hidden service to make it temporarily accessible over the internet. The other user just needs to use Tor Browser to download the file from you.
↧
Tails - The Amnesic Incognito Live System Released
Tails, The Amnesic Incognito Live System, is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly.
↧
↧
MagicTree - Penetration Tester Productivity Tool
Have you ever spent ages trying to find the results of a particular portscan you were sure you did? Or grepping through a bunch of files looking for data for a particular host or service? Or copy-pasting bits of output from a bunch of typescripts into a report? We certainly did, and that's why we wrote MagicTree - so that it does such mind-numbing stuff for us, while we spend our time hacking.
MagicTree is a penetration tester productivity tool. It is designed to allow easy and straightforward data consolidation, querying, external command execution and (yeah!) report generation. In case you wonder, "Tree" is because all the data is stored in a tree structure, and "Magic" is because it is designed to magically do the most cumbersome and boring part of penetration testing - data management and reporting.
Installation
No installation is required for MagicTree. The application is distrubuted as a single JAR file which has to be executed with JRE. Just save the file on your desktop. Double-click on it to execute it or, for less user-friendly OSes, issue “java -jar MagicTree.jar’ command.
↧
YaCy - The Peer to Peer Search Engine
Decentralization
Imagine if, rather than relying on the proprietary software of a large professional search engine operator, your search engine was run by many private computers which aren't under the control of any one company or individual. Well, that's what YaCy does! The resulting decentralized web search currently has about 1.4 billion documents in its index (and growing - download and install YaCy to help out!) and more than 600 peer operators contribute each month. About 130,000 search queries are performed with this network each day.
Live image of the 'freeworld' network
Installation is easy!
The installation takes only three minutes. Just download the release, decompress the package and run the start script. On linux you need OpenJDK7. You don't need to install external databases or a web server, everything is already included in YaCy.
↧
Moscrack - Cluster Cracking Tool For WPA Keys
Moscrack is a PERL application designed to facilitate cracking WPA keys in parallel on a group of computers. This is accomplished by use of either Mosix clustering software, SSH or RSH access to a number of nodes. With Moscrack’s new plugin framework, hash cracking has become possible. SHA256/512, DES, MD5 and *Blowfish Unix password hashes can all be processed with the Dehasher Moscrack plugin.
Features
- Basic API allows remote monitoring
- Automatic and dynamic configuration of nodes
- Live CD/USB enables boot and forget dynamic node configuration
- Uses aircrack-ng (including 1.2 Beta) by default
- CUDA/OpenCL support via Pyrit plugin
- CUDA support via aircrack-ng-cuda (untested)
- Does not require an agent/daemon on nodes
- Can crack/compare SHA256/512, DES, MD5 and blowfish hashes via Dehasher plugin
- Supports mixed OS/protocol configurations
- Supports SSH, RSH, Mosix for node connectivity
- Effectively handles mixed fast and slow nodes or links
- Supports Mosix clustering software
- Nodes can be added/removed/modified while Moscrack is running
- Failed/bad node throttling
- Hung node detection
- Reprocessing of data on error
↧
oclHashcat v1.2 - GPGPU-based Multi-hash Cracker
oclHashcat is a GPGPU-based multi-hash cracker using a brute-force attack (implemented as mask attack), combinator attack, dictionary attack, hybrid attack, mask attack, and rule-based attack.
This GPU cracker is a fusioned version of oclHashcat-plus and oclHashcat-lite.
GPU Driver requirements:
- NV users require ForceWare 331.67 or later
- AMD users require Catalyst 14.4 or later
Changelog v1.21
This release is focused on performance increase / bugfixes.
- Added support for algorithm -m 2612 = PHPS
- Added support for algorithm -m 8600 = Lotus Notes/Domino 5
- Added support for algorithm -m 8700 = Lotus Notes/Domino 6
- Fixed performance drop on descrypt, LM and oracle-old initiated by AMD drivers
- Fixed problem with restoring ADL performance state when the clock size reported by the AMD driver didn’t respect the clock step size
- Fixed problem with setting ADL powertune value for r9 295×2 GPUs
- Added support for writing logfiles
- Added parameter –logfile-disable which should be self-explaining
- Dictstat is now no longer session dependent and will always be based on oclHashcat installation directory
- Use AMD custom profile settings instead of basing the AMD powertune/clock settings on maximum supported clock values
- Fixed VLIW size calculated by compute capability was broken for sm_50 -> cuModuleLoad() 301
- Make –runtime count relative to real attack start not program start
- Fixed bug with fan speed handling, if fan speed is manually set to a high enought value (e.g. 100%) oclHashcat shouldn’t change it
- Problem with username parsing (–username) was fixed
- Fixed problem where IKE-PSK sha1/md5 (-m 5300/-m 5400) were wrongly recognized as shadow file formats
- Fixed problem where the ‘delete range’ rule (xNM) did not allow to remove charaters at the very end of the word
Full Changelog: here
Features
- Worlds fastest password cracker
- Worlds first and only GPGPU based rule engine
- Free
- Multi-GPU (up to 128 gpus)
- Multi-Hash (up to 100 million hashes)
- Multi-OS (Linux & Windows native binaries)
- Multi-Platform (OpenCL & CUDA support)
- Multi-Algo (see below)
- Low resource utilization, you can still watch movies or play games while cracking
- Focuses highly iterated modern hashes
- Focuses dictionary based attacks
- Supports distributed cracking
- Supports pause / resume while cracking
- Supports sessions
- Supports restore
- Supports reading words from file
- Supports reading words from stdin
- Supports hex-salt
- Supports hex-charset
- Built-in benchmarking system
- Integrated thermal watchdog
- 100+ Algorithms implemented with performance in mind
Attack-Modes
- Straight (accept Rules)
- Combination
- Brute-force
- Hybrid dict + mask
- Hybrid mask + dict
Algorithms
- MD4
- MD5
- SHA1
- SHA-256
- SHA-512
- SHA-3 (Keccak)
- RipeMD160
- Whirlpool
- GOST R 34.11-94
- HMAC-MD5 (key = $pass)
- HMAC-MD5 (key = $salt)
- HMAC-SHA1 (key = $pass)
- HMAC-SHA1 (key = $salt)
- HMAC-SHA256 (key = $pass)
- HMAC-SHA256 (key = $salt)
- HMAC-SHA512 (key = $pass)
- HMAC-SHA512 (key = $salt)
- LM
- NTLM
- DCC
- DCC2
- NetNTLMv1
- NetNTLMv1 + ESS
- NetNTLMv2
- Kerberos 5 AS-REQ Pre-Auth etype 23
- AIX {smd5}
- AIX {ssha1}
- AIX {ssha256}
- AIX {ssha512}
- FreeBSD MD5
- OpenBSD Blowfish
- descrypt
- md5crypt
- bcrypt
- sha256crypt
- sha512crypt
- DES(Unix)
- MD5(Unix)
- SHA256(Unix)
- SHA512(Unix)
- OSX v10.4
- OSX v10.5
- OSX v10.6
- OSX v10.7
- OSX v10.8
- OSX v10.9
- Cisco-ASA
- Cisco-IOS
- Cisco-PIX
- GRUB 2
- Juniper Netscreen/SSG (ScreenOS)
- RACF
- Samsung Android Password/PIN
- MSSQL
- MySQL
- Oracle
- Postgres
- Sybase
- DNSSEC (NSEC3)
- IKE-PSK
- IPMI2 RAKP
- iSCSI CHAP
- WPA
- WPA2
- 1Password, cloudkeychain
- 1Password, agilekeychain
- Lastpass
- Password Safe SHA-256
- TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES
- TrueCrypt 5.0+ PBKDF2 HMAC-SHA512 + AES
- TrueCrypt 5.0+ PBKDF2 HMAC-Whirlpool + AES
- TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES + boot-mode
- TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES + hidden-volume
- TrueCrypt 5.0+ PBKDF2 HMAC-SHA512 + AES + hidden-volume
- TrueCrypt 5.0+ PBKDF2 HMAC-Whirlpool + AES + hidden-volume
- TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES + hidden-volume + boot-mode
- SAP CODVN B (BCODE)
- SAP CODVN F/G (PASSCODE)
- Citrix Netscaler
- Netscape LDAP SHA/SSHA
- Apache MD5-APR
- hMailServer
- EPiServer
- Drupal
- IPB
- Joomla
- MyBB
- osCommerce
- Redmine
- SMF
- vBulletin
- Woltlab Burning Board
- xt:Commerce
- WordPress
- phpBB3
- Half MD5 (left, mid, right)
- Double MD5
- Double SHA1
- md5($pass.$salt)
- md5($salt.$pass)
- md5(unicode($pass).$salt)
- md5($salt.unicode($pass))
- md5(sha1($pass))
- sha1($pass.$salt)
- sha1($salt.$pass)
- sha1(unicode($pass).$salt)
- sha1($salt.unicode($pass))
- sha1(md5($pass))
- sha256($pass.$salt)
- sha256($salt.$pass)
- sha256(unicode($pass).$salt)
- sha256($salt.unicode($pass))
- sha512($pass.$salt)
- sha512($salt.$pass)
- sha512(unicode($pass).$salt)
- sha512($salt.unicode($pass))
↧
↧
Kali Linux 1.0.7 Released
Kernel 3.14, Tool Updates, Package Improvements
apt-get update
apt-get dist-upgrade
# If you've just updated your kernel, then:
rebootKali Linux Encrypted USB Persistence
One of the new sought out features introduced (which is also partially responsible for the kernel update) is the ability to create Kali Linux Live USB with LUKS Encrypted Persistence. This feature ushers in a new era of secure Kali Linux USB portability, allowing us to either boot to a “clean” Kali image or alternatively, overlay it with the contents of a persistent encrypted partition, all within the same USB drive.
Tool Developers Ahoy!
This release also marks the beginning of some co-ordinated efforts between Kali developers and tool developers to make sure their tools are represented correctly and are fully functional within Kali Linux. We would like to thank the metasploit, w3af, and wpscan dev teams for working with us to perfect their Kali packages and hope that more tool developers join in. Tool developers are welcome to send us an email to ![]()
and we’ll be happy to work with you to better integrate your tool into Kali.
and we’ll be happy to work with you to better integrate your tool into Kali.Kali Linux: Greater Than the Sum of its Parts
For quite some time now, we’ve been preaching that Kali Linux is more than a “Linux distribution with a collection of tools in it”. We invest a significant of time and resources developing and enabling features in the distribution which we think are useful for penetration testers and other security professionals. These features range from things like “live-build“, which allows our end users to easily customize their own Kali ISOs to features like Live USB persistence encryption, which provides paranoid users with an extra layer of security. Many of these features are unique to Kali and can be found nowhere else. We’ve started tallying these features and linking them from our Kali documentation page– check it out, it’s growing to be an impressive list!
Torrents, Virtual Machine & ARM images
In the next few days, Offensive Security will post Virtual Machine and custom ARM images for the 1.0.7 release. We will announce the availability of these images via our blogs and Twitter feeds, so stay tuned!.
↧
Hostscan - PHP tool for scanning specific range of hosts
Hostscan is a php tool which allows you to scan specific range of hosts, mostly for information gathering and testing for weak passwords. I guess it's a pentest tool, i'd created it to automate some tests that i often do. Since it's PHP, it works quite slowly compared to client-side soft.
How it works?
- You need to provide range of ip's (e.g. 127.0.0.1 - 127.0.0.10); program will perform operations on each address separately, basing on selected options, then it will print out the response.
- By default, program will only check open ports, print http response headers, test for HTTP methods and check FTP for anonymous login.
- If 'SSH/IMAP/DB's' are checked, program will try to bruteforce SSH,IMAP,MySQL,PostgreSQL & MsSQL using array of passwords and users defined on the beggining of script. Notice, that it will try to login as user with grand permissions (e.g. root, postgres), although you're able to edit it.
- If 'FTP User' is set, program will also try to bruteforce FTP with specific user using mentioned passwords array. By default it's not, and it will only test for anonymous login.
- If 'Deep Scan' is set, program will perform all aforementioned operations. Further, it will use nmap with specific parameters you're able to edit, also, the traceroute scan will be performed and displayed - just like nmap. Deep Scan also gather some useful informations about a website (if it's running), such as interesting files/folders and www title.
- ?url=website.com for quick IP address of specific website....so - what it does it do? Nmap, traceroute, port scan, ftp anonymous login, ftp/ssh/imap/mysql/pgsql/mssql bruteforce, http (website) info gathering,Crawler accepts as a parameter array of files and folders that you can manually edit, just like others options.
↧
Hook Analyser 3.1 - Malware Analysis Tool
Hook Analyser is a freeware application which allows an investigator/analyst to perform “static & run-time / dynamic” analysis of suspicious applications, also gather (analyse & co-related) threat intelligence related information (or data) from various open sources on the Internet.
Essentially it’s a malware analysis tool that has evolved to add some cyber threat intelligence features & mapping.
Hook Analyser is perhaps the only “free” software in the market which combines analysis of malware analysis and cyber threat intelligence capabilities. The software has been used by major Fortune 500 organisations.
Features/Functionality
- Spawn and Hook to Application – Enables you to spawn an application, and hook into it
- Hook to a specific running process – Allows you to hook to a running (active) process
- Static Malware Analysis – Scans PE/Windows executables to identify potential malware traces
- Application crash analysis – Allows you to analyse memory content when an application crashes
- Exe extractor – This module essentially extracts executables from running process/s
↧
ProduKey - Recover lost Windows product key (CD-Key) and Office 2003/2007 product key
ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office (Microsoft Office 2003, Microsoft Office 2007), Windows (Including Windows 7 and Windows Vista), Exchange Server, and SQL Server installed on your computer. You can view this information for your current running operating system, or for another operating system/computer - by using command-line options. This utility can be useful if you lost the product key of your Windows/Office, and you want to reinstall it on your computer.
↧
↧
OWASP OWTF – Offensive (Web) Testing Framework
The purpose of this tool is to automate the manual, uncreative part of pen testing: For example, spending time trying to remember how to call "tool X", parsing results of "tool X" manually to feed "tool Y", etc.
By reducing this burden I hope pen testers will have more time to:
- See the big picture and think out of the box
- More efficiently find, verify and combine vulnerabilities
- Have time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessions
- Perform more tactical/targeted fuzzing on seemingly risky areas
- Demonstrate true impact despite the short timeframes we are typically given to test.
Some features like the passive and semi_passive test separation may also assist pen testers wishing to go the extra mile to get a head start and maybe even legitimately start report writing or preparing attacks before they are given the green light to test.
The tool is highly configurable and anybody can trivially create simple plugins or add new tests in the configuration files without having any development experience. Please share your tests with the community! :)
This tool is however not a silverbullet and will only be as good as the person using it: Understanding and experience will be required to correctly interpret tool output and decide what to investigate further in order to demonstrate impact.
Features
- OWASP Testing Guide-oriented: owtf will try to classify the findings as closely as possible to the OWASP Testing Guide
- Report updated on the fly: As soon as each plugin finishes or sometimes before (i.e. after each vulnerability scanner finishes)
- "Scumbag spidering": Instead of implementing yet another spider (a hard job), owtf will scrub the output of all tools/plugins run to gather as many URLs as possible. This is somewhat "cheating" but tremendously effective since it combines the results of different tools, including several tools that perform brute forcing of files and directories.
- Resilience: If one tool crashes owtf will move on to the next tool/test, saving the partial output of the tool until it crashed
- Easy to configure: config files are easy to read and modify
- Easy to run: No strange parameters, DB setup requirements, libraries, complex dependencies, etc
- Full control of what tests to run, interactivity and hopefully easy to follow examples and help :)
- Easy to review transaction logs and plain text files with URLs, simple for scripting
- Basic Google Hacking without (annoying) API Key requirements via "blanket searches", trying a bunch of operators at once, you can then narrow the search down if you find something interesting.
- Easy to extract data from the database to parse or pass to other tools: They are all text files
Requirements
- Linux (any Ubuntu derivative should work just fine) and python 2.6.5 or greater
- Latest Kali version not required but helpful (almost 0 setup time)
- You do NOT have to have all tools installed: owtf will move on with an error for the missing tools
↧
WebSiteSniffer - captures all Web site files downloaded by your Web browser while browsing the Internet
WebSiteSniffer is a packet sniffer tool that captures all Web site files downloaded by your Web browser while browsing the Internet, and stores them on your hard drive under the base folder that you choose. WebSiteSniffer allows you to choose which type of Web site files will be captured: HTML Files, Text Files, XML Files, CSS Files, Video/Audio Files, Images, Scripts, and Flash (.swf) files.
While capturing the Web site files, the main window of WebSiteSniffer displays general statistics about the downloaded files for every Web site / host name, including the total size of all files (compressed and uncompressed) and total number of files for every file type (HTML, Text, Images, and so on)
↧
Parsero v0.75 - Attacking Robots.txt Files
Parsero is a free script written in Python which reads the Robots.txt file of a web server and looks at the Disallow entries. The Disallow entries tell the search engines what directories or files hosted on a web server mustn't be indexed. For example, "Disallow: /portal/login" means that the content on www.example.com/portal/login it's not allowed to be indexed by crawlers like Google, Bing, Yahoo... This is the way the administrator have to not share sensitive or private information with the search engines.
But sometimes these paths typed in the Disallows entries are directly accessible by the users without using a search engine, just visiting the URL and the Path, and sometimes they are not available to be visited by anybody... Because it is really common that the administrators write a lot of Disallows and some of them are available and some of them are not, you can use Parsero in order to check the HTTP status code of each Disallow entry in order to check automatically if these directories are available or not.
Also, the fact the administrator write a robots.txt, it doesn't mean that the files or directories typed in the Dissallow entries will not be indexed by Bing, Google, Yahoo... For this reason, Parsero is capable of searching in Bing to locate content indexed without the web administrator authorization. Parsero will check the HTTP status code in the same way for each Bing result.
When you execute Parsero, you can see the HTTP status codes. For example, the codes bellow:
200 OK The request has succeeded.
403 Forbidden The server understood the request, but is refusing to fulfill it.
404 Not Found The server hasn't found anything matching the Request-URI.
302 Found The requested resource resides temporarily under a different URI.
...Usage
$ python3 parsero.py -h
usage: parsero.py [-h] [-u URL] [-o] [-sb]
optional arguments:
-h, --help show this help message and exit
-u URL Type the URL which will be analyzed
-o Show only the "HTTP 200" status code
-sb Search in Bing indexed Disallows↧