Quantcast
Channel: KitPloit - PenTest Tools!
Viewing all 5816 articles
Browse latest View live

XSScrapy - Fast, thorough XSS vulnerability spider

September 8, 2014, 7:38 pm
$
0
0

Fast, thorough, XSS spider. Give it a URL and it'll test every link it finds for cross-site scripting vulnerabilities.

XSS attack vectors xsscrapy will test
  • Referer header (way more common than I thought it would be!)
  • User-Agent header
  • Cookie header (added 8/24/14)
  • Forms, both hidden and explicit
  • URL variables
  • End of the URL, e.g. www.example.com/<script>alert(1)</script>
  • Open redirect XSS, e.g. looking for links where it can inject a value of javascript:prompt(1)
XSS attack vectors xsscrapy will not test
  • Other headers
Let me know if you know of other headers you’ve seen XSS-exploitable in the wild and I may add checks for them in the script.
  • Persistent XSS’s reflected in pages other than the immediate response page
If you can create something like a calendar event with an XSS in it but you can only trigger it by visiting a specific URL that’s different from the immediate response page then this script will miss it.
  • DOM XSS
DOM XSS will go untested.
  • CAPTCHA protected forms
This should probably go without saying, but captchas will prevent the script from testing forms that are protected by them.
  • AJAX

Because Scrapy is not a browser, it will not render javascript so if you’re scanning a site that’s heavily built on AJAX this scraper will not be able to travel to all the available links. I will look into adding this functionality in the future although it is not a simple task.

From within the main folder run:
./xsscrapy.py -u http://something.com
If you wish to login then crawl:
./xsscrapy.py -u http://something.com/login_page -l loginname -p pa$$word

Output is stored in XSS-vulnerable.txt.


Search

WPHardening - WPHardening fortification is a security tool for WordPress

September 8, 2014, 7:46 pm
$
0
0

WPHardening is a security tool for WordPress. Different tools to hardening WordPress.

Usage

$ python wphardening.py -h 
Options:
  --version             show program's version number and exit
  -h, --help            show this help message and exit
  -v, --verbose         Active verbose mode output results
  --update              Check for WPHardening latest stable version

  Target:
    This option must be specified to modify the package WordPress.

    -d DIRECTORY, --dir=DIRECTORY
                        **REQUIRED** - Working Directory.

  Hardening:
    Different tools to hardening WordPress.

    -c, --chmod         Chmod 755 in directory and 644 in files.
    -r, --remove        Remove files and directory.
    -b, --robots        Create file robots.txt
    -f, --fingerprinting
                        Deleted fingerprinting WordPress.
    -t, --timthumb      Find the library TimThumb.
    --wp-config         Wizard generated wp-config.php
    --delete-version    Deleted version WordPress.
    --plugins           Download Plugins Security.
    --proxy=PROXY       Use a HTTP proxy to connect to the target url for
                        --plugins and --wp-config.
    --indexes           It allows you to display the contents of directories.

  Miscellaneous:
    -o FILE, --output=FILE
                        Write log report to FILE.log

Examples

Check a WordPress Project
$ python wphardening.py -d /home/path/wordpress -v
Change permissions
$ python wphardening.py -d /home/path/wordpress --chmod -v
Remove files that are not used
$ python wphardening.py -d /home/path/wordpress --remove -v
Create your robots.txt file
$ python wphardening.py -d /home/path/wordpress --robots -v
Remove all fingerprinting
$ python wphardening.py -d /home/path/wordpress --fingerprinting -v
Check a TimThumb library
$ python wphardening.py -d /home/path/wordpress --timthumb -v
Create Index file
$ python wphardening.py -d /home/path/wordpress --indexes -v
Download Plugins security
$ python wphardening.py -d /home/path/wordpress --plugins
Wizard generated wp-config.php
$ python wphardening.py -d /home/path/wordpress --wp-config
Deleted version WordPress
$ python wphardening.py -d /home/path/wordpress --delete-version -v
WPHardening update
$ python wphardening.py --update
Use all options
$ python wphardening.py -d /home/user/wordpress -c -r -f -t --wp-config --delete-version --indexes --plugins -o /home/user/wphardening.log


Tails 1.1.1 - The Amnesic Incognito Live System

September 8, 2014, 7:58 pm
$
0
0

Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity, and helps you to:
  • use the Internet anonymously and circumvent censorship;
    all connections to the Internet are forced to go through the Tor network;
  • leave no trace on the computer you are using unless you ask it explicitly;
  • use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging. 

Changes
Notable user-visible changes include:
  • Security fixes
    • Upgrade the web browser to 24.8.0esr-0+tails1~bpo70+1 (Firefox 24.8.0esr + Iceweasel patches + Torbrowser patches).
    • Add an I2P boot parameter. Without adding "i2p" to the kernel command line, I2P will not be accessible for the Live user. I2P was also upgraded to 0.9.14.1-1~deb7u+1, and stricter firewall rules are applied to it, among other security enhancements.
    • Upgrade Tor to 0.2.4.23-2~d70.wheezy+1 (fixes CVE-2014-5117).
    • Upgrade Linux to 3.14.15-2 (fixes CVE-2014-3534, CVE-2014-4667 and CVE-2014-4943).
    • Prevent dhclient from sending the hostname over the network (ticket #7688).
    • Override the hostname provided by the DHCP server (ticket #7769).
  • Bugfixes
    • Don't ship OpenJDK 6: I2P prefers v7, and we don't need both (ticket #7807).
    • Prevent Tails Installer from updating the system partition properties on MBR partitions (ticket #7716).
  • Minor improvements
    • Upgrade to Torbutton 1.6.12.1.
    • Install gnome-user-guide (ticket #7618).
    • Install cups-pk-helper (ticket #7636).
    • Update the SquashFS sort file, which should speed up boot from DVD (ticket #6372).
    • Compress the SquashFS more aggressively (ticket #7706) which should make the Tails ISO image smaller.
See the online Changelog for technical details.


Wireless Network Watcher v1.72 - Show who is connected to your wireless network

September 9, 2014, 7:16 pm
$
0
0

Wireless Network Watcher is a small utility that scans your wireless network and displays the list of all computers and devices that are currently connected to your network. 

For every computer or device that is connected to your network, the following information is displayed: IP address, MAC address, the company that manufactured the network card, and optionally the computer name. 

You can also export the connected devices list into html/xml/csv/text file, or copy the list to the clipboard and then paste into Excel or other spreadsheet application.

Using Wireless Network Watcher

Wireless Network Watcher doesn't require any installation process or additional dll files. In order to start using it, simply extract the executable file (WNetWatcher.exe) from the zip file, and run it. 

If you want, you can also download WNetWatcher with full install/uninstall support (wnetwatcher_setup.exe), so a shortcut for running WNetWatcher will be automatically added into your start menu.

After running WNetWatcher, it automatically locates your wireless adapter, and scans your network. After a few seconds, you should start see the list of computers that are currently connected to your network.

If from some reason, WNetWatcher failed to locate and scan your network, you can try to manually choosing the correct network adapter, by pressing F9 (Advanced Options) and choosing the right network adapter.

Columns Description

  • IP Address: IP Address of the device or computer.
  • Device Name: The name of the device or computer. This field may remain empty if the computer or the device doesn't provide its name.
  • MAC Address: The MAC address of the network adapter.
  • Network Adapter Company:The company that manufactured the network adapter, according to the MAC Address. This column can help you to detect the type of the device or computer. For example, if the company name is Apple, the device is probably a Mac computer, iPhone, or iPad. 
    if the company name is Nokia, the device is probably a cellular phone of Nokia.

    By default, this utility uses an internal MAC addresses database stored inside the .exe file, but it's not always updated with the latest MAC address assignments. 
    You can manually download the latest MAC addresses file from http://standards.ieee.org/develop/regauth/oui/oui.txtand then put oui.txt in the same folder where WNetWatcher.exe is located. When you run WNetWatcher.exe, it'll automatically load and use the external oui.txt instead of the internal MAC addresses database.
  • Device Information:This column displays 'Your Computer' if the device is the computer that you currently use. This column displays 'Your Router' if the device is the wireless router.
  • User Text:You can assign your own text to any device detected by WNetWatcher. By default, this field is filled with the device name. In order to change the User Text, simply double-click the item and type the desired text.
  • Active:Specifies whether this device is currently active. When a device is not detected anymore, the 'Active' value is turned from 'Yes' to 'No'

Background Scan

Starting from version 1.15, there is a new option under the Options menu - 'Background Scan'. 
When it's turned on, Wireless Network Watcher first make the regular fast network scan to discover all current connected devices. After that, a continuous background scan is activated to discover when new devices are connected to your network. The background scan is slower and less intensive then the regular scan, so it won't overload your computer and you can leave it to run in the background while using other programs. 
When the background scan is running, a counter of the scan process is displayed in the second section of the bottom status bar.
When the background scan is used, you can use the 'Beep On New Device' option to get a beep sound when a new device is detected.

Command-Line Options

/cfg <Filename> Start Wireless Network Watcher with the specified configuration file. For example:
WNetWatcher.exe /cfg "c:\config\wnw.cfg"
WNetWatcher.exe /cfg "%AppData%\WNetWatcher.cfg"
/stext <Filename> Scan your network, and save the network devices list into a regular text file.
/stab <Filename> Scan your network, and save the network devices list into a tab-delimited text file.
/scomma <Filename> Scan your network, and save the network devices list into a comma-delimited text file (csv).
/stabular <Filename> Scan your network, and save the network devices list into a tabular text file.
/shtml <Filename> Scan your network, and save the network devices list into HTML file (Horizontal).
/sverhtml <Filename> Scan your network, and save the network devices list into HTML file (Vertical).
/sxml <Filename> Scan your network, and save the network devices list into XML file.    
  

BurpSentintel - GUI Burp Plugin to ease discovering of security holes in web applications

September 9, 2014, 7:22 pm
$
0
0

A plugin for Burp Intercepting Proxy, to aid and ease the identification of vulnerabilities in web applications.

Searching for vulnerabilities in web applications can be a tedious task. Most of the time consists of inserting magic chars into parameters, and looking for suspicious output. Sentinel tries to automate parts of this laborous task. It's purpose is not to automatically scan for vulnerabilities (even if it can do it in certain cases), as there are better tools out there to do that (BURP scanner for example). So it's the only tool which sits in between manual hacking with BURP repeater, and automated scanning with BURP scanner.

To use it, just send a suspicious HTTP request from BURP proxy to Sentinel. Then the user is able to select certain attack patterns for selected parameters (say, XSS attacks for parameter "id"). Sentinel will issue several requests, with the attack patterns inserted. It will also help find suspicious behaviour and pattern in the accompaining HTTP responses (for example, identify decoded HTML magic chars).

Features

Big Features:
UI Features:

tinfoleak - Get detailed information about a Twitter user activity

September 9, 2014, 7:29 pm
$
0
0

tinfoleak is a simple Python script that allow to obtain:
  • basic information about a Twitter user (name, picture, location, followers, etc.)
  • devices and operating systems used by the Twitter user
  • applications and social networks used by the Twitter user
  • place and geolocation coordinates to generate a tracking map of locations visited
  • show user tweets in Google Earth!
  • download all pics from a Twitter user
  • hashtags used by the Twitter user and when are used (date and time)
  • user mentions by the the Twitter user and when are occurred (date and time)
  • topics used by the Twitter user
You can filter all the information by:
  • start date / time
  • end date / time
  • keywords

Lynis 1.6.1 - Version which includes a non-privileged scan (--pentest)

September 10, 2014, 6:39 pm
$
0
0

Lynis is a security auditing tool for the Linux, Unix and Mac platform. Being open source and free to use, it is an accessible and great solution to perform security scans. Within just a matter of minutes, it displays the weaknesses in your defenses, and tips for improving them. While Lynis was initially an auditing solution, version 1.6.1 brought a very exciting new pentest option (--pentest). It allows to perform a non-privileged scans, so root access is not longer needed. Great for pentesting and to determine if there are other holes to exploit.

This tool is the result of 7 years of development and much feedback by the community. Now it supported by the original author and his company, development is active and regular updates are being released. The author also stated Lynis would remain free and open source. His way of giving back to the community and make sure nice tools do not get behind a paywall.

NetHogs - Small 'net top' tool

September 22, 2014, 3:23 pm
$
0
0

NetHogs is a small 'net top' tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process. NetHogs does not rely on a special kernel module to be loaded. If there's suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this. This makes it easy to indentify programs that have gone wild and are suddenly taking up your bandwidth.

Since NetHogs heavily relies on /proc, it currently runs on Linux only.

 Now supported:
  • Shows TCP download- and upload-speed per process
  • Supports both IPv4 and IPv6
  • Supports both Ethernet and PPP
Ideas/ToDo for new releases:
  • Incoming UDP packets?
  • Sort the output by other values than network usage
  • Monitor specific processes
  • Make it work correctly on machines with multiple IP addresses
  • Integrate into another tool?
  • gui? 

Search

WebBrowserPassView v1.56 - Recover lost passwords stored in your Web browser

September 22, 2014, 3:30 pm
$
0
0

WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 11.0), Mozilla Firefox (All Versions), Google Chrome, Safari, and Opera. This tool can be used to recover your lost/forgotten password of any Website, including popular Web sites, like Facebook, Yahoo, Google, and GMail, as long as the password is stored by your Web Browser.

After retrieving your lost passwords, you can save them into text/html/csv/xml file, by using the 'Save Selected Items' option (Ctrl+S).

Using WebBrowserPassView

WebBrowserPassView doesn't require any installation process or additional DLL files. In order to start using it, simply run the executable file - WebBrowserPassView.exe

After running it, the main window of WebBrowserPassView displays the list of all Web browser passwords found in your system. You can select one or more passwords and then copy the list to the clipboard (Ctrl+C) or export them into text/xml/html/csv file (Ctrl+S). 

DAWIN - Distributed Audit & Wireless Intrusion Notification

September 22, 2014, 3:42 pm
$
0
0

DA-WIN is the end of the manual PCI wireless scan DA-WIN provides an organisation a continuous wireless scanning capability that is light touch and simple. It utilises compact and discreet sensors that can easily be deployed reducing the total cost of protection and simplifying the effort required for absolute, categoric regulatory compliance.

BYOD - Bring Your Own Disaster

Marketing directors everywhere need to be able to swager (see urban dictionary not a spelling mistake - aka swagger) into the office. They NEED to be able to use an I-P-PAD-POD-PONE with teeniest screen to do their job.
DO THEY REALLY need to introduce that POX, VIRUS and MALWARE infected digital equivalent of TYPHOID Mary on to your network
DA-WIN provides an organisation a continuous wireless scanning capability that is light touch and simple. It replaces the network surveillance that head of risk made you take out after the last gartner conference

What is DA-WIN

DA- WIN (pronounced DARWIN) is the evolution of wireless security scanning. Developed by a team that had a significant impact on the field of 802.11 security, it embraces the true-ism that most organisations don't like or embrace network IDS technology and so are unlikely to welcome, invest in or support an IDS implementation in a more specialised area like Wfi.
Scanning is a costly, regulatory requirement for many - Yet it often provides little security protection because it only measures the threat on 4 or 5 days a year. How many CIOs would be happy with a firewall or anti-virus that worked for 1 week in 52?  

How we solved the problem 

Purpose built, designed from the ground up, Wireless IDS are expensive and require an organisation that is committed to the significant investment that is required to gain a security return. Other offering based on repurposed PC or Network equipment can only be deployed in too sparse numbers because of their size and cost to yield real benefits. Mostly these are network sniffers bundled together with adhoc scripts which often results in a significant manual overhead in interpreting the output. DA-WIN is different because:
  • The software it uses has been purposefully designed for the task, it has been designed with regulations such as PC-DSS and Government Standards (332/5) in mind � by personnel that helped set the baseline.
  • The hardware is custom assembled - it is compact, cost effective which allows for easy and trouble free volume deployment.
  • Supports Attack detection, Flood detection, brute forcing detection and a myriad of rogue access point detection techniques.
The typical organisation will claw back its expenditure on manual wireless scanning within 18 months.


FBHT v3.0 - Facebook Hacking Tool (Like flood, Note DDoS attack, FBFriendlyLogout, more...)

September 24, 2014, 7:13 am
$
0
0

FBHT (Facebook Hacking Tool) is an open-source tool written in Python that exploits multiple vulnerabilities on the Facebook platform

The tool provides:
  • 1) Create accounts
  • 2) Delete all accounts for a given user
  • 3) Send friendship requests (Test Accounts)
  • 4) Accept friendship requests (Test Accounts)
  • 5) Connect all the accounts of the database
  • 6) Link Preview hack (Simple web version)
  • 7) Link Preview hack (Youtube version)
  • 8) Youtube hijack
  • 9) Private message, Link Preview hack (Simple web version)
  • 10) Private message, Link Preview hack (Youtube version)
  • 11) NEW Like flood
  • 12) Publish a post as an App (App Message Spoof)
  • 13) Bypass friendship privacy
  • 14) Bypass friendship privacy with graph support
  • 15) Analyze an existing graph
  • 16) Link to disclosed friendships
  • 17) Print database status
  • 18) Increase logging level globally
  • 19) Set global login (Credentials stored in memory - Danger)
  • 20) Print dead attacks :\'( 
  • 21) Send friend request to disclosed friend list from your account
  • 22) Bypass friendship (only .dot without graph integration)
  • 23) Note DDoS attack
  • 24) Old Like Flood (Not working)
  • 25) NEW! SPAM any fanpage inbox
  • 26) Bypass - database support (Beta)
  • 27) Logout all your friends - FB blackout 
  • 28) Close the application

UFONet - DDoS attacks via Web Abuse (XSS/CSRF)

September 22, 2014, 3:57 pm
$
0
0

UFONet - is a tool designed to launch DDoS attacks against a target, using 'Open Redirect' vectors on third party web applications, like botnet.

See this links for more info:
- CWE-601:Open Redirect
- OWASP:URL Redirector Abuse


Main features:
--version             show program's version number and exit
  -v, --verbose         active verbose on requests
  --check-tor           check to see if Tor is used properly
  --update              check for latest stable version

  *Configure Request(s)*:
    --proxy=PROXY       Use proxy server (tor: http://localhost:8118)
    --user-agent=AGENT  Use another HTTP User-Agent header (default SPOOFED)
    --referer=REFERER   Use another HTTP Referer header (default SPOOFED)
    --host=HOST         Use another HTTP Host header (default NONE)
    --xforw             Set your HTTP X-Forwarded-For with random IP values
    --xclient           Set your HTTP X-Client-IP with random IP values
    --timeout=TIMEOUT   Select your timeout (default 30)
    --retries=RETRIES   Retries when the connection timeouts (default 1)
    --delay=DELAY       Delay in seconds between each HTTP request (default 0)

  *Manage Botnet*:
    -s SEARCH           Search 'zombies' on google (ex: -s 'proxy.php?url=')
    --sn=NUM_RESULTS    Set max number of result to search (default 10)
    -t TEST             Test list of web 'zombie' servers (ex: -t zombies.txt)

  *Configure Attack(s)*:
    -r ROUNDS           Set number of 'rounds' for the attack (default: 1)
    -b PLACE            Set a place to 'bit' on target (ex: -b /path/big.jpg)
    -a TARGET           Start a Web DDoS attack (ex: -a http(s)://target.com)


Drozer - The Leading Security Assessment Framework for Android

September 29, 2014, 5:12 pm
$
0
0

drozer is a comprehensive security audit and attack framework for Android.

With increasing pressure to support mobile working, the ingress of Android into the enterprise is gathering momentum. Have you considered the threat posed by the Android app that supports your business function, or Android devices being used as part of your BYOD strategy?

drozer helps to provide confidence that Android apps and devices being developed by, or deployed across, your organisation do not pose an unacceptable level of risk. By allowing you to interact with the Dalvik VM, other apps’ IPC endpoints and the underlying OS.

drozer provides tools to help you use and share public exploits for Android. For remote exploits, it can generate shellcode to help you to deploy the drozer Agent as a remote administrator tool, with maximum leverage on the device.

Faster Android Security Assessments

drozer helps to reduce the time taken for Android security assessments by automating the tedious and time-consuming.
  • Discover and interact with the attack surface exposed by Android apps.
  • Execute dynamic Java-code on a device, to avoid the need to compile and install small test scripts.

Test against Real Android Devices

drozer runs both in Android emulators and on real devices. It does not require USB debugging or other development features to be enabled; so you can perform assessments on devices in their production state to get better results.

Automate and Extend

drozer can be easily extended with additional modules to find, test and exploit other weaknesses; this, combined with scripting possibilities, helps you to automate regression testing for security issues.

Test your Exposure to Public Exploits

drozer provides point-and-go implementations of many public Android exploits. You can use these to identify vulnerable devices in your organisation, and to understand the risk that these pose.


srm - command-line program to delete files securely

September 29, 2014, 5:22 pm
$
0
0


srm is a secure replacement for rm(1). Unlike the standard rm, it overwrites the data in the target files before unlinking them. This prevents command-line recovery of the data by examining the raw block device. It may also help frustrate physical examination of the disk, although it's unlikely that it can completely prevent that type of recovery. It is, essentially, a paper shredder for sensitive files.

srm is ideal for personal computers or workstations with Internet connections. It can help prevent malicious users from breaking in and undeleting personal files, such as old emails. Because it uses the exact same options as rm(1), srm is simple to use. Just subsitute it for rm whenever you want to destroy files, rather than just unlinking them. For more information on using srm, read the manual page srm(1).


MASSCAN - Mass IP port scanner (fastest Internet port scanner)

September 29, 2014, 5:30 pm
$
0
0

This is the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second.

It produces results similar to nmap, the most famous port scanner. Internally, it operates more like scanrand, unicornscan, and ZMap, using asynchronous transmission. The major difference is that it's faster than these other scanners. In addition, it's more flexible, allowing arbitrary address ranges and port ranges.

NOTE: masscan uses a custom TCP/IP stack. Anything other than simple port scans will cause conflict with the local TCP/IP stack. This means you need to either use the -S option to use a separate IP address, or configure your operating system to firewall the ports that masscan uses.

This tool is free, but consider funding it here: 1MASSCANaHUiyTtR3bJ2sLGuMw5kDBaj4T

Building

On Debian/Ubuntu, it goes something like this:
$ sudo apt-get install git gcc make libpcap-dev
$ git clone https://github.com/robertdavidgraham/masscan
$ cd masscan
$ make

This puts the program in the masscan/bin subdirectory. You'll have to manually copy it to something like /usr/local/bin if you want to install it elsewhere on the system.

The source consists of a lot of small files, so building goes a lot faster by using the multi-threaded build:
$ make -j

While Linux is the primary target platform, the code runs well on many other systems. Here's some additional build info:
  • Windows w/ Visual Studio: use the VS10 project
  • Windows w/ MingGW: just type make
  • Windows w/ cygwin: won't work
  • Mac OS X /w XCode: use the XCode4 project
  • Mac OS X /w cmdline: just type make
  • FreeBSD: type gmake
  • other: I don't know, don't care

Usage

Usage is similar to nmap. To scan a network segment for some ports:
# masscan -p80,8000-8100 10.0.0.0/8

This will:
  • scan the 10.x.x.x subnet, all 16 million addresses
  • scans port 80 and the range 8000 to 8100, or 102 addresses total
  • print output to <stdout> that can be redirected to a file
To see the complete list of options, use the --echo feature. This dumps the current configuration and exits. This output can be used as input back into the program:
# masscan -p80,8000-8100 10.0.0.0/8 --echo > xxx.conf
# masscan -c xxx.conf --rate 1000


Search

mwebfp - Massive Web Fingerprinter

October 8, 2014, 6:36 pm
$
0
0
The "LowNoiseHG (LNHG) Massive Web Fingerprinter" ("mwebfp" from now on) was conceived in July 2013 after realizing the usefulness of webserver screenshots to pentesters, during an engagement with large external or internal IP address ranges, as a quick means of identification of critical assets, easily-exploitable services, forgotten/outdated servers and basic network architecture knowledge of the target.

Description

The basic operation of mwebfp consists of the processing of an input (targets and TCP ports) that is then used to identify open web server ports with the help of a powerful portscanner (nmap). All ports found open are then analyzed (on HTTP and HTTPS) and all relevant webserver information is recorded, as well as a screenshot of the rendered webpage (as if it is seen from a broswer).

Special Features

  • Input
    • Target(s) can be IP address(es), IP address range(s), server name(s), etc.
    • Target(s) can be provided directly on the command-line or on a file
  • Port Definition
    • Default ports are 80 (HTTP) and 443 (HTTPS), but any port can be easily configured at runtime
  • Output
    • All output files and related support files for the scan are saved on a directory configured at runtime by the user
    • Currently, mwebfp exports results on a CSV file (Easily usable on MS Excel) only
  • Virtual Hosts
    • If requested at runtime, mwebfp will find all virutally hosted domains and webpages for the target server
  • Webserver Screenshots
    • If requested at runtime, mwebfp will grab screenshots of all found web pages (Graphical UI under Linux is required)

Parameters

# LowNoiseHG Massive Web Fingerprinter
# by F4Lc0N - LNHG - USA/Colombia
#
# Thanks to ET, c4an, Th3R3g3nt, ch0ks and ElJeffe311
# for inspiration, ideas and debugging/beta-testing help.

usage: mwebfp.py [-h]
                 [-i INPUT_RANGE | -n SERVER_NAME | -f INPUT_FILE | -r]
                 [-p HTTP_PORTS] [-s HTTPS_PORTS] [-o OUTPUT_DIR]
                 [-t {HTML,XLS,CSV,XML}] [-v {yes,no}] [-w {yes,no}]

optional arguments:
  -h, --help            show this help message and exit
  -i INPUT_RANGE, --input-range INPUT_RANGE
                        input IP CIDR range
  -n SERVER_NAME, --server-name SERVER_NAME
                        name of server (DNS name)
  -f INPUT_FILE, --input-file INPUT_FILE
                        input file containing IP addresses and/or IP ranges
  -r, --recover         recover/continue previous process
  -p HTTP_PORTS, --http-ports HTTP_PORTS
                        TCP HTTP ports (Default: 80/tcp)
  -s HTTPS_PORTS, --https-ports HTTPS_PORTS
                        TCP HTTPS ports (Default: 443/tcp)
  -o OUTPUT_DIR, --output-dir OUTPUT_DIR
                        working directory
  -t {HTML,XLS,CSV,XML}, --output-format {HTML,XLS,CSV,XML}
                        output report format (Default: HTML)
  -v {yes,no}, --vhosts {yes,no}
                        choice of processing vhosts for each IP address
                        (Default: no)
  -w {yes,no}, --web-screenshots {yes,no}
                        choice of taking web schreenshots (Default: no)


OWASP Xenotix XSS Exploit Framework 6

October 8, 2014, 6:43 pm
$
0
0

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. Xenotix provides Zero False Positive XSS Detection by performing the Scan within the browser engines where in real world, payloads get reflected. Xenotix Scanner Module is incorporated with 3 intelligent fuzzers to reduce the scan time and produce better results. If you really don't like the tool logic, then leverage the power of Xenotix API to make the tool work like you wanted it to be. It is claimed to have the world’s 2nd largest XSS Payloads of about 4800+ distinctive XSS Payloads. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes real world offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.


Features

SCANNER MODULES
  • GET Request Manual Mode
  • GET Request Auto Mode
  • Multiple Parameter Scanner
  • GET Request Fuzzer
  • POST Request Fuzzer
  • Advanced Request Fuzzer
  • OAuth 1.0a Request Scanner
  • DOM Scanner
  • Hidden Parameter Detector
INFORMATION GATHERING MODULES
  • WAF Fingerprinting
  • Victim Fingerprinting
    • IP to Location
    • IP to GeoLocation
  • Network
    • Network IP (WebRTC)
    • Ping Scan
    • Port Scan
    • Internal Network Scan
  • Browser
    • Fingerprinting
    • Features Detector
EXPLOITATION MODULES
  • Send Message
  • Cookie Thief
  • Keylogger
  • HTML5 DDoSer
  • Load File
  • Grab Page Screenshot
  • JavaScript Shell
  • Reverse HTTP WebShell
  • Metasploit Browser Exploit
  • Social Engineering
    • Phisher
    • Tabnabbing
    • Live WebCam Screenshot
    • Download Spoofer
    • Geolocation HTML5 API
    • Java Applet Drive-By (Windows)
    • Java Applet Drive-By Reverse Shell (Windows)
    • HTA Network Configuration (Windows, IE)
    • HTA Drive-By (Windows, IE)
    • HTA Drive-By Reverse Shell (Windows, IE)
  • Firefox Addons
    • Reverse TCP Shell Addon (Windows, Persistent)
    • Reverse TCP Shell Addon (Linux, Persistent)
    • Session Stealer Addon (Persistent)
    • Keylogger Addon (Persistent)
    • DDoSer Addon (Persistent)
    • Linux Credential File Stealer Addon (Persistent)
    • Drop and Execute Addon (Persistent)
AUXILIARY MODULES
  • WebKit Developer Tools
  • Encoder/Decoder
  • JavaScript Encoders
    • JSFuck 6 Char Encoder
    • jjencode Encoder
    • aaencode Encoder
  • JavaScript Beautifier
  • Hash Calculator
  • Hash Detector
  • View Injected JavaScript
  • View XSS Payloads
XENOTIX SCRIPTING ENGINE
  • Xenotix API
  • IronPython Scripting Support
  • Trident and Gecko Web Engine Support 

CAINE 6.0 "Dark Matter" - Distribution with a complete forensic environment

October 8, 2014, 6:51 pm
$
0
0

CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics. Currently the project manager is Nanni Bassetti

CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.

The main design objectives that CAINE aims to guarantee are the following:
  • an interoperable environment that supports the digital investigator during the four phases of the digital investigation
  • a user friendly graphical interface
  • user friendly tools

CAINE represents fully the spirit of the Open Source philosophy, because the project is completely open, everyone could take the legacy of the previous developer or project manager. The distro is open source, the Windows side (Wintaylor) is open source and, the last but not the least, the distro is installable, so giving the opportunity to rebuild it in a new brand version, so giving a long life to this project ....


CHANGELOG CAINE 6.0 "Dark Matter"
Kernel 3.16.0-36
Based on Ubuntu 14.04.1 64BIT - UEFI/SECURE BOOT Ready!
Caine 6.0 on pendrive can boot on Uefi/Uefi+secure boot/Legacy Bios/Bios.
Caine 6.0 on DVD can boot on Legacy Bios/Bios.
SystemBack is the new installer.

ADDED/CHANGED:
  • fixed password request in polkit
  • fixed password request in textmode e tty
  • Bash bug fixed shellshock
  • mount policy always in ro and loop mode
  • fstrim disabled (enable uncommenting the row in /etc/cron.weekly/fstrim)
  • autopsy patched by Maxim Suhanov:
  • (HFS directories handling fixed,
  • Sun VTOC volume system handling fixed,
  • incorrect timestamps (that are equal to zero) are handled as 01/01/1970 00:00:00)
  • Gzrt
  • Img_map
  • QPhotorec (photorec gui)
  • Undbx
  • Ddrescueview
  • Gddrescue
  • Disktype
  • Peframe
  • Quickhash
  • BEViewer Bulk Extractor
  • Ddrutility
  • Ataraw
  • Frag_find
  • Log2timeline plaso - supertimeline
  • Tinfoleak
  • Inception memory dumper by firewire
  • Volatility
  • 4n6-scripts
  • boot-repair
  • grub-customizer 
  • Broadcom Corporation BCM4313 wireless card drivers


Tails 1.2 - Privacy for anyone anywhere

October 16, 2014, 4:02 pm
$
0
0

Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity, and helps you to:
  • use the Internet anonymously and circumvent censorship;
    all connections to the Internet are forced to go through the Tor network;
  • leave no trace on the computer you are using unless you ask it explicitly;
  • use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.
Changes
Notable user-visible changes include:
  • Major new features
    • Install (most of) the Tor Browser, replacing our previous Iceweasel-based browser. The version installed is from TBB 4.0 and is based on Firefox 31.2.0esr. This fixes the POODLE vulnerability.
    • Upgrade Tor to 0.2.5.8-rc.
    • Confine several important applications with AppArmor.
  • Bugfixes
    • Install Linux 3.16-3 (version 3.16.5-1).
  • Minor improvements
    • Upgrade I2P to 0.9.15, and isolate I2P traffic from the Tor Browser by adding a dedicated I2P Browser. Also, start I2P automatically upon network connection, when the i2p boot option is added.
    • Make it clear that TrueCrypt will be removed in Tails 1.2.1 (ticket #7739), and document how to open TrueCrypt volumes with cryptsetup.
    • Enable VirtualBox guest additions by default (ticket #5730). In particular this enables VirtualBox's display management service.
    • Make the OTR status in Pidgin clearer thanks to the formatting toolbar (ticket #7356).
    • Upgrade syslinux to 6.03-pre20, which should fix UEFI boot on some hardware.
See the online Changelog for technical details.

Tor Browser 4.0 - Everything you need to safely browse the Internet

October 16, 2014, 4:45 pm
$
0
0

 The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.

The Tor Browser lets you use Tor on Windows, Mac OS X, or Linux without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained.
This release features important security updates to Firefox. Additionally, due to the POODLE attack, we have also disabled SSLv3 in this release.

The primary user-facing change since the 3.6 series is the transition to Firefox 31-ESR.

More importantly for censored users who were using 3.6, the 4.0 series also features the addition of three versions of the meek pluggable transport. In fact, we believe that both meek-amazon and meek-azure will work in China today, without the need to obtain bridge addresses. Note though that we still need to improve meek's performance to match other transports, though. so adjust your expectations accordingly. See tickets #12428, #12778, and #12857 for details.

This release also features an in-browser updater, and a completely reorganized bundle directory structure to make this updater possible. This means that simply extracting a 4.0 Tor Browser over a 3.6.6 Tor Browser will not work. Please also be aware that the security of the updater depends on the specific CA that issued the www.torproject.org HTTPS certificate (Digicert), and so it still must be activated manually through the Help ("?") "about browser" menu option. Very soon, we will support both strong HTTPS site-specific certificate pinning (ticket #11955) and update package signatures (ticket #13379). Until then, we do not recommend using this updater if you need stronger security and normally verify GPG signatures.

There are also a couple behavioral changes relating to NoScript since 3.6. In particular, by default it now enforces script enable/disable for all sub-elements of a page, so you only need to enable scripts once for a page to work, rather than enabling many sub-scripts. This will hopefully make it possible for more people to use the "High Security" setting in our upcoming Security Slider, which will have Javascript disabled globally via NoScript by default. While we do not recommend per-element whitelisting due to fingerprinting, users who insist on keeping this functionality may wish to check out RequestPolicy.

Note to MacOS users: We intend to deprecate 32bit OSX bundles very soon. If you are still using 32bit OSX 10.6, you soon will need to either update your OS to a later version, or begin using the Tails live operating system.

Here is the changelog since 4.0-alpha-3:
  • All Platforms
    • Update Firefox to 31.2.0esr
    • Update Torbutton to 1.7.0.1
      • Bug 13378: Prevent addon reordering in toolbars on first-run.
      • Bug 10751: Adapt Torbutton to ESR31's Australis UI.
      • Bug 13138: ESR31-about:tor shows "Tor is not working"
      • Bug 12947: Adapt session storage blocker to ESR 31.
      • Bug 10716: Take care of drag/drop events in ESR 31.
      • Bug 13366: Fix cert exemption dialog when disk storage is enabled.
    • Update Tor Launcher to 0.2.7.0.1
      • Translation updates only
    • Udate fteproxy to 0.2.19
    • Update NoScript to 2.6.9.1
    • Bug 13027: Spoof window.navigator useragent values in JS WebWorker threads
    • Bug 13016: Hide CSS -moz-osx-font-smoothing values.
    • Bug 13356: Meek and other symlinks missing after complete update.
    • Bug 13025: Spoof screen orientation to landscape-primary.
    • Bug 13346: Disable Firefox "slow to start" warnings and recordkeeping.
    • Bug 13318: Minimize number of buttons on the browser toolbar.
    • Bug 10715: Enable WebGL on Windows (still click-to-play via NoScript)
    • Bug 13023: Disable the gamepad API.
    • Bug 13021: Prompt before allowing Canvas isPointIn*() calls.
    • Bug 12460: Several cross-compilation and gitian fixes (see child tickets)
    • Bug 13186: Disable DOM Performance timers
    • Bug 13028: Defense-in-depth checks for OCSP/Cert validation proxy usage
    • Bug 13416: Defend against new SSLv3 attack (poodle).


Here is the list of all changes in the 4.0 series since 3.6.6:

  • All Platforms
    • Update Firefox to 31.2.0esr
    • Udate fteproxy to 0.2.19
    • Update Tor to 0.2.5.8-rc (from 0.2.4.24)
    • Update NoScript to 2.6.9.1
    • Update Torbutton to 1.7.0.1 (from 1.6.12.3)
      • Bug 13378: Prevent addon reordering in toolbars on first-run.
      • Bug 10751: Adapt Torbutton to ESR31's Australis UI.
      • Bug 13138: ESR31-about:tor shows "Tor is not working"
      • Bug 12947: Adapt session storage blocker to ESR 31.
      • Bug 10716: Take care of drag/drop events in ESR 31.
      • Bug 13366: Fix cert exemption dialog when disk storage is enabled.
    • Update Tor Launcher to 0.2.7.0.1 (from 0.2.5.6)
      • Bug 11405: Remove firewall prompt from wizard.
      • Bug 12895: Mention @riseup.net as a valid bridge request email address
      • Bug 12444: Provide feedback when “Copy Tor Log” is clicked.
      • Bug 11199: Improve error messages if Tor exits unexpectedly
      • Bug 12451: Add option to hide TBB's logo
      • Bug 11193: Change "Tor Browser Bundle" to "Tor Browser"
      • Bug 11471: Ensure text fits the initial configuration dialog
      • Bug 9516: Send Tor Launcher log messages to Browser Console
    • Bug 13027: Spoof window.navigator useragent values in JS WebWorker threads
    • Bug 13016: Hide CSS -moz-osx-font-smoothing values.
    • Bug 13356: Meek and other symlinks missing after complete update.
    • Bug 13025: Spoof screen orientation to landscape-primary.
    • Bug 13346: Disable Firefox "slow to start" warnings and recordkeeping.
    • Bug 13318: Minimize number of buttons on the browser toolbar.
    • Bug 10715: Enable WebGL on Windows (still click-to-play via NoScript)
    • Bug 13023: Disable the gamepad API.
    • Bug 13021: Prompt before allowing Canvas isPointIn*() calls.
    • Bug 12460: Several cross-compilation and gitian fixes (see child tickets)
    • Bug 13186: Disable DOM Performance timers
    • Bug 13028: Defense-in-depth checks for OCSP/Cert validation proxy usage
    • Bug 4234: Automatic Update support (off by default)
    • Bug 11641: Reorganize bundle directory structure to mimic Firefox
    • Bug 10819: Create a preference to enable/disable third party isolation
    • Bug 13416: Defend against new SSLv3 attack (poodle).
  • Windows:
    • Bug 10065: Enable DEP, ASLR, and SSP hardening options
  • Linux:
    • Bug 13031: Add full RELRO hardening protection.
    • Bug 10178: Make it easier to set an alternate Tor control port and password
    • Bug 11102: Set Window Class to "Tor Browser" to aid in Desktop navigation
    • Bug 12249: Don't create PT debug files anymore
The list of frequently encountered known issues is also available in our bug tracker.


Viewing all 5816 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>