BSSID CHANNEL ESSID

AA:BB:CC:DD:EE:FF 1 MyWlan 
00:BB:CC:DD:EE:FF 13 TpLink 
00:22:33:DD:EE:FF 13 MyHomeSSID

• Every line of list file is checked separately in for loop
• After every AP on the list once, script automatically changes MAC address of your card to random MAC using macchanger (you can also setup your own MAC if you need),
• Whole list is checked again and again, in endless while loop, until there is nothing to check loop is stopped,
• Found PINS/WPA PASSPHRASES are stored in {CRACKED_LIST_FILE_PATH} file.

• Wireless adapter which supports injection (see [https://code.google.com/p/reaver-wps/wiki/SupportedWirelessDrivers Reaver Wiki])
• Linux Backtrack 5
• Root access on your system (otherwise some things may not work)
• AND if you use other Linux distribution*
  • Reaver 1.4 (I didn't try it with previous versions)
  • KDE (unless you'll change 'konsole' invocations to 'screen', 'gnome-terminal' or something like that... this is easy)
  • Gawk (Gnu AWK)
  • Macchanger
  • Airmon-ng, Airodump-ng, Aireplay-ng
  • Wash (WPS Service Scanner)
  • Perl

git clone https://code.google.com/p/auto-reaver/

cd ./auto-reaver

chmod 700 ./washAutoReaver
chmod 700 ./autoReaver

./washAutoReaverList > myAPTargets

cat ./myAPTargets

./autoReaver myAPTargets

• Script logs dates of PIN attempts, so you can check how often AP is locked and for how long. Default directory for those logs is ReaverLastPinDates.
• Script logs each AP rate limit for every AP (default directory is /tmp/APLimitBSSID), so you can easily check when last rate limit occured
• You can setup your attack using variables from configurationSettings file (sleep/wait times between AP`s and loops, etc.)
• You can disable checking AP by adding "#" sign in the beginning of line, in myAPTargets file (then AP will be ommited in loop)
• (added 2014-07-03) You can setup specific settings per access point.
  To do that for AP with MAC AA:BB:CC:DD:EE:FF, just create file ./configurationSettingsPerAp/AABBCCDDEEFF
  and put there variables from ./configurationSettings file that you want to change for example:
  

  ADDITIONAL_OPTIONS="-g 10 -E -S -N -T 1 -t 15 -d 0 -x 3";

AA:BB:CC:DD:EE:FF R MyWlan

• AIX
• FreeBSD
• HP-UX
• Linux
• Mac OS
• NetBSD
• OpenBSD
• Solaris
• and others

1. Determine operating system
2. Search for available tools and utilities
3. Check for Lynis update
4. Run tests from enabled plugins
5. Run security tests per category
6. Report status of security scan

• Security auditing
• Compliance testing (e.g. PCI, HIPAA, SOx)
• Vulnerability detection and scanning
• System hardening

• Best practices
• CIS
• NIST
• NSA
• OpenSCAP data
• Vendor guides and recommendations (e.g. Debian Gentoo, Red Hat)

Differences with Bastille

Automated hardening tools are helpful, but at the same time might give a false sense of security. Instead of just turning on some settings, Lynis perform an in-depth security scan. You are the one to decide what level of security is appropriate for your environment. After all, not all systems have to be like Fort Knox, unless you want it to be.

Benefits of Lynis

• Supports more operating systems
• Won't break your system
• More in-depth audit

Differences with OpenVAS / Nessus

Lynis runs on the host itself, therefore it can perform a deeper analysis compared with network based scans. Additionally, there is no risk for your business processes, and log files remain clean from connection attempts and incorrect requests.

Although Lynis is an auditing tool, it will actually discover vulnerabilities as well. It does so by using existing tools and analyzing configuration files.

Lynis and OpenVAS are both open source and free to use. Nessus is a closed source and paid.

Benefits of Lynis

• Much faster
• No pollution of log files, no disruption to business services
• Host based scans provides more in-depth audit

 = Lynis 2.1.0 (2015-04-16) =

General:
---------
Screen output has been improved to provide additional information.

OS support:
------------
CUPS detection on Mac OS has been improved. AIX systems will now use csum
utility to create host ID. Group check have been altered on AIX, to include
the -n ALL. Core dump check on Linux is extended to check for actual values
as well.

Software:
----------
McAfee detection has been extended by detecting a running cma binary.
Improved detection of pf firewall on BSD and Mac OS. Security patch checking
with zypper extended.

Session timeout:
-----------------
Tests to determine shell time out setting have been extended to account for
AIX, HP-UX and other platforms. It will now determine also if variable is
exported as a readonly variable. Related compliance section PCI DSS 8.1.8
has been extended.

Documentation:
---------------
- New document: Getting started with Lynis
https://cisofy.com/documentation/lynis/get-started/

Plugins (Enterprise):
----------------------
- Update to file integrity plugin
Changes to PLGN-2606 (capabilities check)

- New configuration plugins:
PLGN-4802 (SSH settings)
PLGN-4804 (login.defs)

• URLs visited
• POST loads sent
• HTTP form logins/passwords
• HTTP basic auth logins/passwords
• HTTP searches
• FTP logins/passwords
• IRC logins/passwords
• POP logins/passwords
• IMAP logins/passwords
• Telnet logins/passwords
• SMTP logins/passwords
• SNMP community string
• NTLMv1/v2 all supported protocols like HTTP, SMB, LDAP, etc
• Kerberos

sudo python net-creds.py

sudo python net-creds.py -i eth0

sudo python net-creds.py -f 192.168.0.2

python net-creds.py -p pcapfile

1. Create and configure the MySQL database. spt will need a MySQL database to house its data, so go ahead and create that database and configure the associated user account for the new database with ALL PRIVILEGES assigned to it. Be sure you record the database name, user name and password in a safe place, you'll need it soon to install spt!
2. Ensure you have PHP 5.4
3. Extract the spt files from the archive.
4. Create a new directory on your web server, such as "spt" and upload the files to the directory.

1.  Open your web browser and navigate to the location where you uploaded the files and browse to install.php. For example, http://www.myhost.com/spt/install.php. If you accidentally just go to the root of the folder you placed the files in, you will be prompted to start the installation by clicking the right pointing arrow.
2. When prompted to accept the GNU General Public License, click the "I Agree!" button. For reference, you can read the full text of the license in the license.htm file included in the root of the extracted files.
3. On the next page, you will get feedback on the readiness of your server to install the spt. You can learn more about any failed items by hovering over the icon. Click the “Proceed!” button if all checks passed, or click the “Proceed Anyways” button if one of the checks failed and you have verified that the spt installer is reporting incorrectly.
4. On the next page, you will need to provide those database details from earlier. The default server and database ports are provided, be sure to change them if your installation will require something else. Enter in the remaining required information and click the "Install Database!" button to get things moving along.
5. If all goes well, you will see a listing of tables that have been successfully created. Click "Continue!" to move on.
6. If instead you see an error indicated, click the "<back" button to go back and enter the database information again.
7. Now it's time to create your first user, for you! Enter your first and last name, email address and password and click the "Create User" button to continue on.
8. If you receive any errors, such as for an invalid email address or a password that does not meet the complexity requirements, click the "<back" button and try it again.
9. Once you enter the required information successfully, you will receive confirmation. Click the "Proceed to Login" button to get logged into the spt!
10. Now it's time to login using the email address and password you entered in the previous step. See, that was easy!

• Version 2015-04-19
  • Portable mode
  • Read in file from command line
  • Save traffic log
  • Mobile versions have been abandoned. Project focus is now on the far more popular desktop version.
• Version 2015-02-13
  • Migrated to GitHub
  • New vector-based logo
  • Bug fix in quick-disable/enable
  • Migrated to Qt 5.4
  • Ubuntu version brought up to date.
  • Forums are closed (spammers killed it).
• Version 2014-10-07
  • Initial launch of forums.
  • Multi-Send.
  • Quick-send from traffic log selected packets.
  • Packet Export/Import.
  • Rolling traffic log support.
  • Numerous configuration settings added:
    • Copy raw packet data to clipboard.
    • Receive before send.
    • Connection delays for slow devices.
  • Command line interface default binds to 0.
  • Universal (XP through 8.1) Windows installer.
  • Migrated to Qt 5.3
  • Some rework of the "About" section.
• Version 2014-02-22
  • TCP connections are now fully threaded (no more UI freezes).
  • Brand new and highly capable command line interface. (Run PacketSender --help)
  • Some mild UI enhancements to make sending easier.
  • Ubuntu version brought up to date.
  • Windows XP now separated.
  • Qt 5.2
• Version 1.5 (Mobile)
  • Android version released.
• Version 2013-11-18
  • Copy to Clipboard button on traffic log.
  • Name prompt for traffic log.
• Version 2013-11-11
  • Bad installer on Windows. No other changes made.
• Version 2013-11-09
  • Searching packets from traffic log.
  • Fixed some traffic log stability problems.
• Version 2013-11-05
  • Added resending packets at user-specified intervals.
  • Traffic log sped up significantly.
  • Packet searching.
  • Table headers (both saved packets and traffic log) can be rearranged.
  • Response packet for TCP actually works now.
  • Response packet data can be manually updated.
  • About / License stuff moved to another tab.
  • Internal libraries updated.
• Version 2013-10-20
  • 64-bit Ubuntu and Linux Mint support.
• Version 2013-10-14
  • Ubuntu and Linux Mint support.
• Version 2013-05-20
  • Saving is less quirky.
  • Domain names can be used in IP address line. Packet Sender will do a quick lookup to find the IP.
  • Internal libraries updated.
• Version 2012-09-12
• Public release of deskop version.

• Preinstalled Linux Kernel 3.16
• New Ubuntu 14.04.2 base
• Ruby 2.1
• Installer with LVM and Full Disk Encryption options
• Handy Thunar custom actions
• RAM wipe at shutdown/reboot
• System improvements
• Upstream components
• Bug corrections
• Performance boost
• Improved Anonymous mode
• Predisposition to ARM architecture (armhf Debian packages)
• Predisposition to BackBox Cloud platform
• New and updated hacking tools: beef-project, crunch, fang, galleta, jd-gui, metasploit-framework, pasco, pyew, rifiuti2, setoolkit, theharvester, tor, torsocks, volatility, weevely, whatweb, wpscan, xmount, yara, zaproxy

• 32-bit or 64-bit processor
• 512 MB of system memory (RAM)
• 6 GB of disk space for installation
• Graphics card capable of 800×600 resolution
• DVD-ROM drive or USB port (2 GB)

Figure 1: The new Tor Onion Menu

Figure 2: The new Security Slider

• All Platforms
  • Update Tor to 0.2.6.7 with additional patches:
    • Bug 15482: Reset timestamp_dirty each time a SOCKSAuth circuit is used
  • Update NoScript to 2.6.9.22
  • Update HTTPS-Everywhere to 5.0.3
    • Bug 15689: Resume building HTTPS-Everywhere from git tags
  • Update meek to 0.17
  • Include obfs4proxy 0.0.5
    • Use obfs4proxy for obfs2, obfs3, obfs4, and ScrambleSuit bridges
  • Pluggable Transport Dependency Updates:
    • Bug 15265: Switch go.net repo to golang.org/x/net
    • Bug 15448: Use golang 1.4.2 for meek and obs4proxy
  • Update Tor Launcher to 0.2.7.4. Changes since 0.2.7.0.2 in 4.0.8:
    • Bug 11879: Stop bootstrap if Cancel or Open Settings is clicked
    • Bug 13271: Display Bridge Configuration wizard pane before Proxy pane
    • Bug 13576: Don't strip "bridge" from the middle of bridge lines
    • Bug 13983: Directory search path fix for Tor Messanger+TorBirdy
    • Bug 14122: Hide logo if TOR_HIDE_BROWSER_LOGO set
    • Bug 14336: Fix navigation button display issues on some wizard panes
    • Bug 15657: Display the host:port of any connection faiures in bootstrap
    • Bug 15704: Do not enable network if wizard is opened
  • Update Torbutton to 1.9.2.2. Changes since 1.7.0.2 in 4.0.8:
    • Bug 3455: Use SOCKS user+pass to isolate all requests from the same url domain
    • Bug 5698: Use "Tor Browser" branding in "About Tor Browser" dialog
    • Bug 7255: Warn users about maximizing windows
    • Bug 8400: Prompt for restart if disk records are enabled/disabled.
    • Bug 8641: Create browser UI to indicate current tab's Tor circuit IPs
      • (Many Circuit UI issues were fixed during 4.5; see release changelogs for those).
        
    • Bug 9387: Security Slider 1.0
      • Include descriptions and tooltip hints for security levels
      • Notify users that the security slider exists
      • Make use of new SVG, jar, and MathML prefs
    • Bug 9442: Add New Circuit button to Torbutton menu
    • Bug 9906: Warn users before closing all windows and performing new identity.
    • Bug 10216: Add a pref to disable the local tor control port test
    • Bug 10280: Strings and pref for preventing plugin initialization.
    • Bug 11175: Remove "About Torbutton" from onion menu.
    • Bug 11236: Don't set omnibox order in Torbutton (to prevent translation)
    • Bug 11449: Fix new identity error if NoScript is not enabled
    • Bug 13019: Change locale spoofing pref to boolean
    • Bug 13079: Option to skip control port verification
    • Bug 13406: Stop directing users to download-easy.html.en on update
    • Bug 13650: Clip initial window height to 1000px
    • Bugs 13751+13900: Remove SafeCache cache isolation code in favor of C++ patch
    • Bug 13766: Set a 10 minute circuit lifespan for non-content requests
    • Bug 13835: Option to change default Tor Browser homepage
    • Bug 13998: Handle changes in NoScript 2.6.9.8+
    • Bug 14100: Option to hide NetworkSettings menuitem
    • Bug 14392: Don't steal input focus in about:tor search box
    • Bug 14429: Provide automatic window resizing, but disable for now
    • Bug 14448: Restore Torbutton menu operation on non-English localizations
    • Bug 14490: Use Disconnect search in about:tor search box
    • Bug 14630: Hide Torbutton's proxy settings tab.
    • Bug 14631: Improve profile access error msgs (strings for translation).
    • Bugs 14632+15334: Display Cookie Protections only if disk records are enabled
    • Bug 15085: Fix about:tor RTL text alignment problems
    • Bug 15460: Ensure FTP urls use content-window circuit isolation
    • Bug 15502: Wipe blob: URIs on New Identity
    • Bug 15533: Restore default security level when restoring defaults
    • Bug 15562: Bind SharedWorkers to thirdparty pref
  • Bug 3455: Patch Firefox SOCKS and proxy filters to allow user+pass isolation
  • Bug 4100: Raise HTTP Keep-Alive back to 115 second default
  • Bug 5698: Fix branding in "About Torbrowser" window
  • Bug 10280: Don't load any plugins into the address space by default
  • Bug 11236: Fix omnibox order for non-English builds
    • Also remove Amazon, eBay and bing; add Youtube and Twitter
  • Bug 11955: Backport HTTPS Certificate Pinning patches from Firefox 32
  • Bug 12430: Provide a preference to disable remote jar: urls
  • Bugs 12827+15794: Create preference to disable SVG images (for security slider)
  • Bug 13019: Prevent Javascript from leaking system locale
  • Bug 13379: Sign our MAR update files
  • Bug 13439: No canvas prompt for content callers
  • Bug 13548: Create preference to disable MathML (for security slider)
  • Bug 13586: Make meek use TLS session tickets (to look like stock Firefox).
  • Bug 13684: Backport Mozilla bug #1066190 (pinning issue fixed in Firefox 33)
  • Bug 13788: Fix broken meek in 4.5-alpha series
  • Bug 13875: Spoof window.devicePixelRatio to avoid DPI fingerprinting
  • Bug 13900: Remove 3rd party HTTP auth tokens via Firefox patch
  • Bug 14392: Make about:tor hide itself from the URL bar
  • Bug 14490: Make Disconnect the default omnibox search engine
  • Bug 14631: Improve startup error messages for filesystem permissions issues
  • Bugs 14716+13254: Fix issues with HTTP Auth usage and TLS connection info display
  • Bug 14937: Hard-code meek and flashproxy node fingerprints
  • Bug 15029: Don't prompt to include missing plugins
  • Bug 15406: Only include addons in incremental updates if they actually update
  • Bug 15411: Remove old (and unused) cacheDomain cache isolation mechanism
  • Bug 15502: Isolate blob: URI scope to URL domain; block WebWorker access
  • Bug 15562: Disable Javascript SharedWorkers due to third party tracking
  • Bug 15757: Disable Mozilla video statistics API extensions
  • Bug 15758: Disable Device Sensor APIs
• Linux
  • Bug 12468: Only print/write log messages if launched with --debug
  • Bug 13375: Create a hybrid GUI/desktop/shell launcher wrapper
  • Bug 13717: Make sure we use the bash shell on Linux
  • Bug 15672: Provide desktop app registration+unregistration for Linux
  • Bug 15747: Improve start-tor-browser argument handling
• Windows
  • Bug 3861: Begin signing Tor Browser for Windows the Windows way
  • Bug 10761: Fix instances of shutdown crashes
  • Bug 13169: Don't use /dev/random on Windows for SSP
  • Bug 14688: Create shortcuts to desktop and start menu by default (optional)
  • Bug 15201: Disable 'runas Administrator' codepaths in updater
  • Bug 15539: Make installer exe signatures reproducibly removable
• Mac
  • Bug 10138: Switch to 64bit builds for MacOS

• All Platforms
  • Update Tor to 0.2.6.7 with additional patches:
    • Bug 15482: Reset timestamp_dirty each time a SOCKSAuth circuit is used
  • Update NoScript to 2.6.9.22
  • Update HTTPS-Everywhere to 5.0.3
    • Bug 15689: Resume building HTTPS-Everywhere from git tags
  • Update meek to 0.17
  • Update obfs4proxy to 0.0.5
  • Update Tor Launcher to 0.2.7.4
    • Bug 15704: Do not enable network if wizard is opened
    • Bug 11879: Stop bootstrap if Cancel or Open Settings is clicked
    • Bug 13576: Don't strip "bridge" from the middle of bridge lines
    • Bug 15657: Display the host:port of any connection faiures in bootstrap
  • Update Torbutton to 1.9.2.2
    • Bug 15562: Bind SharedWorkers to thirdparty pref
    • Bug 15533: Restore default security level when restoring defaults
    • Bug 15510: Close Tor Circuit UI control port connections on New Identity
    • Bug 15472: Make node text black in circuit status UI
    • Bug 15502: Wipe blob URIs on New Identity
    • Bug 15795: Some security slider prefs do not trigger custom checkbox
    • Bug 14429: Disable automatic window resizing for now
  • Bug 4100: Raise HTTP Keep-Alive back to 115 second default
  • Bug 13875: Spoof window.devicePixelRatio to avoid DPI fingerprinting
  • Bug 15411: Remove old (and unused) cacheDomain cache isolation mechanism
  • Bugs 14716+13254: Fix issues with HTTP Auth usage and TLS connection info display
  • Bug 15502: Isolate blob URI scope to URL domain; block WebWorker access
  • Bug 15794: Crash on some pages with SVG images if SVG is disabled
  • Bug 15562: Disable Javascript SharedWorkers due to third party tracking
  • Bug 15757: Disable Mozilla video statistics API extensions
  • Bug 15758: Disable Device Sensor APIs
• Linux
  • Bug 15747: Improve start-tor-browser argument handling
  • Bug 15672: Provide desktop app registration+unregistration for Linux
• Windows
  • Bug 15539: Make installer exe signatures reproducibly removable
  • Bug 10761: Fix instances of shutdown crashes  

• SSID: The name of the network.
• MAC Address: MAC address of the router.
• PHY Type: The PHY type for this network - 802.11a, 802.11g, 802.11n, or High-Rate DSSS
• RSSI: The received signal strength indicator value, in units of decibels referenced to 1.0 milliwatts (dBm), as detected by the wireless LAN interface driver for the AP or peer station.
• Signal Quality: A number between 0 and 100 that represents the quality of the signal.
• Frequency: The channel center frequency of the band on which the 802.11 Beacon or Probe Response frame was received. The value of this column is in units of Gigahertz (GHz).
• Channel: Channel number used by this wireless network.
• Information Size:The total size (in bytes) of all Wi-Fi information elements received from this wireless network.
• Elements Count: The total number of Wi-Fi information elements received from this wireless network.
• Company: The company that manufactured the router, according to the 3 first bytes of the MAC address.
• Router Model: The model of the router. This value is displayed only for routers that provide this information inside the Wi-Fi information elements.
• Router Name: The name of the router. This value is displayed only for routers that provide this information inside the Wi-Fi information elements.
• Security: Specifies whether the network is secured (Yes/No).
• Maximum Speed: The maximum speed (in Mbps) that you can get when connecting to this wireless network.
• First Detection: The first date/time that this network was detected.
• Last Detection: The last date/time that this network was detected.
• Detection Count: The number of times that this network was detected.  

• ASP
• JSP
• Perl
• PHP
• Python
• Other (looks for suspicious comments, etc)

graudit /path/to/scan

  -A scan ALL files
  -c  number of lines of context to display, default is 2
  -d  database to use
  -h prints a short help text
  -i case in-sensitive search
  -l lists databases available
  -L vim friendly lines
  -v prints version number
  -x exclude these files
  -z supress colors
  -Z high contrast colors

• IP Address: IP Address of the device or computer.
• Device Name: The name of the device or computer. This field may remain empty if the computer or the device doesn't provide its name.
• MAC Address: The MAC address of the network adapter.
• Network Adapter Company:The company that manufactured the network adapter, according to the MAC Address. This column can help you to detect the type of the device or computer. For example, if the company name is Apple, the device is probably a Mac computer, iPhone, or iPad. 
  if the company name is Nokia, the device is probably a cellular phone of Nokia.
  
  
  By default, this utility uses an internal MAC addresses database stored inside the .exe file, but it's not always updated with the latest MAC address assignments. 
  You can manually download the latest MAC addresses file from http://standards.ieee.org/develop/regauth/oui/oui.txtand then put oui.txt in the same folder where WNetWatcher.exe is located. When you run WNetWatcher.exe, it'll automatically load and use the external oui.txt instead of the internal MAC addresses database.
• Device Information:This column displays 'Your Computer' if the device is the computer that you currently use. This column displays 'Your Router' if the device is the wireless router.
• User Text:You can assign your own text to any device detected by WNetWatcher. By default, this field is filled with the device name. In order to change the User Text, simply double-click the item and type the desired text.
• Active:Specifies whether this device is currently active. When a device is not detected anymore, the 'Active' value is turned from 'Yes' to 'No'

• git clone https://github.com/TecnoHack/Password-Cracking-Suite.git
• chmod +x csuit.py
• ./csuit.py

http://www.moehre.org/bruteforce.html
http://cyberwarzone.com/cyberwarfare/password-cracking-mega-collection-password-cracking-word-lists
http://www.packetstormsecurity.org/Crackers/wordlists/
http://www.theargon.com/achilles/wordlists/
http://www.openwall.com/wordlists/
http://www.outpost9.com/files/WordLists.html

• Hash-Indentifier --> https://code.google.com/p/hash-identifier/
• Findmyhash --> https://code.google.com/p/findmyhash/
• John The Ripper --> http://www.openwall.com/john/
• Crunch --> http://sourceforge.net/projects/crunch-wordlist/

afs bf bfegg bsdi crc32 crypt
des django dmd5 dominosec dragonfly3-32 dragonfly3-64
dragonfly4-32 dragonfly4-64 drupal7 dummy dynamic_n
epi episerver gost hdaa hmac-md5 hmac-sha1
hmac-sha224 hmac-sha256 hmac-sha384 hmac-sha512
hmailserver ipb2 keepass keychain krb4 krb5 lm lotus5
md4-gen md5 md5ns mediawiki mscash mscash2 mschapv2
mskrb5 mssql mssql05 mysql mysql-sha1 nethalflm netlm
netlmv2 netntlm netntlmv2 nsldap nt nt2 odf office
oracle oracle11 osc pdf phpass phps pix-md5 pkzip po
pwsafe racf rar raw-md4 raw-md5 raw-md5u raw-sha
raw-sha1 raw-sha1-linkedin raw-sha1-ng raw-sha224
raw-sha256 raw-sha384 raw-sha512 salted-sha1 sapb
sapg sha1-gen sha256crypt sha512crypt sip ssh
sybasease trip vnc wbb3 wpapsk xsha xsha512 zip

• CMS version detection by: check sums, string matching and extraction
• Lists detected package and platform versions such as asp.net, php, openssl, apache
• Detects JavaScript libraries
• Operation system fingerprinting by matching php, apache and other packages against a values in wig's database
• Checks for files of interest such as administrative login pages, readmes, etc
• Currently the wig's databases include 28,000 fingerprints
• Reuse information from previous runs (save the cache)
• Implement a verbose option
• Remove dependency on 'requests'
• Support for proxy
• Proper threading support
• Included check for known vulnerabilities

usage: wig.py [-h] [-l INPUT_FILE] [-n STOP_AFTER] [-a] [-m] [-u]
              [--no_cache_load] [--no_cache_save] [-N] [--verbosity]
              [--proxy PROXY] [-w OUTPUT_FILE]
              [url]

WebApp Information Gatherer

positional arguments:
  url              The url to scan e.g. http://example.com

optional arguments:
  -h, --help       show this help message and exit
  -l INPUT_FILE    File with urls, one per line.
  -n STOP_AFTER    Stop after this amount of CMSs have been detected. Default:
                   1
  -a               Do not stop after the first CMS is detected
  -m               Try harder to find a match without making more requests
  -u               User-agent to use in the requests
  --no_cache_load  Do not load cached responses
  --no_cache_save  Do not save the cache for later use
  -N               Shortcut for --no_cache_load and --no_cache_save
  --verbosity, -v  Increase verbosity. Use multiple times for more info
  --proxy PROXY    Tunnel through a proxy (format: localhost:8080)
  -w OUTPUT_FILE   File to dump results into (JSON)

$ ./wig.py example.com

dP   dP   dP    dP     .88888.
88   88   88    88    d8'   `88
88  .8P  .8P    88    88
88  d8'  d8'    88    88   YP88
88.d8P8.d8P     88    Y8.   .88
8888' Y88'      dP     `88888'

  WebApp Information Gatherer

Redirected to http://www.example.com. Continue? [Y|n]:

TITLE
--- HTML TITLE ---

IP
255.255.255.256



SOFTWARE                  VERSION                           CATEGORY
Drupal                    7.28 | 7.29 | 7.30 | 7.31 | 7.32  CMS
ASP.NET                   4.0.30319.18067                   Platform
Microsoft-HTTPAPI         2.0                               Platform
Microsoft-IIS             6.0 | 7.0 | 7.5 | 8.0             Platform
Microsoft Windows Server  2003 SP2 | 2008 | 2008 R2 | 2012  Operating System

SOFTWARE                  VULNERABILITIES                   LINK
Drupal 7.28               7                                 http://cvedetails.com/version/169265
Drupal 7.29               3                                 http://cvedetails.com/version/169917
Drupal 7.30               3                                 http://cvedetails.com/version/169916

URL                       NOTE                              CATEGORY
/login/                   Test directory                    Interesting URL
/login/index_form.html    ASP.NET detailed error            Interesting URL
/robots.txt               robots.txt index                  Interesting URL
/test/                    Test directory                    Interesting URL
_______________________________________________________________________________
Time: 15.7 sec            Urls: 351                         Fingerprints: 28989

• Detect misconfigurations and vulnerabilities in OS, server applications, network services, and protocols
• Assess security of detected devices (routers, hardware firewalls, switches and printers)
• Scan for trojans, backdoors, rootkits, and other malware that can be detected remotely
• Test for weak passwords on FTP, IMAP, SQL servers, POP3, Socks, SSH, Telnet
• Check for DNS server vulnerabilities such as Open Zone Transfer, Open Recursion and Cache Poisoning
• Test FTP access such as anonymous access potential and a list of writable FTP directories
• Check for badly configured Proxy Servers, weak SNMP Community Strings, weak SSL ciphers and many other security weaknesses.

1. Raw Sockets (Only for Windows 2000/XP or greater): Allows you to capture TCP/IP packets on your network without installing a capture driver. This method has some limitations and problems.
2. WinPcap Capture Driver: Allows you to capture TCP/IP packets on all Windows operating systems. (Windows 98/ME/NT/2000/XP/2003/Vista) In order to use it, you have to download and install WinPcap Capture Driver from this Web site. (WinPcap is a free open-source capture driver.) 
   This method is generally the preferred way to capture TCP/IP packets with SmartSniff, and it works better than the Raw Sockets method.
3. Microsoft Network Monitor Driver (Only for Windows 2000/XP/2003): Microsoft provides a free capture driver under Windows 2000/XP/2003 that can be used by SmartSniff, but this driver is not installed by default, and you have to manually install it, by using one of the following options:
   • Option 1: Install it from the CD-ROM of Windows 2000/XP according to the instructions in Microsoft Web site
   • Option 2 (XP Only) : Download and install the Windows XP Service Pack 2 Support Tools. One of the tools in this package is netcap.exe. When you run this tool in the first time, the Network Monitor Driver will automatically be installed on your system.
4. Microsoft Network Monitor Driver 3: Microsoft provides a new version of Microsoft Network Monitor driver (3.x) that is also supported under Windows 7/Vista/2008. Starting from version 1.60, SmartSniff can use this driver to capture the network traffic. 
   The new version of Microsoft Network Monitor (3.x) is available to download from Microsoft Web site. 
   Notice:If WinPcap is installed on your system, and you want to use the Microsoft Network Monitor Driver method, it's recommended to run SmartSniff with /NoCapDriver, because the Microsoft Network Monitor Driver may not work properly when WinPcap is loaded too.   

• The upper pane: you can select one or more items in the upper pane, and then copy them to the clipboard (You can paste the copied items into Excel or into spreadsheet of OpenOffice.org) or save them to text/HTML/XML file (by using 'Save Packet Summaries').
• The lower pane: You can select any part of the TCP/IP streams (or select all text, by using Ctrl+A), copy the selected text to the clipboard, and then paste it to Notepad, Wordpad, MS-Word or any other editor. When you paste the selected streams to document of Wordpad, OpenOffice.org, or MS-Word, the colors are also transferred. 
  Your can also export the TCP/IP streams to text file, HTML file, or raw data file, by using "Export TCP/IP Streams" option. 

• Display only packets with remote tcp port 80 (Web sites): 
  include:remote:tcp:80
• Display only packets with remote tcp port 80 (Web sites) and udp port 53 (DNS): 
  include:remote:tcp:80 
  include:remote:udp:53
• Display only packets originated from the following IP address range: 192.168.0.1 192.168.0.100: 
  include:remote:all:192.168.0.1-192.168.0.100
• Display only TCP and UDP packets that use the following port range: 53 - 139: 
  include:both:tcpudp:53-139
• Filter most BitTorrent packets (port 6881): 
  exclude:both:tcpupd:6881
• Filter all ICMP packets (Ping/Traceroute activity): 
  exclude:both:icmp

• Process information is only displayed for TCP packets (It doesn't work with UDP)
• Process information may not be displayed for TCP connections that closed after short period of time.
• Retrieving process information consume more CPU resources and may slow down your computer. It's not recommended to use this feature if you have intensive network traffic.
• Process information is currently not saved in ssp file.

• Stores informations about users in elegant output
• Website spoofing
• Redirects
• BeEF & Metasploit compatibility
• Email notification
• Diffrent reaction for javascript disabled browser
• One file composition

• Website spoofing (more stable & better for autopwn & beef):
• Redirect (better for quick ip catching):

goo.gl/urlink -> evilhost/x.php -> site.com/kitty.png

• Cross Site Scripting (inclusion)