Image may be NSFW. Clik here to view.Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.
Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process.
Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can detect changes caused while travelling through the paths of a web application’s cyclomatic complexity.
This way attack/input vectors that would otherwise be undetectable by non-humans are seamlessly handled by Arachni.
Changelog v0.4.3
Framework (v0.4.3)
Stable multi-Instance scans, taking advantage of SMP/Grid architectures for higher efficiency and performance.
Automated Grid load-balancing.
Platform fingerprinting for tailor-made audits resulting in less bandwidth consumption, less server stress and smaller scan runtimes.
Web User Interface (v0.4.1)
Support for PostgreSQL.
Support for importing data and configuration from the previous 0.4.2-0.4 packages.
Packages
Downgraded to require GLIBC >= 2.12 for improved portability.
Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology they are built on, just like an actual attacker.
It can identify web application vulnerabilities like SQL Injection, Cross-site Scripting (XSS), Remote Code Execution and many more. It has exploitation built on it, for example you can get a reverse shell out of an identified SQL Injection or extract data via running custom SQL queries.
Changelog v3.0.2.0
New Features
Scan Policy Editor that allows you to build own scan policies for more efficient web application security scans.
Oracle CHR encoding and decoding facility in the Encoder pane
Support for multiple exclude and include URL patterns which can also be specified in REGEX
Knowledge base node where additional information about the scanned website is reported to the user
New PCI Compliance Report template
New Security Tests
Ruby on Rails Remote Code Execution vulnerability
Off the shelf Web Application Fingerprinting and detection of known security issues (Such as WordPress, Joomla and Drupal)
Version disclosure checks for Apache module mod_ssl, Ruby and WEBrick HTTP web server
Identification of phpMyAdmin and Webalizer
Detection of SHTML error messages that could disclose sensitive information
New WebDAV engine that detects WebDAV implementation security issues and vulnerabilities
Server-Side Includes (SSI) Injection checks
Improvements
Default include and exclude URL pattern has been improved
DOM Parser now supports proxies and client certification support
The performance of the Controlled Scan user interface has been improved
HTTP Response text editor automatically scrolls to the first highlighted text when viewed
Improved vulnerability classifications
Vulnerability templates text has been improved
Updated the look and feel of the vulnerability templates
Version vulnerability database updated with new web applications version for better finger printing
Cross-site scripting exploit generation improved
Improved confirmed vulnerability representation on Detailed Scan Report
Internal Path Disclosure for Windows and Unix security tests have been improved
Improved version disclosure security tests for Perl and ASP.NET MVC
Start a Scan user interface by moving rarely used settings to Netsparker general settings
Improved the performance of security scans which are started using the same Netsparker process
Scope documentation text has been updated
Updated WASC links to point to the exact threat classification page
Improved custom 404 detection on sites where the start URL is redirected
Bug Fixes
Fixed a bug in XSS report templates where plus char encoding was wrong
Fixed a bug which causes multibyte unicode characters to be corrupted upon retrieval
Fixed a bug where “Auto Complete Enabled” isn’t reported
Fixed a bug where Community Edition was asking for exporting sessions
Fixed a bug causes redundant responses to be stored on redirects
Fixed a bug causing a NullReferenceException during reporting
Fixed a bug where custom cookies are not preserved when an exported session is imported
Fixed a bug on report templates where extra fields were missing when there are multiple fields
Fixed the radio button overlap issue on Encoder panel for high DPIs
Fixed an issue where CSRF tokens weren’t applied for time based (blind) engines in late confirmation
Fixed an issue where data grids on Settings dialog were preventing to cancel the dialog when an invalid row is present
Fixed an issue where some logouts occurred on attack phase couldn’t be detected
Fixed a bug which causes requests to URLs containing text HTMLElementInputClass
Fixed a bug where the injection request/response could be clipped wrong in the middle of HTML tags
Fixed the size of the Configure Authentication wizard for higher DPIs
Fixed an issue with CLI interpretation where built-in profiles couldn’t be specified
Fixed the COMException thrown on Configure Authentication wizard on pages that contain JavaScript calls to window.close()
Fixed clipped text issue on scan summary dashboard severity bar chart
Fixed the anchors to vulnerability details in OWASP Top Ten 2010 report template
Fixed incorrect buttons sizes on message dialogs on high DPI settings
Fixed a startup crash which occurs on systems where “Use FIPS compliant algorithms for encryption, hashing, and signing” group policy setting is enabled
Fixed click sounds on vulnerability view tab
Fixed an issue where find next button was not working on HTTP Request / Response tab
Fixed a bug on Configure Authentication wizard occurs when the response contains multiple headers with same names
Note: Due to major updates to the scan files, Netsparker version 3 cannot open scans exported with previous versions of Netsparker (.nss files).
MAC Address Scanner is the free desktop tool to remotely scan and find MAC Address of all systems on your local network.
It allows you to scan either a single host or range of hosts
at a time. During the scan, it displays the current status for each
host. After the completion, you can generate detailed scan report in HTML/XML/TEXT format.
Note that you can find MAC address for all systems within your subnet only. For all others, you will see the MAC address of the Gateway or Router.
On certain secure WiFi configurations with MAC filtering enabled, this tool can help Pentesters to find out active MAC addresses and then use them to connect to such wireless network.
Being GUI based tool makes it very easy to use for all level of users including beginners.
The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated
penetration testing tool for finding vulnerabilities in web
applications.
It is designed to be used by people with a wide
range of security experience and as such is ideal for developers and
functional testers who are new to penetration testing as well as being a
useful addition to an experienced pen testers toolbox.
Hash Console is the all-in-one command-line based tool
to quickly generate more than 15 different type of hashes. It can
generate hash for any given file or simple text.
Hashes or checksums are used for multiple purposes including file integrity verification, encryption, password storage etc. Hash Console help you easily and quickly quickly computing the hash for given file or text.
Currently it supports following popular hash types
MD5 family (md2, md4, md5)
SHA family (sha1, sha256, sha384, sha512)
BASE64
ROT13
CRC32
ADLER32
HAVAL256
LM
NTLM
RIPEMD160
WHIRLPOOL
Being a command-line tool makes it ideal for automation and easy to use on remote systems.
HconSTF is Open Source Penetration Testing Framework based on different
browser technologies, Which helps any security professional to assists
in the Penetration testing or vulnerability scanning
assessments.contains webtools which are powerful in doing xss(cross site
scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even
useful to anybody interested in information security domain - students,
Security Professionals,web developers, manual vulnerability assessments
and much more.
Image may be NSFW. Clik here to view.The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine.
This engine is not intended to just replace or emulate the existing
tools in the industry, but will bring new ideas and technologies to the
field.
OISF is part of and funded by the Department of Homeland Security's Directorate for Science and Technology HOST program (Homeland Open Security Technology), by the the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as through the very generous support of the members of the OISF Consortium. More information about the Consortium is available, as well as a list of our current Consortium Members.
The Suricata Engine and the HTP Library are available to use under the GPLv2.
The HTP Library is an HTTP normalizer and parser written by Ivan Ristic of Mod Security fame
for the OISF. This integrates and provides very advanced processing of
HTTP streams for Suricata. The HTP library is required by the engine,
but may also be used independently in a range of applications and
tools.
The Social-Engineer Toolkit (SET) version 5.2 codename “Urban Camping” has been released. This version adds a complete rewrite of the PowerShell injection techniques within SET and incorporates an automatic process downgrade attack detailed here: https://www.trustedsec.com/may-2013/native-powershell-x86-shellcode-injection-on-64-bit-platforms/. The attack will automatically detect if PowerShell is installed, then detect what platform its running on. If 64 bit is detected, it will automatically downgrade the process to a 32 bit process for native shellcode injection.
Changelog
* incorporated the new x86 PowerShell downgrade attack. This will automatically use x86 shellcode regardless of operating system. (https://www.trustedsec.com/may-2013/native-powershell-x86-shellcode-injection-on-64-bit-platforms/)
* changed platform detection from if($env:PROCESSOR_ARCHITECTURE -eq “AMD64″) to [IntPtr]::Size -eq 6 (thanks Matthew Graeber)
* rewrote payload generator in powershell menu to use new process downgrade attack
* rewrote java applet to use the new process downgrade attack
* rewrote powershell generation within setcore to use the powershell downgrade attack
* changed the default Java Applet wording to “Applet verified as safe (TRUSTED)”.
* fixed a bug that would cause SQL bruter to error out when specifying a single host and the host was not alive
* fixed a bug that would allow you use web templates with webjacking and tabnabbing which it should not have
* removed old encoding methods when using standard metasploit executables
* fixed an issue that would not allow SSL and harvester to work correctly – this required manually patching socket.py and keeping a patched version in the root directory upon launch. This is due to a bug in pyopenssl and unhandled packet handling within socket.py
* added more stability to the SSL harvester when using pem certificate files
* added powershell downgrade attack to psexec powershell attack
* added ExitOnSession to false when using psexec command
* added set EnableStageEncoding true when using psexec command for stager encoding with shikata
* added better stability to the powershell injection attacks with multiple detection points
* fixed an issue that would cause an error message when reusing credential harvester
* added proper cleanup on new socket.py – has to be in SET root – weird issue when os.chdir or sys.path.append – doesn’t recognize
* removed man left in the middle from the web attacks menu
* streched the text on the menu to be full line versus manual splitting
* added new code and binary for pyinjector to evade AV
* added new code and binary for multipyinjector to evade AV
* officially removed the “set” command and moved to se-toolkit, set was a linux command and conflicted – use se-toolkit from here on out
* simplified the replace code for the shellcode powershell injection technique in setcore
* improved string encryption on the java applet attack
* added -noprofile flag option to powershell injection for x86 downgrade attack
* slimmed down the code used for the powershell injection attacks, allows more space for shellcode
Gmail Password Dump is the command-line tool to instantly recover your lost gmail password from various Google applications as well as popular web browsers and messengers.
Currently it can recover your Gmail password from following applications,
Google Talk
Google Picassa
Google Desktop Seach
Gmail Notifier
Firefox
Internet Explorer
Google Chrome
Chrome Canary/SXS
CoolNovo Browser
Opera Browser
Apple Safari
Flock Browser
SeaMonkey Browser
Comodo Dragon Browser
Paltalk Messenger
Pidgin Messenger
Miranda Messenger
It automatically discovers installed applications on your system and recovers all the stored google account passwords within seconds.
Being command-line tool makes it ideal tool for penetration testers and forensic investigators. For GUI version check out the Google Password Decryptor.
OWASP Xenotix XSS Exploit Framework
es un herramienta para detectar errores de Cross Site Scripting (XSS).
Xenotic ofrece un scanner triple para los motores de renderizado Trident de IE, WebKit de Chrome, Safari y Opera y Gecko de Mozilla Firefox y tiene más de 1.500 payloads distintivos para detectar eficientemente vulnerabilidades XSS y sobrepasar los WAF más utilizados.
Además, incorpora un módulo de recopilación de información para realizar
reconocimiento del objetivo e incluye módulos de explotación ofensivos
para realizar pruebas de penetración y pruebas de concepto sobre el
mismo.
Módulos de escaneo
Manual Mode Scanner
Auto Mode Scanner
DOM Scanner
Multiple Parameter Scanner
POST Request Scanner
Header Scanner
Fuzzer
Hidden Parameter Detector
Information Gathering
Victim Fingerprinting
Browser Fingerprinting
Browser Features Detector
Ping Scan
Port Scan
Internal Network Scan
Explotación
Send Message
Cookie Thief
Phisher
Tabnabbing
Keylogger
HTML5 DDoSer
Executable Drive By
JavaScript Shell
Reverse HTTP WebShell
Drive-By Reverse Shell
Metasploit Browser Exploit
Firefox Reverse Shell Addon (Persistent)
Firefox Session Stealer Addon (Persistent)
Firefox Keylogger Addon (Persistent)
Firefox DDoSer Addon (Persistent)
Firefox Linux Credential File Stealer Addon (Persistent)
Firefox Download and Execute Addon (Persistent)
Utilidades
WebKit Developer Tools
Payload Encoder
Desde aquí se puede descargar el paper de su autor, ver los videos introductorios y la herramienta.
Twitter Password Decryptor is the
FREE software to instantly recover Twitter account passwords stored
by popular web browsers.
Most web browsers store the login passwords for visited
websites so that user don't have to remember and enter the password
every time. Each of these web browsers use their own proprietary
encryption mechanism to store the login passwords including Twitter
account passwords.
TwitterPasswordDecryptor automatically crawls through
each of these browsers and instantly recovers all of the stored Twitter
passwords. It supports both GUI interface as well as command
line version making it very useful tool for Penetration
testers & Forensic investigators.
It currently supports recovering
of the stored Twitter account password from following popular Internet browsers.
Internet Explorer
Firefox
Google Chrome
Chrome SXS/Canary
CoolNovo Browser
Opera Browser
Apple Safari
Flock Browser
Comodo Dragon Browser
SeaMonkey Browser
Here are the main features
Instantly decrypt and recover stored encrypted Twitter account
password from Popular Web browsers.
Comes with both GUI interface as well as Command-line
version.
Automatically discovers the supported
applications from their respective install location and recovers the
password instantly.
Sort feature to arrange the displayed
password list by username and password which makes it easy to search
through 100's of entries.
Save the recovered Twitter
password list to HTML/XML/Text file
Easier and faster to use with its enhanced user
friendly interface.
It comes with Installer for
helping you in local Installation & Uninstallation.
* Moved the license from GPLv3 to AGPLv3 (see LICENSE file) * Added module for Asterisk Call Manager * Added support for Android where some functions are not available * hydra main: - reduced the screen output if run without -h, full screen with -h - fix for ipv6 and port parsing with service://[ipv6address]:port/OPTIONS - fixed -o output (thanks to www417) - warning if HYDRA_PROXY is defined but the module does not use it - fixed an issue with large input files and long entries * hydra library: - SSL connections are now fixed to SSLv3 as some SSL servers fail otherwise, report if this gives you problems - removed support for old OPENSSL libraries * HTTP Form module: - login and password values are now encoded if special characters are present - ^USER^ and ^PASS^ are now also supported in H= header values - if you the colon as a value in your option string, you can now escape it with \: - but do not encode a \ with \\ * Mysql module: protocol 10 is now supported * SMTP, POP3, IMAP modules: Disabled the TLS in default. TLS must now be defined as an option "TLS" if required. This increases performance. * Cisco module: fixed a small bug (thanks to Vitaly McLain) * Postgres module: libraries on Cygwin are buggy at the moment, module is therefore disabled on Cygwin
1. The source code of state-of-the-art Hydra: hydra-7.5.tar.gz (compiles on all UNIX based platforms - even MacOS X, Cygwin on Windows, ARM-Linux, Android, etc.)
2. The source code of the stable tree of Hydra ONLY in case v7 gives you problems on unusual and old platforms: hydra-5.9.1-src.tar.gz
3. The Win32/Cywin binary release: --- not anymore --- Install cygwin from http://www.cygwin.com and compile it yourself. If you do not have cygwin installed - how do you think you will do proper securiy testing? duh ...Image may be NSFW. Clik here to view.
Pytbull is an Intrusion Detection/Prevention System (IDS/IPS) Testing
Framework for Snort, Suricata and any IDS/IPS that generates an alert
file. It can be used to test the detection and blocking capabilities of
an IDS/IPS and to validate config.
RIPS is a tool written in PHP to find
vulnerabilities in PHP applications using static code analysis. By
tokenizing and parsing all source code files RIPS is able to transform
PHP source code into a program model and to detect sensitive sinks
(potentially vulnerable functions) that can be tainted by userinput
(influenced by a malicious user) during the program flow. Besides the
structured output of found vulnerabilities RIPS also offers an
integrated code audit framework for further manual analysis.
vulnerabilities
Code Execution
Command Execution
Cross-Site Scripting
Header Injection
File Disclosure
File Inclusion
File Manipulation
LDAP Injection
SQL Injection
Unserialize with POP
XPath Injection
... other
code audit interface
scan and vulnerability statistics
grouped vulnerable code lines (bottom up or top down)
vulnerability description with example code, PoC, patch
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.
