• Protocols supported: HTTP, SIP, IMAP, POP, SMTP, TCP, UDP, IPv6, …;
• Port Independent Protocol Identification (PIPI) for each application protocol;
• Multithreading;
• Output data and information in SQLite database or Mysql database and/or files;
• At each data reassembled by Xplico is associated a XML file that uniquely identifies the flows and the pcap containing the data reassembled;
• Realtime elaboration (depends on the number of flows, the types of protocols and by the performance of computer -RAM, CPU, HD access time, …-);
• TCP reassembly with ACK verification for any packet or soft ACK verification;
• Reverse DNS lookup from DNS packages contained in the inputs files (pcap), not from external DNS server;
• No size limit on data entry or the number of files entrance (the only limit is HD size);
• IPv4 and IPv6 support;
• Modularity. Each Xplico component is modular. The input interface, the protocol decoder (Dissector) and the output interface (dispatcher) are all modules;
• The ability to easily create any kind of dispatcher with which to organize the data extracted in the most appropriate and useful to you;

SOURCE CODE ORGANIZATION

MAIN FILES

--core
¬Setting.py         --- Setting variables
¬design.py          --- Design template
¬Errors.py          --- Error Debug
¬ping.py            --- Funcitons
--scripts
¬__init__.py        --- Modules List

REQUIREMENTS

INSTALLATION 

git clone https://github.com/RedToor/katana.git
cd Katana
chmod 777 install.py
python install.py

USAGE Commands

Stable ------------------------------------------------------------------
./sudo ktf.console                                   98% Builded - Enabled
./sudo ktf.run -m net/arpspoof                       95% Builded - Enabled
Building ----------------------------------------------------------------
ktf.lab                                              30% Builded - No yet.
ktf.linker -m web/whois -t google.com -p 80          80% Builded - No yet.

MODULES (SCRIPTS)

LINKS

Project in SF : http://sourceforge.net/projects/katanas/files/
Documentation: https://github.com/RedToor/Katana/tree/master/doc
Blog of project[ES]: http://cave-rt.blogspot.com.co/2015/07/instalacion-y-uso-katana-framework.html

SpiderFoot is an open source intelligence automation tool. Its goal is to automate the process of gathering intelligence about a given target.

1. If you are a pen-tester, SpiderFoot will automate the reconnaisance stage of the test, giving you a rich set of data to help you pin-point areas of focus for the test.
   
2. Understand what your network/organisation is openly exposing to the outside world. Such information in the wrong hands could be a significant risk.
   
3. SpiderFoot can also be used to gather threat intelligence about suspected malicious IPs you might be seeing in your logs or have obtained via threat intelligence data feeds.

• Utilises a shedload of data sources; over 40 so far and counting, including SHODAN, RIPE, Whois, PasteBin, Google, SANS and more.
  
• Designed for maximum data extraction; every piece of data is passed on to modules that may be interested, so that they can extract valuable information. No piece of discovered data is saved from analysis.
  
• Runs on Linux and Windows. And fully open-source so you can fork it on GitHub and do whatever you want with it.
  
• Visualisations. Built-in JavaScript-based visualisations or export to GEXF/CSV for use in other tools, like Gephi for instance.
  
• Web-based UI. No cumbersome CLI or Java to mess with. Easy to use, easy to navigate. Take a look through the gallery for screenshots.
  
• Highly configurable. Almost every module is configurable so you can define the level of intrusiveness and functionality.
  
• Modular. Each major piece of functionality is a module, written in Python. Feel free to write your own and submit them to be incorporated!
  
• SQLite back-end. All scan results are stored in a local SQLite database, so you can play with your data to your heart’s content.
  
• Simultaneous scans. Each footprint scan runs as its own thread, so you can perform footprinting of many different targets simultaneously.
  
• So much more.. check out the documentation for more information.

• brute force passwords in auth forms
• directory disclosure ( use PATH list to brute, and find HTTP status code )
• test list on input to find SQL Injection and XSS vulnerabilities

$ git clone https://github.com/CoolerVoid/0d1n/

$ sudo apt-get install libcurl-dev

$ sudo yum install libcurl-devel
$ make
$./0d1n

Features

• Worlds fastest password cracker
• Worlds first and only GPGPU based rule engine
• Free
• Open-Source
• Multi-GPU (up to 128 gpus)
• Multi-Hash (up to 100 million hashes)
• Multi-OS (Linux & Windows native binaries)
• Multi-Platform (OpenCL & CUDA support)
• Multi-Algo (see below)
• Low resource utilization, you can still watch movies or play games while cracking
• Focuses highly iterated modern hashes
• Focuses dictionary based attacks
• Supports distributed cracking
• Supports pause / resume while cracking
• Supports sessions
• Supports restore
• Supports reading words from file
• Supports reading words from stdin
• Supports hex-salt
• Supports hex-charset
• Built-in benchmarking system
• Integrated thermal watchdog
• ... and much more

Attack-Modes

• Straight ^*
• Combination
• Brute-force
• Hybrid dict + mask
• Hybrid mask + dict

Algorithms

• MD4
• MD5
• Half MD5 (left, mid, right)
• SHA1
• SHA-256
• SHA-384
• SHA-512
• SHA-3 (Keccak)
• SipHash
• RipeMD160
• Whirlpool
• GOST R 34.11-94
• GOST R 34.11-2012 (Streebog) 256-bit
• GOST R 34.11-2012 (Streebog) 512-bit
• Double MD5
• Double SHA1
• md5($pass.$salt)
• md5($salt.$pass)
• md5(unicode($pass).$salt)
• md5($salt.unicode($pass))
• md5(sha1($pass))
• md5($salt.md5($pass))
• md5($salt.$pass.$salt)
• md5(strtoupper(md5($pass)))
• sha1($pass.$salt)
• sha1($salt.$pass)
• sha1(unicode($pass).$salt)
• sha1($salt.unicode($pass))
• sha1(md5($pass))
• sha1($salt.$pass.$salt)
• sha256($pass.$salt)
• sha256($salt.$pass)
• sha256(unicode($pass).$salt)
• sha256($salt.unicode($pass))
• sha512($pass.$salt)
• sha512($salt.$pass)
• sha512(unicode($pass).$salt)
• sha512($salt.unicode($pass))
• HMAC-MD5 (key = $pass)
• HMAC-MD5 (key = $salt)
• HMAC-SHA1 (key = $pass)
• HMAC-SHA1 (key = $salt)
• HMAC-SHA256 (key = $pass)
• HMAC-SHA256 (key = $salt)
• HMAC-SHA512 (key = $pass)
• HMAC-SHA512 (key = $salt)
• PBKDF2-HMAC-MD5
• PBKDF2-HMAC-SHA1
• PBKDF2-HMAC-SHA256
• PBKDF2-HMAC-SHA512
• MyBB
• phpBB3
• SMF
• vBulletin
• IPB
• Woltlab Burning Board
• osCommerce
• xt:Commerce
• PrestaShop
• Mediawiki B type
• Wordpress
• Drupal
• Joomla
• PHPS
• Django (SHA-1)
• Django (PBKDF2-SHA256)
• EPiServer
• ColdFusion 10+
• Apache MD5-APR
• MySQL
• PostgreSQL
• MSSQL
• Oracle H: Type (Oracle 7+)
• Oracle S: Type (Oracle 11+)
• Oracle T: Type (Oracle 12+)
• Sybase
• hMailServer
• DNSSEC (NSEC3)
• IKE-PSK
• IPMI2 RAKP
• iSCSI CHAP
• Cram MD5
• MySQL Challenge-Response Authentication (SHA1)
• PostgreSQL Challenge-Response Authentication (MD5)
• SIP Digest Authentication (MD5)
• WPA
• WPA2
• NetNTLMv1
• NetNTLMv1 + ESS
• NetNTLMv2
• Kerberos 5 AS-REQ Pre-Auth etype 23
• Netscape LDAP SHA/SSHA
• LM
• NTLM
• Domain Cached Credentials (DCC), MS Cache
• Domain Cached Credentials 2 (DCC2), MS Cache 2
• MS-AzureSync PBKDF2-HMAC-SHA256
• descrypt
• bsdicrypt
• md5crypt
• sha256crypt
• sha512crypt
• bcrypt
• scrypt
• OSX v10.4
• OSX v10.5
• OSX v10.6
• OSX v10.7
• OSX v10.8
• OSX v10.9
• OSX v10.10
• AIX {smd5}
• AIX {ssha1}
• AIX {ssha256}
• AIX {ssha512}
• Cisco-ASA
• Cisco-PIX
• Cisco-IOS
• Cisco $8$
• Cisco $9$
• Juniper IVE
• Juniper Netscreen/SSG (ScreenOS)
• Android PIN
• GRUB 2
• CRC32
• RACF
• Radmin2
• Redmine
• Citrix Netscaler
• SAP CODVN B (BCODE)
• SAP CODVN F/G (PASSCODE)
• SAP CODVN H (PWDSALTEDHASH) iSSHA-1
• PeopleSoft
• Skype
• 7-Zip
• RAR3-hp
• PDF 1.1 - 1.3 (Acrobat 2 - 4)
• PDF 1.4 - 1.6 (Acrobat 5 - 8)
• PDF 1.7 Level 3 (Acrobat 9)
• PDF 1.7 Level 8 (Acrobat 10 - 11)
• MS Office <= 2003 MD5
• MS Office <= 2003 SHA1
• MS Office 2007
• MS Office 2010
• MS Office 2013
• Lotus Notes/Domino 5
• Lotus Notes/Domino 6
• Lotus Notes/Domino 8
• Bitcoin/Litecoin wallet.dat
• Blockchain, My Wallet
• 1Password, agilekeychain
• 1Password, cloudkeychain
• Lastpass
• Password Safe v2
• Password Safe v3
• eCryptfs
• Android FDE <= 4.3
• TrueCrypt 5.0+

• Quickly and easily generate a list of all subdomains of target domain
• Discover hidden web resources that can be potentially leveraged as part of an attack
• Written in Python and very portable
• Fast, multithreaded design

$ pip install -r pip.req

$ python waldo.py

$ python waldo.py -m s -d some-fake-site.example

$ python waldo.py -m d -d some-fake-site.example

$ python waldo.py -m s -l my-log-file.txt -d some-fake-site.example

$ python waldo.py -m s -d some-fake-site.example -t 15

• Reaver: newly developed application with the ability to brute force crack WPS (WPA / WPA2) pins.
• Inflator: this is the GUI version of command line reaver.
• Aircrack-ng: the major backbone of many other Xiaopan tools including FeedingBottle (FB) and Minidwep with the ability to attack WPA networks through a dictionary attack and WEP networks through collecting and injecting packets.
• FeedingBottle: so easy a baby could use it! FB is essentially the Aircrack-ng GUI and was created by Beini.
• Minidwep: is similar to FB but has a better and similar GUI that is even easier to use than FB. The added advantage of Minidwep is that you can also run Reaver and Inflator from here as well.
• Xfe: this is a simple file manager similar to say windows explorer

What it isn't...

Why Instantbird?

Instructions

• On Linux, extract the bundle(s) and then run: ./start-tor-messenger.desktop
• On OS X, copy the Tor Messenger application from the disk image to your local disk before running it.
On all platforms, Tor Messenger sets the profile folder for Firefox/Instantbird to the installation directory.
• Note that as a policy, unencrypted one-to-one conversations are not allowed and your messages will not be transmitted if the person you are talking with does not have an OTR-enabled client. You can disable this option in the preferences to allow unencrypted communication but doing so is not recommended.

 sh massbleed.sh [CIDR|IP] [single|port|subnet] [port] [proxy]

1. To mass scan any CIDR range for OpenSSL vulnerabilities via port 443/tcp (https) (example: sh massbleed.sh 192.168.0.0/16)
2. To scan any CIDR range for OpenSSL vulnerabilities via any custom port specified (example: sh massbleed.sh 192.168.0.0/16 port 8443)
3. To individual scan every port (1-10000) on a single system for vulnerable versions of OpenSSL (example: sh massbleed.sh 127.0.0.1 single)
4. To scan every open port on every host in a single class C subnet for OpenSSL vulnerabilities (example: sh massbleed.sh 192.168.0. subnet)

1. OpenSSL HeartBleed Vulnerability (CVE-2014-0160)
2. OpenSSL CCS (MITM) Vulnerability (CVE-2014-0224)
3. Poodle SSLv3 vulnerability (CVE-2014-3566)

PS C:\XXX\XXX\XXX\XXX> .\usbtracker.py -h
USBTracker alpha
2015 - Sysinsider

USBTracker it's a free tool which allow you to extract some USB artifacts from a Windows OS (Vista and later).
You must execute USBTracker inside a CMD/Powershell console runnnig with administror privileges to be able to dump some
log files artifacts.

usage: usbtracker.py [-h] [-u | -uu] [-nh] [-df] [-x]

optional arguments:
  -h, --help            show this help message and exit
  -u, --usbstor         Dump USB artifacts from USBSTOR registry
  -uu, --usbstor-verbose
                        Dump USB detailed artifacts from USBSTOR registry.
  -nh, --no-hardwareid  Hide HardwareID value during a USBSTOR detailed
                        artifacts registry dump.
  -df, --driver-frameworks
                        Dump USB artifacts and events from the Windows
                        DriverFrameworks Usermode log.
  -x, --raw-xml-event   Display event results in raw xml (with -df option
                        only).

PS C:\XXX\XXX\XXX\XXX> .\usbtracker.py -u
USBTracker alpha
2015 - Sysinsider

USBTracker it's a free tool which allow you to extract some USB artifacts from a Windows OS (Vista and later).
You must execute USBTracker inside a CMD/Powershell console runnnig with administror privileges to be able to dump some
log files artifacts.

USB device(s) known by this computer :
=====================================

CdRom&Ven_HL-DT-ST&Prod_DVDRAM_GP08NU20&Rev_1.00
Disk&Ven_Generic&Prod_STORAGE_DEVICE&Rev_0272
Disk&Ven_Kingston&Prod_DataTraveler_2.0&Rev_1.00
Disk&Ven_WD&Prod_5000AAV_External&Rev_1.65
Disk&Ven_WD&Prod_Elements_10B8&Rev_1012
Disk&Ven_WD&Prod_My_Book_1140&Rev_1012
Other&Ven_WD&Prod_SES_Device&Rev_1012

PS C:\XXX\XXX\XXX\XXX> .\usbtracker.py -uu
USBTracker alpha
2015 - Sysinsider

USBTracker it's a free tool which allow you to extract some USB artifacts from a Windows OS (Vista and later).
You must execute USBTracker inside a CMD/Powershell console runnnig with administror privileges to be able to dump some
log files artifacts.

USB device(s) known by this computer :
=====================================

CdRom&Ven_HL-DT-ST&Prod_DVDRAM_GP08NU20&Rev_1.00

        Serial : 00101016400086C55&0

        DeviceDesc : @cdrom.inf,%gencdrom_devdesc%;CD-ROM Drive
        Capabilities : 16
        HardwareID : [u'USBSTOR\\CdRomHL-DT-STDVDRAM_GP08NU20_1.00', u'USBSTOR\\CdRomHL-DT-STDVDRAM_GP08NU20_', u'USBSTO
R\\CdRomHL-DT-ST', u'USBSTOR\\HL-DT-STDVDRAM_GP08NU20_1', u'HL-DT-STDVDRAM_GP08NU20_1', u'USBSTOR\\GenCdRom', u'GenCdRom
']
        CompatibleIDs : [u'USBSTOR\\CdRom', u'USBSTOR\\RAW']
        ContainerID : {def10b43-2e59-5e9f-8ca6-ffab1cfc9afa}
        Service : cdrom
        ClassGUID : {4d36e965-e325-11ce-bfc1-08002be10318}
        ConfigFlags : 0
        Driver : {4d36e965-e325-11ce-bfc1-08002be10318}\0001
        Class : CDROM
        Mfg : @cdrom.inf,%genmanufacturer%;(Standard CD-ROM drives)
        FriendlyName : HL-DT-ST DVDRAM GP08NU20 USB Device

======================================================================

Disk&Ven_Generic&Prod_STORAGE_DEVICE&Rev_0272

        Serial : 000000000272&0

        DeviceDesc : @disk.inf,%disk_devdesc%;Disk drive
        Capabilities : 16
        HardwareID : [u'USBSTOR\\DiskGeneric_STORAGE_DEVICE__0272', u'USBSTOR\\DiskGeneric_STORAGE_DEVICE__', u'USBSTOR\
\DiskGeneric_', u'USBSTOR\\Generic_STORAGE_DEVICE__0', u'Generic_STORAGE_DEVICE__0', u'USBSTOR\\GenDisk', u'GenDisk']
        CompatibleIDs : [u'USBSTOR\\Disk', u'USBSTOR\\RAW']
        ContainerID : {a3ce89cb-5363-54a8-8d4f-af2374c200a5}
        ConfigFlags : 0
        ClassGUID : {4d36e967-e325-11ce-bfc1-08002be10318}
        Driver : {4d36e967-e325-11ce-bfc1-08002be10318}\0004
        Class : DiskDrive
        Mfg : @disk.inf,%genmanufacturer%;(Standard disk drives)
        Service : disk
        FriendlyName : Generic STORAGE DEVICE USB Device

======================================================================

...

PS C:\XXX\XXX\XXX\XXX> .\usbtracker.py -df
USBTracker alpha
2015 - Sysinsider

USBTracker it's a free tool which allow you to extract some USB artifacts from a Windows OS (Vista and later).
You must execute USBTracker inside a CMD/Powershell console runnnig with administror privileges to be able to dump some
log files artifacts.

USB related event(s) found in the event log :
=============================================

UTC Time : 2015-01-18 20:31:34.138399
EventID : 2003 | Description : UMDFHostDeviceArrivalBegin | Computer : 37L4247F27-25 | User SID : S-1-5-19 | User : LocalService
Lifetime : 8c076f4d-6405-4414-a829-ee44a94e3893
WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_DATATRAVELER_2.0&REV_1.00#0019B931D970C8C0C5DB00B9&0#

UTC Time : 2015-01-18 20:31:34.138399
EventID : 2010 | Description : UMDFHostDeviceArrivalEnd | Computer : 37L4247F27-25 | User SID : S-1-5-19 | User : LocalService
Lifetime : 8c076f4d-6405-4414-a829-ee44a94e3893
WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_DATATRAVELER_2.0&REV_1.00#0019B931D970C8C0C5DB00B9&0#

UTC Time : 2015-01-18 20:31:34.138399
EventID : 2004 | Description : UMDFHostAddDeviceBegin | Computer : 37L4247F27-25 | User SID : S-1-5-19 | User : LocalService
Lifetime : 8c076f4d-6405-4414-a829-ee44a94e3893
WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_DATATRAVELER_2.0&REV_1.00#0019B931D970C8C0C5DB00B9&0#

...

PS C:\XXX\XXX\XXX\XXX> .\usbtracker.py -df -x
USBTracker alpha
2015 - Sysinsider

USBTracker it's a free tool which allow you to extract some USB artifacts from a Windows OS (Vista and later).
You must execute USBTracker inside a CMD/Powershell console runnnig with administror privileges to be able to dump some
log files artifacts.

USB related event(s) found in the event log :
=============================================

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-DriverFra
meworks-UserMode" Guid="2e35aaeb-857f-4beb-a418-2e6c0e54d988"></Provider>
<EventID Qualifiers="">1003</EventID>
<Version>1</Version>
<Level>4</Level>
<Task>17</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2015-01-18 20:31:34.013599"></TimeCreated>
<EventRecordID>2</EventRecordID>
<Correlation ActivityID="" RelatedActivityID=""></Correlation>
<Execution ProcessID="836" ThreadID="1488"></Execution>
<Channel>Microsoft-Windows-DriverFrameworks-UserMode/Operational</Channel>
<Computer>37L4247F27-25</Computer>
<Security UserID="S-1-5-18"></Security>
</System>
<UserData><UMDFDriverManagerHostCreateStart lifetime="8c076f4d-6405-4414-a829-ee44a94e3893" xmlns:auto-ns2="http://schem
as.microsoft.com/win/2004/08/events" xmlns="http://www.microsoft.com/DriverFrameworks/UserMode/Event"><HostGuid>{193a182
0-d9ac-4997-8c55-be817523f6aa}</HostGuid>
<DeviceInstanceId>WPDBUSENUMROOT.UMB.2&amp;37C186B&amp;0&amp;STORAGE#VOLUME#_??_USBSTOR#DISK&amp;VEN_KINGSTON&amp;PROD_D
ATATRAVELER_2.0&amp;REV_1.00#0019B931D970C8C0C5DB00B9&amp;0#</DeviceInstanceId>
</UMDFDriverManagerHostCreateStart>
</UserData>
</Event>

...

PS C:\XXX\XXX\XXX\XXX> .\usbtracker.py -sa
USBTracker alpha
2015 - Sysinsider

USBTracker it's a free tool which allow you to extract some USB artifacts from a Windows OS (Vista and later).
You must execute USBTracker inside a CMD/Powershell console runnnig with administror privileges to be able to dump some log files artifacts.

>>>  [Setup online Device Install (Hardware initiated) - usb\vid_0930&pid_6544\0019b931d970c8c0c5db00b9]
>>>  Section start 2015/01/18 21:31:02.314

>>>  [Setup online Device Install (Hardware initiated) - storage\volume\_??_usbstor#disk&ven_kingston&prod_datatraveler_2.0&rev_1.00#0019b931d970c8c0c5db00b9&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}]
>>>  Section start 2015/01/18 21:31:28.241

>>>  [Setup online Device Install (Hardware initiated) - WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_DATATRAVELER_2.0&REV_1.00#0019B931D970C8C0C5DB00B9&0#]
>>>  Section start 2015/01/18 21:31:30.956

>>>  [Setup online Device Install (Hardware initiated) - usb\root_hub20\4&56dcbd&0]
>>>  Section start 2015/01/18 21:31:59.457

>>>  [Setup online Device Install (Hardware initiated) - usb\root_hub\4&38d808bf&0]
>>>  Section start 2015/01/18 21:32:28.925

>>>  [Setup online Device Install (Hardware initiated) - usb\root_hub\4&fee3d1d&0]
>>>  Section start 2015/01/18 21:32:31.593

>>>  [Setup online Device Install (Hardware initiated) - usb\root_hub20\4&3a831ac0&0]
>>>  Section start 2015/01/18 21:32:32.825

>>>  [Setup online Device Install (Hardware initiated) - usb\vid_0458&pid_0137\5&1d8fb94c&0&3]
>>>  Section start 2015/01/18 21:32:36.866

>>>  [Setup online Device Install (Hardware initiated) - usb\vid_05ac&pid_8242\5&1d8fb94c&0&5]
>>>  Section start 2015/01/18 21:32:47.037

>>>  [Setup online Device Install (Hardware initiated) - usb\vid_05ac&pid_8502\8t9a9e8d577k3l00]
>>>  Section start 2015/01/18 21:32:48.160

...

1. Ensure Ruby [2.0 or above] is installed on your system
2. Clone the source code using git clone https://github.com/rastating/joomlavs.git
3. Install bundler and required gems using sudo gem install bundler && bundle install

usage: joomlavs.rb [options]
Basic options
    -u, --url              The Joomla URL/domain to scan.
    --basic-auth           <username:password> The basic HTTP authentication credentials
    -v, --verbose          Enable verbose mode
Enumeration options
    -a, --scan-all         Scan for all vulnerable extensions
    -c, --scan-components  Scan for vulnerable components
    -m, --scan-modules     Scan for vulnerable modules
    -t, --scan-templates   Scan for vulnerable templates
    -q, --quiet            Scan using only passive methods
Advanced options
    --follow-redirection   Automatically follow redirections
    --no-colour            Disable colours in output
    --proxy                <[protocol://]host:port> HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given, HTTP will be used
    --proxy-auth           <username:password> The proxy authentication credentials
    --threads              The number of threads to use when multi-threading requests
    --user-agent           The user agent string to send with all requests

• -h, --help: It shows the information about using the Flashlight application.
• -p <ProjectName> or --project < ProjectName>: It sets project name with the name given. This paramater can be used to save different projects in different workspaces.
• -s <ScanType> or –scan_type < ScanType >: It sets the type of scans. There are four types of scans: Active Scan , Passive Scan, Screenshot Scan and Filtering. These types of scans will be examined later in detail.
• -d < DestinationNetwork>, --destination < DestinationNetwork >: It sets the network or IP where the scan will be executed against.
• -c <FileName>, --config <FileName>: It specifies the configuration file. The scanning is realized according to the information in the configuration file.
• -u <NetworkInterface>, --interface < NetworkInterface>: It sets the network interface used during passive scanning.
• -f <PcapFile>, --pcap_file < PcapFile >: It sets cap File that will be filtered.
• -r <RasterizeFile>, --rasterize < RasterizeFile>: It sets the specific location of Rasterize JavaScript file which will be used for taking screenshots.
• -t <ThreadNumber>, --thread <Threadnember>: It sets the number of Threads. This parameter is valid only on screenshot scanning (screen scan) mode.
• -o <OutputDiectory>, --output < OutputDiectory >: It sets the directory in which the scan results can be saved. The scan results are saved in 3 sub-directories : For Nmap scanning results, "nmap" subdirectory, for PCAP files "pcap" subdirectory and for screenshots "screen" subdirectories are used. Scan results are saved in directory, shown under the output directories by this parameter. If this option is not set, scan results are saved in the directory that Flashlight applications are running.
• -a, --alive: It performs ping scan to
• “-I” parameter is chosen.
• -l <LogFile>, --log < LogFile >: It specifies the log file to save the scan results. If not set, logs are saved in “flashlight.log” file in working directory.
• -k <PassiveTimeout>, --passive_timeout <PassiveTimeout>: It specifies the timeout for sniffing in passive mode. Default value is 15 seconds. This parameter is used for passive scan.
• -m, --mim: It is used to perform MITM attack.
• -n, --nmap-optimize: It is used to optimize nmap scan.
• -v, --verbose: It is used to list detailed information.
• -V, --version: It specifies version of the program. 
 discover up IP addresses before the actual vulnerability scan. It is used for active scan.
• -g <DefaultGateway>, --gateway < DefaultGateway >: It identifies the IP address of the gateway. If not set, interface with “-I” parameter is chosen.
• -l <LogFile>, --log < LogFile >: It specifies the log file to save the scan results. If not set, logs are saved in “flashlight.log” file in working directory.
• -k <PassiveTimeout>, --passive_timeout <PassiveTimeout>: It specifies the timeout for sniffing in passive mode. Default value is 15 seconds. This parameter is used for passive scan.
• -m, --mim: It is used to perform MITM attack.
• -n, --nmap-optimize: It is used to optimize nmap scan.
• -v, --verbose: It is used to list detailed information.
• -V, --version: It specifies version of the program. 

Videos :

Installation

apt-get install nmap tshark tcpdump dsniff

1) Passive Scan

./flashlight.py -s passive -p passive-pro-01 -i eth0 -o /root/Desktop/flashlight_test -l /root/Desktop/log –v

2) Active Scan

   - 21, 22, 23, 25, 80, 443, 445, 3128, 8080

   - 53, 161

   - http-enum

./flashlight.py -p active-project -s active -d 192.168.74.0/24 –t 30 -a -v

• Operating System Scan: /usr/bin/nmap -n -Pn -O -T5 -iL /tmp/"IPListFile" -oA /root/Desktop/flashlight/output/active-project/nmap/OsScan-"Date"
• Ping Scan: /usr/bin/nmap -n -sn -T5 -iL /tmp/"IPListFile" -oA /root/Desktop/flashlight/output/active-project/nmap/PingScan-"Date"
• Port Scan: /usr/bin/nmap -n -Pn -T5 --open -iL /tmp/"IPListFile" -sS -p T:21,22,23,25,80,443,445,3128,8080,U:53,161 -sU -oA /root/Desktop/flashlight/output/active-project/nmap/PortScan-"Date"
• Script Scan: /usr/bin/nmap -n -Pn -T5 -iL /tmp/"IPListFile" -sS -p T:21,22,23,25,80,443,445,3128,8080,U:53,161 -sU --script=default,http-enum -oA /root/Desktop/flashlight/output/active-project/nmap/ScriptScan-"Date" 

 3) Screen Scan

4) Filtering

• Windows hosts
• Top 10 DNS requests

Honeypots

• Database Honeypots
  
  • Elastic honey - A Simple Elasticsearch Honeypot
  • mysql - A mysql honeypot, still very very early stage
  • A framework for nosql databases ( only redis for now) - The NoSQL Honeypot Framework
  • ESPot - ElasticSearch Honeypot
• Web honeypots
  
  • Glastopf - Web Application Honeypot
  • phpmyadmin_honeypot - - A simple and effective phpMyAdmin honeypot
  • servlet - Web application Honeypot
  • Nodepot - A nodejs web application honeypot
  • basic-auth-pot bap - http Basic Authentication honeyPot
  • Shadow Daemon - A modular Web Application Firewall / High-Interaction Honeypot for PHP, Perl & Python apps
  • Servletpot - Web application Honeypot
  • Google Hack Honeypot - designed to provide reconnaissance against attackers that use search engines as a hacking tool against your resources.
  • smart-honeypot - PHP Script demonstrating a smart honey pot
  • HonnyPotter - A WordPress login honeypot for collection and analysis of failed login attempts.
  • wp-smart-honeypot - WordPress plugin to reduce comment spam with a smarter honeypot
  • wordpot - A WordPress Honeypot
  • Bukkit Honeypot Honeypot - A honeypot plugin for Bukkit
  • Laravel Application Honeypot - Honeypot - Simple spam prevention package for Laravel applications
  • stack-honeypot - Inserts a trap for spam bots into responses
  • EoHoneypotBundle - Honeypot type for Symfony2 forms
  • shockpot - WebApp Honeypot for detecting Shell Shock exploit attempts
• Service Honeypots
  
  • Kippo - Medium interaction SSH honeypot
  • honeyntp - NTP logger/honeypot
  • honeypot-camera - observation camera honeypot
  • troje - a honeypot built around lxc containers. It will run each connection with the service within a seperate lxc container.
  • slipm-honeypot - A simple low-interaction port monitoring honeypot
  • HoneyPy - A low interaction honeypot
  • Ensnare - Easy to deploy Ruby honeypot
  • RDPy - A Microsoft Remote Desktop Protocol (RDP) honeypot in python
• Anti-honeypot stuff
  
  • kippo_detect - This is not a honeypot, but it detects kippo. (This guy has lots of more interesting stuff)
• ICS/SCADA honeypots
  
  • Conpot - ICS/SCADA honeypot
  • scada-honeynet - mimics many of the services from a popular PLC and better helps SCADA researchers understand potential risks of exposed control system devices
  • SCADA honeynet - Building Honeypots for Industrial Networks
• Deployment
  
  • Dionaea and EC2 in 20 Minutes - a tutorial on setting up Dionaea on an EC2 instance
  • honeypotpi - Script for turning a Raspberry Pi into a Honey Pot Pi
• Data Analysis
  
  • Kippo-Graph - a full featured script to visualize statistics from a Kippo SSH honeypot
  • Kippo stats - Mojolicious app to display statistics for your kippo SSH honeypot
• Other/random
  
  • NOVA uses honeypots as detectors, looks like a complete system.
  • Open Canary - A low interaction honeypot intended to be run on internal networks.
  • libemu - Shellcode emulation library, useful for shellcode detection.
• Open Relay Spam Honeypot
  
  • SpamHAT - Spam Honeypot Tool
• Botnet C2 monitor
  
  • Hale - Botnet command & control monitor
• IPv6 attack detection tool
  
  • ipv6-attack-detector - Google Summer of Code 2012 project, supported by The Honeynet Project organization
• Research Paper
  
  • vEYE - behavioral footprinting for self-propagating worm detection and profiling
• Honeynet statistics
  
  • HoneyStats - A statistical view of the recorded activity on a Honeynet
• Dynamic code instrumentation toolkit
  
  • Frida - Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android
• Front-end for dionaea
  
  • DionaeaFR - Front Web to Dionaea low-interaction honeypot
• Tool to convert website to server honeypots
  
  • HIHAT - ransform arbitrary PHP applications into web-based high-interaction Honeypots
• Malware collector
  
  • Kippo-Malware - Python script that will download all malicious files stored as URLs in a Kippo SSH honeypot database
• Sebek in QEMU
  
  • Qebek - QEMU based Sebek. As Sebek, it is data capture tool for high interaction honeypot
• Malware Simulator
  
  • imalse - Integrated MALware Simulator and Emulator
• Distributed sensor deployment
  
  • Smarthoneypot - custom honeypot intelligence system that is simple to deploy and easy to manage
  • Modern Honey Network - Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management
  • ADHD - Active Defense Harbinger Distribution (ADHD) is a Linux distro based on Ubuntu LTS. It comes with many tools aimed at active defense preinstalled and configured
• Network Analysis Tool
  
  • Tracexploit - replay network packets
• Log anonymizer
  
  • LogAnon - log anonymization library that helps having anonymous logs consistent between logs and network captures
• server
  
  • Honeysink - open source network sinkhole that provides a mechanism for detection and prevention of malicious traffic on a given network
• Botnet traffic detection
  
  • dnsMole - analyse dns traffic, and to potentionaly detect botnet C&C server and infected hosts
• Low interaction honeypot (router back door)
  
  • Honeypot-32764 - Honeypot for router backdoor (TCP 32764)
• honeynet farm traffic redirector
  
  • Honeymole - eploy multiple sensors that redirect traffic to a centralized collection of honeypots
• HTTPS Proxy
  
  • mitmproxy - allows traffic flows to be intercepted, inspected, modified and replayed
• spamtrap
  
  • SendMeSpamIDS.py Simple SMTP fetch all IDS and analyzer
• System instrumentation
  
  • Sysdig - open source, system-level exploration: capture system state and activity from a running Linux instance, then save, filter and analyze
• Honeypot for USB-spreading malware
  
  • Ghost-usb - honeypot for malware that propagates via USB storage devices
• Data Collection
  
  • Kippo2MySQL - extracts some very basic stats from Kippo’s text-based log files (a mess to analyze!) and inserts them in a MySQL database
  • Kippo2ElasticSearch - Python script to transfer data from a Kippo SSH honeypot MySQL database to an ElasticSearch instance (server or cluster)
• Passive network audit framework parser
  
  • pnaf - Passive Network Audit Framework
• VM Introspection
  
  • VIX virtual machine introspection toolkit - VMI toolkit for Xen, called Virtual Introspection for Xen (VIX)
  • vmscope - Monitoring of VM-based High-Interaction Honeypots
  • vmitools - C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine
• Binary debugger
  
  • Hexgolems - Schem Debugger Frontend - A debugger frontend
  • Hexgolems - Pint Debugger Backend - A debugger backend and LUA wrapper for PIN
• Mobile Analysis Tool
  
  • APKinspector - APKinspector is a powerful GUI tool for analysts to analyze the Android applications
  • Androguard - Reverse engineering, Malware and goodware analysis of Android applications ... and more
• Low interaction honeypot
  
  • Honeypoint - platform of distributed honeypot technologies
  • Honeyperl - Honeypot software based in Perl with plugins developed for many functions like : wingates, telnet, squid, smtp, etc
• Honeynet data fusion
  
  • HFlow2 - data coalesing tool for honeynet/network analysis
• Server
  
  • LaBrea - takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet.
  • Kippo - SSH honeypot
  • KFSensor - Windows based honeypot Intrusion Detection System (IDS)
  • Honeyd Also see more honeyd tools
  • Glastopf - Honeypot which emulates thousands of vulnerabilities to gather data from attacks targeting web applications
  • DNS Honeypot - Simple UDP honeypot scripts
  • Conpot - ow interactive server side Industrial Control Systems honeypot
  • Bifrozt - High interaction honeypot solution for Linux based systems
  • Beeswarm - Honeypot deployment made easy
  • Bait and Switch - redirects all hostile traffic to a honeypot that is partially mirroring your production system
  • Artillery - open-source blue team tool designed to protect Linux and Windows operating systems through multiple methods
  • Amun - vulnerability emulation honeypot
• VM cloaking script
  
  • Antivmdetect - Script to create templates to use with VirtualBox to make vm detection harder
• IDS signature generation
  
  • Honeycomb
• lookup service for AS-numbers and prefixes
  
  • CC2ASN
• Web interface (for Thug)
  
  • Rumal - Thug's Rumāl: a Thug's dress & weapon
• Data Collection / Data Sharing
  
  • HPfriends - data-sharing platform
  • HPFeeds - lightweight authenticated publish-subscribe protocol
• Distributed spam tracking
  
  • Project Honeypot
• Python bindings for libemu
  
  • Pylibemu - A Libemu Cython wrapper
• Controlled-relay spam honeypot
  
  • Shiva - Spam Honeypot with Intelligent Virtual Analyzer
    • Shiva The Spam Honeypot Tips And Tricks For Getting It Up And Running
• Visualization Tool
  
  • Glastopf Analytics
  • Afterglow Cloud
  • Afterglow
• central management tool
  
  • PHARM
• Network connection analyzer
  
  • Impost
• Virtual Machine Cloaking
  
  • VMCloak
• Honeypot deployment
  
  • Modern Honeynet Network
  • SurfIDS
• Automated malware analysis system
  
  • Cuckoo
  • Anubis
  • Hybrid Analysis
• Low interaction
  
  • mwcollectd
• Low interaction honeypot on USB stick
  
  • Honeystick
• Honeypot extensions to Wireshark
  
  • Whireshark Extensions
• Data Analysis Tool
  
  • HpfeedsHoneyGraph
  • Acapulco
• Telephony honeypot
  
  • Zapping Rachel
• Client
  
  • Pwnypot
  • MonkeySpider
  • Capture-HPC-NG
  • Wepawet
  • URLQuery
  • Trigona
  • Thug
  • Shelia
  • PhoneyC
  • Jsunpack-n
  • HoneyC
  • HoneyBOT
  • CWSandbox / GFI Sandbox
  • Capture-HPC-Linux
  • Capture-HPC
  • Andrubis
• Visual analysis for network traffic
  
  • ovizart
• Binary Management and Analysis Framework
  
  • Viper
• Honeypot
  
  • Single-honeypot
  • Honeyd For Windows
  • IMHoneypot
  • Deception Toolkit
• PDF document inspector
  
  • peepdf
• Distribution system
  
  • Thug Distributed Task Queuing
• HoneyClient Management
  
  • HoneyWeb
• Network Analysis
  
  • HoneyProxy
• Hybrid low/high interaction honeypot
  
  • HoneyBrid
• Sebek on Xen
  
  • xebek
• SSH Honeypot
  
  • Kojoney
  • Cowrie
• Glastopf data analysis
  
  • Glastopf Analytics
• Distributed sensor project
  
  • DShield Web Honeypot Project
  • Distributed Web Honeypot Project
• a pcap analyzer
  
  • Honeysnap
• Client Web crawler
  
  • HoneySpider Network
• network traffic redirector
  
  • Honeywall
• Honeypot Distribution with mixed content
  
  • HoneyDrive
• Honeypot sensor
  
  • Dragon Research Group Distro
  • Honeeepi - Honeeepi is a honeypot sensor on Raspberry Pi which based on customized Raspbian OS.
• File carving
  
  • TestDisk & PhotoRec
• File and Network Threat Intelligence
  
  • VirusTotal
• data capture
  
  • Sebek
• SSH proxy
  
  • HonSSH
• Anti-Cheat
  
  • Minecraft honeypot
• behavioral analysis tool for win32
  
  • Capture BAT
• Live CD
  
  • DAVIX
• Spamtrap
  
  • Spampot.py
  • Spamhole
  • spamd
  • Mail::SMTP::Honeypot - perl module that appears to provide the functionality of a standard SMTP server
• Commercial honeynet
  
  • Specter
  • Netbait
• Server (Bluetooth)
  
  • Bluepot
• Dynamic analysis of Android apps
  
  • Droidbox
• Dockerized Low Interaction packaging
  
  • Manuka
  • Dockerized Thug
  • Dockerpot A docker based honeypot.
  • Docker honeynet Several Honeynet tools set up for Docker containers
• Network analysis
  
  • Quechua
• Sebek data visualization
  
  • Sebek Dataviz
• SIP Server
  
  • Artemnesia VoIP
• Botnet C2 monitoring
  
  • botsnoopd
• low interaction
  
  • mysqlpot
• Malware collection
  
  • Honeybow

Honeyd Tools

• Honeyd plugin
  
  • Honeycomb
• Honeyd viewer
  
  • Honeyview
• Honeyd to MySQL connector
  
  • Honeyd2MySQL
• A script to visualize statistics from honeyd
  
  • Honeyd-Viz
• Honeyd UI
  
  • Honeyd configuration GUI - application used to configure the honeyd daemon and generate configuration files
• Honeyd stats
  
  • Honeydsum.pl

Network and Artifact Analysis

• Sandbox
  
  • RFISandbox - a PHP 5.x script sandbox built on top of funcall
  • dorothy2 - A malware/botnet analysis framework written in Ruby
  • COMODO automated sandbox
  • Argos - An emulator for capturing zero-day attacks
• Sandbox-as-a-Service
  
  • malwr.com - free malware analysis service and community
  • detux.org - Multiplatform Linux Sandbox
  • Joebox Cloud - analyzes the behavior of malicious files including PEs, PDFs, DOCs, PPTs, XLSs, APKs, URLs and MachOs on Windows, Android and Mac OS X for suspicious activities

Data Tools

• Front Ends
  
  • Tango - Honeypot Intelligence with Splunk
  • Django-kippo - Django App for kippo SSH Honeypot
  • Wordpot-Frontend - a full featured script to visualize statistics from a Wordpot honeypot -Shockpot-Frontend - a full featured script to visualize statistics from a Shockpot honeypot
• Visualization
  
• HoneyMap - Real-time websocket stream of GPS events on a fancy SVG world map
• HoneyMalt - Maltego tranforms for mapping Honeypot systems

What's new?

Installation

$ python -m pip install pyersinia

# pip install pyersinia

Quick start

positional arguments:
  arp_spoof_TARGET
  arp_spoof_VICTIM

optional arguments:
  -h, --help        show this help message and exit
  -v, --verbosity   verbosity level
  -a ATTACK_TYPE    choose supported attack type
  -i IFACE          choose network interface

supported attacks:
        arp_spoof, dhcp_discover_dos, stp_tcn, stp_conf, stp_root

examples:
        python pyersinia.py -a arp_spoof 127.0.0.1 127.0.0.1
        python pyersinia.py -a stp_root -i eth0

Description:

• ATSCAN Version 2 
• Dork scanner. 
• XSS scanner. 
• Sqlmap. 
• LFI scanner.
• Filter wordpress and Joomla sites in the server. 
• Find Admin page.
• Decode / Encode MD5 + Base64. 

Libreries to install:

ap-get install libxml-simple-perl

Permissions & Executution:

$chmod +x atscan.pl 
perl ./atscan.pl

Screenshots: 

Help Menu

Usage: credmap.py --email EMAIL | --user USER | --load LIST [options]

Options:
  -h/--help             show this help message and exit
  -v/--verbose          display extra output information
  -u/--username=USER..  set the username to test with
  -p/--password=PASS..  set the password to test with
  -e/--email=EMAIL      set an email to test with
  -l/--load=LOAD_FILE   load list of credentials in format USER:PASSWORD
  -x/--exclude=EXCLUDE  exclude sites from testing
  -o/--only=ONLY        test only listed sites
  -s/--safe-urls        only test sites that use HTTPS.
  -i/--ignore-proxy     ignore system default HTTP proxy
  --proxy=PROXY         set proxy (e.g. "socks5://192.168.1.2:9050")
  --list                list available sites to test with

Examples

./credmap.py --username janedoe --email janedoe@email.com
./credmap.py -u johndoe -e johndoe@email.com --exclude "github.com, live.com"
./credmap.py -u johndoe -p abc123 -vvv --only "linkedin.com, facebook.com"
./credmap.py -e janedoe@example.com --verbose --proxy "https://127.0.0.1:8080"
./credmap.py --load list.txt
./credmap.py --list

Prerequisites

• Python 2.6+
• Git (Optional)

Running the program

$ python credmap.py -h

Video

• A Command aNd Control server, which is a Web interface to administer the agents
• An agent program, which is run on the compromised host, and ensures communication with the CNC

• remote cmd.exe shell
• persistence
• file upload/download
• screenshot
• key logging

Installation

Server

Agent

• requests
• pythoncom
• pyhook
• PIL

cd client/
pyinstaller --onefile --noconsole agent.py

Usage

Fingerprinting

--url

Reverse Bruteforce

-U

-p

--bruteforce

Dump Hashes

--hashdump

Quick Console

--quickconsole

exit

Examples

Fingerprint Domino server

python domi-owned.py --url http://domino-server.com

Preform a reverse bruteforce attack

python domi-owned.py --url http://domino-server.com -U ./usernames.txt -p password --bruteforce

Dump Domino account hashes

python domi-owned.py --url http://domino-server.com -u user -p password --hashdump

Interact with the Domino Quick Console

python domi-owned.py --url http://domino-server.com -u user -p password --quickconsole

1. Installation

• git clone https://Ft44k@bitbucket.org/Ft44k/yavol.git
• default forder for yara sigs is /yara_rules

2. Prerequisites