Tuesday 25 June 2013

[WebVulScan] Web Application Vulnerability Scanner



WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the status of the scan, the number of URLs found on the web application, the number of vulnerabilities found and details of the vulnerabilities found.

After a scan is complete, a detailed PDF report is emailed to the user. The report includes descriptions of the vulnerabilities found, recommendations and details of where and how each vulnerability was exploited. 



The vulnerabilities tested by WebVulScan are:
  • Reflected Cross-Site Scripting
  • Stored Cross-Site Scripting
  • Standard SQL Injection
  • Broken Authentication using SQL Injection
  • Autocomplete Enabled on Password Fields
  • Potentially Insecure Direct Object References
  • Directory Listing Enabled
  • HTTP Banner Disclosure
  • SSL Certificate not Trusted
  • Unvalidated Redirects

Features:
  • Crawler: Crawls a website to identify and display all URLs belonging to the website.
  • Scanner: Crawls a website and scans all URLs found for vulnerabilities.
  • Scan History: Allows a user to view or download PDF reports of previous scans that they performed.
  • Register: Allows a user to register with the web application.
  • Login: Allows a user to login to the web application.
  • Options: Allows a user to select which vulnerabilities they wish to test for (all are enabled by default).
  • PDF Generation: Dynamically generates a detailed PDF report.
  • Report Delivery: The PDF report is emailed to the user as an attachment.

Posted by at No comments:
Labels: , , , , , ,

[Hardanger] Web Application Penetration Testing Platform

Hardanger is an Open Source web application penetration testing tool led by security researchers from SecurityWire. The project aims to bridge the gap between current open source web application testing tools commonly used in a Linux environment and bring the same level of tools to native Windows based platforms. Hardanger aims to deliver a user friendly experience for semi-automated web application penetration testing by building tools on top of the excellent Fiddler2 web debugger.

The project deliverable is a Fiddler2 (http://www.fiddler2.com) add-on dll written in C# that is easily installed using a .msi installer and a standalone application is also be available for users that do not want the integrated Fiddler2 experience. Hardanger has been architected so it can be easily expanded to add other functionality. The first version only includes a simple HTTP(S) GET and POST parameter fuzzer but will has built a foundation where it is trivial to plug in additional fuzzers and detection engines as well as other features. Once server fuzzing is perfected and state of the art, this project will continue to add new features such as a web browser fuzzer, brute force tool, manual tampering, crawler, passive vulnerability detection, recon tools, etc.


Current Features
  • Native Windows feel via Windows Presentation Foundation
  • Can run as a Fiddler2 add-on or standalone
  • ClickOnce installer with automatic updates (standalone version)
  • Context tab allowing inspection of full HTTP requests
  • Server fuzzer tab to configure and launch the server fuzzer
  • Basic random fuzzer generates random strings of UTF8 characters of random lengths
  • Non HTTP 200 detection engine
  • Results window keeping track of successful detections
  • Ability to review requests/responses in the results details window


Posted by at No comments:
Labels: , , ,

[Hidden File Finder] Scan and discover all the Hidden files on your Windows


Hidden File Finder is the free software to quickly scan and discover all the Hidden files on your Windows system.

It performs swift multi threaded scan of all the folders parallely and quickly uncovers all the hidden files. It automatically detects the Hidden Executable Files (EXE, DLL, COM etc) and shows them in red color for easier identification. Similarly 'Hidden Files' are shown in black color and 'Hiddden Folders' are shown in blue color.

One of its main feature is the Unhide Operation. You can select one or all of the discovered Hidden files and Unhide them with just a click. Successful 'Unhide operations' are shown in green background color while failed ones are shown in yellow background.

It is very easy to use with its cool GUI interface. Particularly, it will be more handy for Penetration testers and Forensic investigators.

It is fully portable and works on both 32-bit & 64-bit platforms starting from Windows XP to Windows 8.


Posted by at No comments:
Labels: , , ,

Tuesday 18 June 2013

[Dradis Pro v1.7] Framework to enable effective information sharing

Dradis Pro is framework to enable effective information sharing, specially during security assessments.
Dradis is a self-contained web application that provides a centralised repository of information to keep track of what has been done so far, and what is still ahead.


Changelog v1.7

This is the result of eight months of hard work, a bit longer than usual, but the release is packed with lots of handy improvements.
Here are some changes:
  • New Issue/Evidence architecture: read about why this is a big deal.
  • New all-in-one view (more below).
  • New “by host” and “by issue” reporting (more below).
  • New default project / report template: to make it easy for you to build on top of it.
  • New interface to import Issues from external sources.
  • New Qualys upload plugin.
  • Updated plugins
    • Burp upload
      • Generates Issue/Evidence
      • Is orders of magnitude faster.
      • Integrates with the Plugin Manager.
    • MediaWiki import is now compatible with versions 1.14 -> 1.21
    • Nessus upload generates Issue/Evidence
    • Nexpose upload generates Issue/Evidence
  • Updates and internal improvements:
    • Updated to Rails 3.2.13
    • Improved code block and table styling
Full Changelog: here

Merge the output from different tools into a single report.
  • Burp Suite
  • Nessus
  • NeXpose
  • Nikto
  • Nmap
  • OpenVAS
  • OSVDB
  • Qualys
  • Retina
  • SureCheck
  • VulnDB
  • w3af
  • MediaWiki
  • wXf
  • Zed Attack Proxy
Deliver consistent results.
  • Never forget any steps.
  • Follow your own testing methodology.
  • Create your own testing methodologies and improve them after every engagement.
  • Consistent results across projects and clients. Every time.
Everyone on the same page.
  • Work together towards a common goal.
  • All the information about the project in a single location where it’s easy to find.
More Information: here
Posted by at No comments:
Labels: , , , , , ,

[EMET v4.0] Enhanced Mitigation Experience Toolkit

The Enhanced Mitigation Experience Toolkit (EMET) is designed to help prevent hackers from gaining access to your system. Software vulnerabilities and exploits have become an everyday part of life. Virtually every product has to deal with them and consequently, users are faced with a stream of security updates. For users who get attacked before the latest updates have been applied or who get attacked before an update is even available, the results can be devastating: malware, loss of PII, etc.

Changelog v4.0

New features introduced in EMET 4: Certificate Trust, mitigations improvement hardening, and the Early Warning Program.


(Reposted from TechNet Blogs)
Redesigned User Interface: We realized that with the addition of the new features introduced in EMET 4.0 Beta, the old graphical user interface was not as effective and easy to use. For this reason, we decided to re-design EMET’s GUI to facilitate and streamline the configuration operations. We also added the possibility to select the look-and-feel of EMET from a set of skins that we included.

Configuration Wizard: We know that configuration can be challenging when installing EMET for the first time. In EMET 3.0 we added the Protection Profiles, which were used to facilitate the initial configuration for applications. With EMET 4.0 we are introducing a Configuration Wizard that will automatically configure EMET with a standard set of SSL certificate pinning rules as well as a list of applications to protect. It also can preserve existing EMET 3.0 settings, and gives the possibility to add standard configuration for the new features. The Configuration Wizard will start automatically during EMET’s installation and can also be accessed, at any time, from EMET GUI. Advanced users can choose to apply a standard configuration through the Configuration Wizard and then customize EMET’s configuration afterwards according to their needs.

Changes in Certificate Trust: We made a few changes to the Certificate Trust feature, based on users’ feedback, further internal investigation, and partnership with third party online services. We added a new exception to the SSL certificate pinning rules that if enabled will make EMET verify just the Public Key component of the Root CAs present in the rule without matching subject name and serial number. Additionally, we made the Certificate Trust feature available on 64-bit versions of Internet Explorer. Finally, we added to the previous default rules for Microsoft online services new rules also for Twitter, Facebook, and Yahoo!.

Updated Group Policy profiles: Enterprise customers will notice that we updated our Group Policy profiles to include not only the ability to configure system and application mitigations, but also the reporting mechanisms, the advanced mitigation configurations, and the exploit action.

Full Changelog: here
Posted by at No comments:
Labels: , , ,

Wednesday 12 June 2013

[OWASP Bricks] Modular Deliberately Vulnerable Web Application

  •  Bricks is a deliberately vulnerable web application built on PHP and MySQL.
  • The project focuses on variations of commonly seen application security vulnerabilities and exploits.
  • Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP).
  • The mission is to 'break the bricks' and thus learn the various aspects of web application security.

 Bricks

Challenge Page URL Documentations
1 Log in page #1 bricks/login-1/ Text, Video
2 File upload page #1 bricks/upload-1/ Text, Video
3 Content page #1 bricks/content-1/ Text, Video
4 Log in page #2 bricks/login-2/ Text, Video
5 Content page #2 bricks/content-2/ Open for public to break.

Road map

  1. Demonstrate maximum variations of most common vulnerabilities
  2. Help people to learn the need of secure codding practices and SSDLC
  3. Attract people to design more bricks
  4. Become a test bed for analyzing the performance of web application security scanners.
  5. Help people learn the manual method of testing the applications
  6. Demonstrate the possibilities of various security tools and techniques
  7. Become a platform to teach web application security in a class room/lab environment. 

Posted by at No comments:
Labels: , , , ,

Monday 10 June 2013

[PyMal] The Malware Analysis Framework


PyMal is a python based interactive Malware Analysis Framework. It is built on the top of three pure python programes Pefile, Pydbg and Volatility.

The main aim of the project is to combine all the Malware Analysis related tools into a single interface for rapid analysis.

PyMal have several wrapper functions to manipulate Executable as well as running Processes. It also offers some advanced features like
  • Injected Code Detection
  • Hook Detection using Passive Image Referencing

For detailed view of the features and working, please check out the demonstration video shown below.

It works on all platforms starting from Windows XP to Windows 8.

Posted by at No comments:
Labels: , , , ,

[Process Magic] Tool to Hide any Windows application in Hidden or Invisible mode


Process Magic is the command-line tool to Hide any Windows application or launch new application in Hidden or Invisible mode.

In addition to hiding any Windows process, it also allows you to Unhide any previously Hidden application.

Note that it hides the application by hiding its main window. So it will be seen in Task Manager or any process listing tools.

It will be ideal when you want to hide your application from other users to prevent it from being killed or just run a process in the background silently.

Being command-line tool makes it easy to use in your automation scripts and also suitable to operate on other systems remotely.

It works on both 32-bit & 64-bit platforms starting from Windows XP to Windows 8.

Posted by at No comments:
Labels: , , , , ,

[pweb-suite] Perl based web application penetration testing tools


Written completely in Perl, this suite of tools covers a lot of the basics for penetration testing and vulnerability detection automation. This Suite (formerly known as the "pCrack Suite") of tools is used primarily or web application vulnerability testing.

xssPlay in Action! (YouTube)

Posted by at No comments:
Labels: , , ,

[Nishang v.0.2.7] PowerShell for Penetration Testing

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security and post exploitation during Penetraion Tests. The scripts are written on the basis of requirement by the author during real Penetration Tests.It contains many interesting scripts like download and execute, keylogger, dns txt pwnage, wait for command and much more.  


Changelog:
- DNS_TXT_Pwnage, Time_Execution and Wait_For_Command can now be stopped remotely. Also, these does not stop autmoatically after running a script/command now. 
- DNS_TXT_Pwnage, Time_Execution and Wait_For_Command can now return results using selected exfiltration method. 
- Fixed a minor bug in DNS_TXT_Pwnage. 
- All payloads which could post data to the internet now have three options pastebin/gmail/tinypaste for exfiltration. 
- Added Get-PassHashes payload. 
- Added Download-Execute-PS payload. 
- The keylogger logs only fresh keys after exfiltring the keys 30 times. 
- A delay after success has been introduced in various payloads which connect to the internet to avoid generating too much traffic.    

Posted by at No comments:
Labels: , , ,

[DLL Magic] Tool to Hide DLL in any Windows Process


DLL Magic is the simple command-line tool to Hide DLL in any Windows Process.


Every Process maintains internal database of loaded Modules/DLLs in the form of three linked lists. Each of these linked list represents the order in which DLLs are loaded, here are they

  • Load Order
  • Memory Order
  • Initialization Order

DLL Magic hides the DLL by removing the DLL from all these three linked lists.

This is an effective technique to hide DLL from any of the Process/DLL listing tools. And it is the common method used by Rootkits to hide their presence. However such hidden DLLs are visible in Kernel based tools.

Though 'DLL Magic' works on both 32-bit & 64-bit systems, it can Hide DLL from 32-bit Process only.

It is primarily useful for developers and researchers. Also being command-line tool makes it easy to use in automation scripts.
It works all platforms starting from Windows XP to Windows 8.

Posted by at No comments:
Labels: , , , ,

[Malwasm] Offline debugger for malware's reverse engineering


Malwasm is a tool based on Cuckoo Sandbox available here.

Malwasm was designed to help people that do reverse engineering. Malwasm step by step:
  • the malware to analyse is executed through Cuckoo Sandbox
  • during the execution, malwasm logs all activites of the malware with pintool
  • all activities are stored in a database (Postgres)
  • a web service is available to visualize and manage the data stored in the database

Features

Malwasm provides these features:
  • offline programs debugging
  • possibility to go back or forward in the execution's time (with a time slide bar)
  • states of registers and flags
  • values of the stack/heap/data
  • "Following dump" options
  • fully works in the browser 



Posted by at No comments:
Labels: , , , ,

Sunday 2 June 2013

[John the Ripper v1.8.0] Fast Password Cracker

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.

John the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of "native" packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance.

Changelog v1.8.0

  • Revised the incremental mode to let the current character counts grow for each character position independently, with the aim to improve efficiency in terms of successful guesses per candidate passwords tested.
  • Revised the pre-defined incremental modes, as well as external mode filters that are used to generate .chr files.
  • Added makechr, a script to (re-)generate .chr files.
  • Enhanced the status reporting to include four distinct speed metrics (g/s, p/s, c/s, and C/s).
  • Added the “–fork=N” and “–node=MIN[-MAX]/TOTAL” options for trivial parallel and distributed processing.
  • In the external mode compiler, treat character literals as unsigned.
  • Renamed many of the formats.
  • Updated the documentation.
  • Relaxed the license for many source files to cut-down BSD.
  • Relaxed the license for John the Ripper as a whole from GPLv2 (exact version) to GPLv2 or newer with optional OpenSSL and unRAR exceptions.
  • Assorted other changes have been made.

Posted by at No comments:
Labels: , , , , , ,

[Hashcat v0.45] Advanced Password Recovery

* changes v0.44 -> v0.45:

Release with some new algorithms:
  • AIX smd5
  • AIX ssha1, ssha256, ssha512
  • GOST R 34.11-94
We managed also to fix some bugs and implement some additional feature requests

Full changelog:

type: feature
file: hashcat-cli
desc: show status screen also when all hashes were recovered AND add start/stop time too

type: feature
file: hashcat-cli
desc: added -m 6300 = AIX {smd5}
cred: philsmd

type: feature
file: hashcat-cli
desc: added -m 6400 = AIX {ssha256}
cred: philsmd

type: feature
file: hashcat-cli
desc: added -m 6500 = AIX {ssha512}
cred: philsmd

type: feature
file: hashcat-cli
desc: added -m 6700 = AIX {ssha1}
cred: philsmd

type: feature
file: hashcat-cli
desc: added -m 6900 = GOST R 34.11-94
cred: Xanadrel

type: feature
file: hashcat-cli
desc: dropped predefined charsets ?h, ?F, ?G and ?R
trac: #55

type: feature
file: hashcat-cli
desc: added a collection of language-specific charset-files for use with masks
trac: #55

type: feature
file: hashcat-cli
desc: changed the E rule to lowercase all input before processing, its more intuitive
trac: #110

type: feature
file: rules
desc: added a more more complex leetspeak rules file from unix-ninja
trac: #112

type: feature
file: hashcat-cli
desc: changed outfile opts to line up with OCL style
trac: #120

type: feature
file: hashcat-cli
desc: --remove in combination w/ external salts should output plain hash files only (no salt)
trac: #153

type: bug
file: hashcat-cli
desc: fix progress line in status screen when all hashes were recovered

type: bug
file: hashcat-cli
desc: fix for some possible memory overflow problems

type: bug
file: hashcat-cli
desc: an external salt sort failure caused some hashes not to be checked against the digests
trac: #74

type: bug
file: hashcat-cli
desc: fixed a null-pointer dereference that can lead to a segmentation fault
trac: #104

type: bug
file: hashcat-cli
desc: fixed a bug if hashlist contains words with ascii character code >= 0x80
trac: #108

Posted by at No comments:
Labels: , , , , , , ,

[PenQ] The Security Testing Browser Bundle

PenQ is an open source Linux based penetration testing browser bundle we built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more. 

PenQ is configured to run on Debian based distributions including Ubuntu and its derivative distros, and penetration testing operating systems such as BackTrack and Kali.With all its integrations, PenQ is a powerful tool. Be mindful of what use you put it to. Responsible use of PenQ can help secure web apps in a zap.


Features

  • OWASP ZAP
  • OWASP WebScarab
  • OWASP WebSlayer
  • Nikto Web Server Scanner
  • Wfuzz Web Application Fuzzer
  • Mozilla Add-ons Collection
  • Integrated Tor
  • OWASP Penetration Testing Checklist
  • PenTesting Report Generator
  • Vulnerability Databases Search
  • Access to Shell and System Utilities
  • Collection of Useful Links

Posted by at No comments:
Labels: , , ,

[AndroRat] Remote Administration Tool for Android


Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.
The name Androrat is a mix of Android and RAT (Remote Access Tool).
It has been developed in a team of 4 for a university project. It has been realised in one month. The goal of the application is to give the control of the android system remotely and retrieve informations from it.

Technical matters

  • The android application is the client for the server which receive all the connections.
  • The android application run as a service(not an activity) that is started during the boot. So the user does not need to interact with the service (Even though there is a debug activity that allow to configure the IP and the port to connect to).
  • The connection to the server can be triggered by a SMS or a call (this can be configured)

All the available functionalities are

  • Get contacts (and all theirs informations)
  • Get call logs
  • Get all messages
  • Location by GPS/Network
  • Monitoring received messages in live
  • Monitoring phone state in live (call received, call sent, call missed..)
  • Take a picture from the camera
  • Stream sound from microphone (or other sources..)
  • Streaming video (for activity based client only)
  • Do a toast
  • Send a text message
  • Give call
  • Open an URL in the default browser
  • Do vibrate the phone

Folders

The project contains the following folders:
  • doc: Will soonly contain all the documentation about the project
  • Experiment: Contain an experimental version of the client articulated around an activity wish allow by the way to stream video
  • src/Androrat: Contain the source code of the client that should be put on the android plateform
  • src/AndroratServer: Contain the sources of the Java/Swing server that can be run on any plateform
  • src/api: Contain all the different api used in the project (JMapViewer for the map, forms for swing, and vlcj for video streaming)
  • src/InOut: Contain the code of the content common for the client and the server which is basically the protocol implementation

Posted by at No comments:
Labels: , , ,

[Suricata 1.4.2] Next Generation Intrusion Detection and Prevention Engine


The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field.

OISF is part of and funded by the Department of Homeland Security's Directorate for Science and Technology HOST program (Homeland Open Security Technology), by the the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as through the very generous support of the members of the OISF Consortium. More information about the Consortium is available, as well as a list of our current Consortium Members

 The Suricata Engine and the HTP Library are available to use under the GPLv2

The HTP Library is an HTTP normalizer and parser written by Ivan Ristic of Mod Security fame for the OISF. This integrates and provides very advanced processing of HTTP streams for Suricata. The HTP library is required by the engine, but may also be used independently in a range of applications and tools. 

Improvements

  • No longer force "nocase" to be used on http_host
  • Invalidate rule if uppercase content is used for http_host w/o nocase
  • Warn user if bpf is used in af-packet IPS mode
  • Better test for available libjansson version

Fixes

  • Fixed accuracy issues with relative pcre matching (#784)
  • Improved accuracy of file_data keyword (#788)
  • Invalidate negative depth (#770)
  • Fix http host parsing for IPv6 addresses (#761)
  • Fix fast.log formatting issues (#773)
  • Fixed deadlock in flowvar set code for http buffers (#801)
  • Various signature ordering improvements
  • Minor stream engine fix

Posted by at No comments:
Labels: , , ,

[Veil v1.2] A Payload Generator to Bypass Antivirus

Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions.


Veil was designed to run on Kali Linux, but should function on any system capable of executing python scripts. Simply call Veil from the command line, and follow the menu to generate a payload. Upon creating the payload, veil will ask if you would like the payload file to be converted into an executable by Pyinstaller or Py2Exe.

If using Pyinstaller, Veil will convert your payload into an executable within Kali.

If using Py2Exe, Veil will create three files:
  • payload.py - The payload file
  • setup.py - Required file for Py2Exe
  • runme.bat - Batch script for compiling the payload into a Windows executable

Move all three files onto your Windows machine with Python installed. All three files should be placed in the root of the directory Python was installed to (likely C:\Python27). Run the batch script to convert the Python script into an executable format.

Place the executable file on your target machine through any means necessary and don't get caught!

Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)