Showing posts with label Auditing Tool. Show all posts
Showing posts with label Auditing Tool. Show all posts

Wednesday, 5 March 2014

[Parsero] Robots.txt audit tool


Parsero is a free script written in Python which reads the Robots.txt file of a web server and looks at the Disallow entries. The Disallow entries are the URL path of directories or files hosted on a web server which the administrators don't want to be indexed by the crawlers. For example, "Disallow: /portal/login" don't allow to www.example.com/portal/login be indexed by the search engines like Google, Bing, Yahoo... so nobody can locate it when searching on them.

Sometimes these paths typed in the Disallows entries are directly accessible by the users (without using a search engine) just visiting the URL and the Path and sometimes they are not available to be visited by anybody... Because it is really common that the administrators write a lot of Disallows and some of them are available and some of them are not, you can use Parsero in order to check the HTTP status code of each Disallow entry in order to check automatically if these directories are available or not.

When you execute Parsero, you can see the HTTP status codes. For example, the codes bellow:
200 OK          The request has succeeded.
403 Forbidden   The server understood the request, but is refusing to fulfill it.
404 Not Found   The server hasn't found anything matching the Request-URI.
302 Found       The requested resource resides temporarily under a different URI.
...

Also, that the administrator write a robots.txt, it doesn't mean that the files or direcotories typed in this file will not be indexed by Bing, Google, Yahoo... For this reason, Parsero is capable of searching in Bing to locate content indexed whithout the web administrator authorization.

Posted by at No comments:
Labels: , , , , , , , ,

Friday, 20 December 2013

[SSLDigger v1.02] Tool to assess the strength of SSL



SSLDigger v1.02 is a tool to assess the strength of SSL servers by testing the ciphers supported. Some of these ciphers are known to be insecure.

Features:
  • full Browser Support using Microsoft Internet Explorer Browser Control
  • support for operating the tool in batch modefor operating on multiple sites simultaneously
  • the tool supports reporting in three different formats:XXL,CSV,HTML
  • limited support for Server Gated Cryptography.

System Requirements
Windows .NET Framework (can be installed using Windows Update)

Posted by at No comments:
Labels: , , ,

Wednesday, 20 November 2013

[Lynis v1.3.5] The Unix / Linux auditing, security and hardening Tool


Security and system auditing tool to harden Linux systems (and more)

Lynis is an auditing tool for Unix/Linux. It performs a security scan and determines the hardening state of the machine. Any detected security issues will be provided in the form of a suggestion or warning. Beside security related information it will also scan for general system information, installed packages and possible configuration errors.

This software aims in assisting automated auditing, hardening, software patch management, vulnerability and malware scanning of Unix/Linux based systems. It can be run without prior installation, so inclusion on read only storage is possible (USB stick, cd/dvd).

Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOx (Sarbanes-Oxley) compliance audits.

Intended audience:
Security specialists, penetration testers, system auditors, system/network managers.

Examples of audit tests:
- Available authentication methods
- Expired SSL certificates
- Outdated software
- User accounts without password
- Incorrect file permissions
- Configuration errors
- Firewall auditing

Current state:
Stable releases are available, development is active.

Background information:
Lynis is an audit script written in the common shell scripting language (sh). Therefore it runs on most systems without any adjustments. Packages are created by several maintainers, for easier installation. Still, if one would like to use the latest version, simply download the tarball, extract it to a temporary directory and run the tool. 
System requirements:
- Compatible operating system (see 'Supported operating systems')
- Default shell

Supported operating systems
Tested on:
- Arch Linux
- CentOS
- Debian
- Fedora Core
- FreeBSD
- Gentoo
- Knoppix
- Linux Mint
- Mac OS X
- Mandriva
- OpenBSD
- OpenSolaris
- OpenSuSE
- Oracle Linux
- PcBSD
- PCLinuxOS
- Red Hat Enterprise Linux (RHEL)
- Red Hat derivatives
- Slackware
- Solaris 10
- Ubuntu

Posted by at No comments:
Labels: , , , ,

[FruityWifi v1.6] the Wireless Network Auditing Tool


FruityWifi is a wireless network auditing tool based in the Wifi Pineapple idea. The application can be installed in any Debian based system. Tested in Debian, Kali Linux, Kali Linux ARM (Raspberry Pi), Raspbian (Raspberry Pi), Pwnpi (Raspberry Pi).

With the new version, it is possible to install external modules. This functionality gives the user more flexibility and the FruityWifi can be customized. The modules can be added or removed anytime using the on-line repository.

Available modules:
  • Hostapd Karma
  • URLsnarf
  • DNSspoof
  • Kismet
  • Squid (code injection capabilities)
  • SSLstrip (code injection capabilities)
  • nmap
  • mdk3
  • ngrep
  • Captive Portal
New modules are being developed continuously and can be installed from the modules page.

Using the installation script all the required dependencies, scripts and setup can be installed, or if you prefer you can download a SD image of Pwnpi 3.0 with FruityWifi v1.6 from the wiki page: 

https://github.com/xtr4nge/FruityWifi/wiki/Install

Posted by at No comments:
Labels: , , , , ,

Monday, 11 November 2013

[Wifislax 4.7 Final] Livecd de Auditorías Wireless


Una vez más nos satisface entregar una nueva versión del livecd de auditorías wireless wifislax. En esta versión 4.7 , el sistema esta construido con paquetes slackware-14.1 que por fin ha visto la luz también. Salimos con kernel 3.10.18 , con ampliación de drivers y como siempre en versiones normal y pae. Los escritorios son kde 4.10.5 del repositorio slackware y xfce 4.11, y configurado para darle un toque diferente acorde a las peticiones de los usuarios.

Como siempre también se dispone de un buen montón de módulos xzm extras con los que ampliar las capacidades del livecd  , hay aplicaciones de todo tipo , editores de video , imagenes , audio , reproductores multimedia , clientes ftp , gestores de descargas..p2p , etc etc etc.

Agradecer a todo el mundo que participa en la sección de desarrollo del livecd , donde se descubren los bugs y se reparan , en la medida de lo posible.... pepe10000 , por los drivers nvidia , y también a alist3r , con quien estuvimos mirando como sortear las dificultades del modo monitor en los nuevos kerneles y de donde nacieron los parches que uso actualmente para corregir el fix cannel -1.

A geminis_demon , que siempre me saca de apuros cuando necesito cosas en bash , a hadrianweb por los constantes respaldos de las isos y módulos y a todo el equipo de seguridadwireless , el que mas y el que menos aporta siempre algo.


VIDEO CON TODOS LOS EXTRAS CARGADOS:


Descarga Wifislax 4.7 Final

Posted by at No comments:
Labels: , , , , , , ,

Saturday, 26 October 2013

[Lynis] Security and system auditing tool to harden Linux systems


Lynis is an auditing tool for Unix/Linux (specialists). It scans the system and available software and performs many individual security checks. It determines the hardening state of the machine and detects security issues. Beside security related information it will also scan for general system information, installed packages and possible configuration errors.

This software aims in assisting automated auditing, hardening, software patch management, vulnerability and malware scanning of Unix/Linux based systems. It can be run without prior installation, so inclusion on read only storage is possible (USB stick, cd/dvd).

Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOx (Sarbanes-Oxley) compliance audits.

Intended audience:Security specialists, penetration testers, system auditors, system/network managers.Examples of audit tests:- Available authentication methods- Expired SSL certificates- Outdated software- User accounts without password- Incorrect file permissions- Configuration errors- Firewall auditing

Posted by at No comments:
Labels: , , , ,

Monday, 21 October 2013

[FruityWifi v1.0] Wireless network auditing tool


FruityWifi is a wireless network auditing tool based in the wifi Pineapple. The application can be installed in any Debian based system adding the extra packages. Tested in Debian, Kali Linux, Kali Linux ARM (Raspberry Pi), Raspbian (Raspberry Pi).



Services
  • Wireless: Start|Stop wireless access point. (hostapd)
  • Supplicant: Connects to the internet using a wireless interface
  • Karma: REF: http://www.digininja.org/karma/
  • URL Snarf: Start|Stop urlsnarf
  • URL Spoof: Start|Stop urlsnarf
  • Kismet: Start|Stop kismet
  • Squid: Start|Stop squid3
  • sslstrip: Start|Stop sslstrip

Posted by at No comments:
Labels: , , , , ,
Subscribe to: Comments (Atom)