Showing posts with label java. Show all posts
Showing posts with label java. Show all posts

Thursday, 13 March 2014

[Jspy RAT v0.08] Java Multiplatform Remote Administration Tool

jSpy is a RAT developed in Java. Need to monitor your childrens internet use? Check that your workers are doing what you paid them for? Help a friend out with a problem on his computer? No worries, whether it be Windows or Mac OSX that you need to manage, or manage from - jSpy is the answer.

Stable

jSpy uses a library called Kryonet developed by Esoterics Software. By using this library for networking, jSpy creates an environment where you can be rest assured you won't lose your clients.

Powerful

jSpy has an abundance of features, and is actively developed by a 17 year old java programmer from London. If you have any suggestions please email me at: javastealth@gmail.com

Multiple OS Support

jSpy will run on Windows, Mac OSX and Linux. jSpy was developed on a Mac ensuring that all features work on both UNIX and DOS Systems.

Posted by at 1 comment:
Labels: , , , ,

Wednesday, 22 January 2014

[Adzok] Administrador Remoto hecho en Java


Adzok Free esta basado en Adzok Open, es la edición que continuará el desarrollo de Adzok Open. Adzok Free será de codigo cerrado pero gratís.

Caracteristicas del Cliente

- Remote Desktop.
- Remote Shell.
- Upload and Download Files.
- Keylogger Online.
- Send Messages.
- Load and Run Script.
- Information System.
- Send Keys.
- Clipboard.
- Fun (Restart, Shutdown, Visit WebSite, Execute Command Shell, etc).

- Escucha en 3 puertos.
- El envio de información y la tranferencia de datos se realiza solo por 1 puerto.
- No necesita instalación pero es necesario que la maquina tenga instalado Java.
- Sistema de conexión inversa.
- Carpeta de descarga por cada usuario.
- Independiente al Sistema Operativo en teoria puede funcionar en cualquier Sistema   Operativo que tenga instalado Java.
- Generador del server.
- Desinstalador del server.

Caracteristicas del Servidor


Optimizado para: Windows XP, Windows Vista, Windows 7.
  • Keylogger solo esta disponible en todas las versiones de Windows (32 y 64 bits).
- Unico server para todos los sistemas operativos.
- No necesita instalación pero es necesario que la maquina tenga instalado Java.
- Mutex (Evita que se ejecute 2 veces el servidor), pero continuará mostrando la imagen de su empresa manteniendose invisible el server para el usuario.
- Tamaño del server: 54 KB (Sin comprimir).


Posted by at No comments:
Labels: , , , , ,

Monday, 20 January 2014

[IPhone Analyzer] IPhone Forensics Tool


iPhone Analzyer allows you to forensically examine or recover date from in iOS device. It principally works by importing backups produced by iTunes or third party software, and providing you with a rich interface to explore, analyse and recover data in human readable formats. Because it works from the backup files everything is forensically safe, and no changes are made to the original data.

Features

  • Supports iOS 2, iOS 3, iOS 4 and iOS 5 devices
  • Multi-platform (Java based) product, supported on Linux, Windows and Mac
  • Fast, powerful search across device including regular expressions
  • Integrated mapping supports visualisation of geo-tagged information, including google maps searches, photos, and cell-sites and wifi locations observed by the device (the infamous "locationd" data)
  • Integrated support for text messages, voicemail, address book entries, photos (including metadata), call records and many many others
  • Recovery of "deleted" sqlite records (records that have been tagged as deleted, but have not yet been purged by the device can often be recovered),/li>
  • Integrated visualisation of plist and sqlite files
  • Includes support for off-line mapping, supporting mapping on computers not connected to the Internet
  • Support for KML export and direct export to Google Earth
  • Browse the device file structure, navigate directly to key files or explore the device using concepts such as "who", "when", "what" and "where".
  • Analyse jail broken device directly over SSH without need for backup (experimental)


Posted by at No comments:
Labels: , , , , , , , ,

Tuesday, 7 January 2014

[Xelenium] Security Testing with Selenium


Xelenium is a security testing tool that can be used to identify the security vulnerabilities present in the web application. Xelenium uses the open source functional test automation tool 'Selenium' as its engine and has been built using Java swing.

Xelenium has been designed considering that it should obtain very few inputs from users in the process of discovering the bugs.


Selenium – Webdriver is an open source functional testing tool and is very powerful and flexible. More details on Selenium can be found here: http://seleniumhq.org/

Posted by at No comments:
Labels: , , , , , , , ,

Thursday, 2 January 2014

[DirBuster] Brute Force Directories and Files Names on Web/Application Servers


DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these.

However tools of this nature are often as only good as the directory and file list they come with. A different approach was taken to generating this. The list was generated from scratch, by crawling the Internet and collecting the directory and files that are actually used by developers! DirBuster comes a total of 9 different lists (Further information can be found below), this makes DirBuster extremely effective at finding those hidden files and directories. And if that was not enough DirBuster also has the option to perform a pure brute force, which leaves the hidden directories and files nowhere to hide! If you have the time ;)


Posted by at No comments:
Labels: , , , , , , , , ,

Friday, 20 December 2013

[OWASP CSRFTester] Facilitates Ability to Test Applications for CSRF


OWASP CSRFTester is a tool for testing CSRF vulnerability in websites. Just when developers are starting to run in circles over Cross Site Scripting, the 'sleeping giant' awakes for yet another web-catastrophe. Cross-Site Request Forgery (CSRF) is an attack whereby the victim is tricked into loading information from or submitting information to a web application for which they are currently authenticated. The problem is that the web application has no means of verifying the integrity of the request. The OWASP CSRFTester Project attempts to give developers the ability to test their applications for CSRF flaws. 
Posted by at No comments:
Labels: , , , , , , , ,

Monday, 9 December 2013

[Orchid] Tor Client for Java



Orchid is a Tor client implementation and library written in pure Java.

It was written from the Tor specification documents, which are available here.

Orchid runs on Java 5+ and the Android devices.

How can Orchid be used?


In a basic use case, running Orchid will open a SOCKS5 listener which can be used as a standalone client where Tor would otherwise be used. 

Orchid can also be used as a library by any application running on the JVM. This is what Orchid was really designed for and this is the recommended way to use it. Orchid can be used as a library in any Java application, or any application written in a language that compiles bytecode that will run on the Java virtual machine, e.g., JRuby, Clojure, Scala..

Why was Orchid developed?


Orchid was developed for seamless integration of Tor into Java applications. The first application to have built-in Tor support is Martus, a human rights application developed by Benetech

Another reason Orchid was developed was to work through and debug the Tor specification documents. Orchid was also created to provide a reference implementation in Java. This may be easier to understand for those who are unfamiliar with the C programming language. The implementation is also simpler because only the client has been implemented.

Should Orchid be used with a regular browser for anonymous browsing?


Probably not. We recommend that the Tor Browser Bundle (or better yet, Tails) be used, as there are privacy leaks through the browser that are unrelated to Tor. However, Orchid can be used with the Tor Browser bundle in the place of native Tor.

Orchid's strength is that it can be used to Torify Java and JVM applications with near transparency.


Posted by at No comments:
Labels: , , , , , , ,

Wednesday, 4 December 2013

[Splinter] RAT open source


Splinter The Rat es una RAT (Remote Administration Tool). Este tipo de herramientas normalmente nos permite tomar el control de un bot (sistema comprometido).

Splinter The Rat actúa como BotMaster o controlador de la botnet y está diseñado para trabajar con distintos tipos de backdoors o puertas traseras: netcat listeners o implantes creados en Java o Python, ya precompilados en el sistema. En el futuro también se integrará con Armitage y Raven.

Además este RAT también permite la transferencia y navegación de ficheros, geolocalización, acceso y/o modificación del portapapeles de la víctima, capturas de pantalla y grabación, etc.

Splinter The RAT es un proyecto educativo del que podemos aprender como crear herramientas de este tipo y que además son totalmente funcionales. El objetivo de éste según sus autores es el de mostrar lo fácil que es crear una herramienta de este tipo.

Este proyecto está activamente siendo desarrollado y algunas de las características que podemos esperar en futuras versiones son:
  • Desarrollos de implantes en Python, PowerShell y C++.
  • Estaganogfía, TCP/DNS tunneling.
  • Drive-by-downloaders y droppers Javascript
  • Creación de implantes polimórficos y cifrado de la comunicación de los payloads
  • Escaneo de redes internas
  • Explotación de dispositivos móviles
  • Etc
Si alguna vez has pensado crear la infraestructura detrás de una botnet, aquí tienes un buen ejemplo para crear la tuya propia o construirla sobre ésta.

Posted by at No comments:
Labels: , , , ,

Wednesday, 2 October 2013

[jSQL Injection v0.5] Java tool for automatic database injection


jSQL Injection is a lightweight application used to find database information from a distant server.

jSQL is free, open source and cross-platform (Windows, Linux, Mac OS X, Solaris).

jSQL Injection change log - version 0.5

0.5
  • SQL shell
  • Uploader
0.4
  • Admin page checker and preview
  • Brute forcer (md5 mysql...)
  • Coder (encode decode base64 hex md5...)
0.3
  • Distant file reading
  • Webshell deposit
  • Terminal for webshell commands
  • Configuration backup
  • Update checker
0.2
  • Time based algorithm
  • Multi-thread control (start/pause/resume/stop)
  • Shows URL calls
0.0 and 0.1
  • GET, POST, header, cookie methods
  • Normal, error based, blind algorithms
  • Automatic best algorithm selection
  • Progression bars
  • Simple evasion
  • Proxy setting
  • Supports MySQL 

Posted by at No comments:
Labels: , , , , , , ,

Thursday, 23 May 2013

[jSQL Injection v0.4] Java tool for automatic database injection


jSQL Injection is a lightweight application used to find database information from a distant server.

jSQL is free, open source and cross-platform (Windows, Linux, Mac OS X, Solaris).

Version 0.4 features:
  • GET, POST, header, cookie methods
  • Normal, error based, blind, time based algorithms
  • Automatic best algorithm selection
  • Multi-thread control (start/pause/resume/stop)
  • Progression bars
  • Shows URL calls
  • Simple evasion
  • Proxy setting
  • Distant file reading
  • Webshell deposit
  • Terminal for webshell commands
  • Configuration backup
  • Update checker
  • Admin page checker
  • Brute forcer (md5 mysql...)
  • Coder (encode decode base64 hex md5...)
  • Supports MySQL 

Posted by at No comments:
Labels: , , , , , , ,
Subscribe to: Comments (Atom)