tag:blogger.com,1999:blog-1763624511911397222024-03-23T21:49:43.593+05:30ToolWar | Information Security (InfoSec) ToolsToolWar :: Information Security Tools Provides You New Updated, Released Ethical Hacking and IT Security Tools, Exploits, Or Much More.
You Can Download InfoSec Tools, Information About Cyber Security Tools, Vulnerability Scanners, Exploits, Malware Analysis tools, Penetration Testing, Network Scanning, Network Security, Mobile Security, Network Spoofing, Secure Information Gathering, Web Security, Network Security,Security Tools Or Much More.Kapil Sonihttp://www.blogger.com/profile/14558520598231615559noreply@blogger.comBlogger320125tag:blogger.com,1999:blog-176362451191139722.post-3108956069931875892021-02-11T13:35:00.001+05:302021-02-11T13:36:40.853+05:30PatrowlHears (Vulnerability Intelligence Center) :: Tools<p style="text-align: center;"> <a href="#" style="margin-left: 1em; margin-right: 1em;"><img alt="PatrowlHears - Vulnerability Intelligence Center" border="0" data-original-height="95" data-original-width="426" height="142" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg78Yi-fUn6UnelJNfinTL6GmFcle_rN2kJVvbZkCeqyMWPTE-1c0Uo0rhirqcu-htF2eTBr5F4EYy0qj6L6eKHXBSOd387DApVooZ6SjJo612jyJVpfoFrQ1IfveC9EfrYrc_MsYqZrVpm/w640-h142/logo-patrowl-light.png" title="PatrowlHears - Vulnerability Intelligence Center" width="640" /> </a></p><p style="text-align: justify;"><span style="font-size: medium;"><span style="font-family: arial;"><span>PatrowlHears provides a unified source of vulnerability, exploit and threat Intelligence feeds. Users accesses a comprehensive and continuously updated vulnerability database scored and enriched with exploit and threat news information. These metadata are collected from public OSINT and private feeds. As today, it’s one of the most extended database.</span></span></span></p><code></code><p style="text-align: justify;"><span style="font-size: medium;"><b>Tutorial: </b><a href="https://makyotox.medium.com/patrowlhears-open-source-vulnerability-intelligence-center-a8577c462257" rel="nofollow" target="_blank">Click Here</a></span></p><p style="text-align: justify;"><span style="font-size: medium;"></span></p><div class="separator" style="clear: both; text-align: center;"><span style="font-size: medium;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgESDSSt8WN9e9FE8jTgauibslgmGYU-gxlA2KUNFhYXA77F5I2MfmxBDStpGCL335dQ6qq1X5nkgMYcGg91nl3KL7F1-bI7rb4o9QUYieLnTPuGrttTYC1Dd5UiZuR_jFIOTJWyPrO0p25/s700/1+2BX5kinORfnh_Y0cJA5XFA.png" rel="nofollow" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img alt="PatrowlHears" border="0" data-original-height="313" data-original-width="700" height="179" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgESDSSt8WN9e9FE8jTgauibslgmGYU-gxlA2KUNFhYXA77F5I2MfmxBDStpGCL335dQ6qq1X5nkgMYcGg91nl3KL7F1-bI7rb4o9QUYieLnTPuGrttTYC1Dd5UiZuR_jFIOTJWyPrO0p25/w400-h179/1+2BX5kinORfnh_Y0cJA5XFA.png" title="PatrowlHears" width="400" /></a></span></div><p></p><p style="text-align: justify;"><span style="font-size: medium;"><b>Download</b>: </span></p><p style="text-align: justify;"><span style="font-size: medium;">Linux: </span></p><pre><code>git clone https://github.com/Patrowl/PatrowlHears
cd PatrowlHears
./install.sh </code></pre><pre><code><span style="font-size: small;"><code><span style="font-family: arial;"><b>For Detailed Installation Guide:</b> <a href="https://github.com/Patrowl/PatrowlHears/blob/master/INSTALL.md" rel="nofollow" target="_blank">Click Here</a></span> </code></span> </code></pre><p style="text-align: justify;"><span style="font-size: medium;"><b>Submitted By:</b> <a href="https://twitter.com/makyotox" rel="nofollow" target="_blank">makyotox</a></span><br /></p>Kapil Sonihttp://www.blogger.com/profile/14558520598231615559noreply@blogger.com0tag:blogger.com,1999:blog-176362451191139722.post-90838763587171751252021-01-29T18:09:00.002+05:302021-02-09T14:41:13.987+05:30WebReaver (Advanced Web Security Scanner) :: Framework<p style="text-align: center;"><img alt="WebReaver (Advanced Web Security Scanner)" border="0" data-original-height="1180" data-original-width="2048" height="230" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3ne2Pm852WocBoS6pz22kpKIauMIwx-ZeFPTcJO-aGtAj8oSokpLjpSwuepPZHfMMuzME0wJa_nx8KJc62uNIUMKOuGHy9Pdf_-zlKrlYFmpW3gVbABfveI7jWvWSWUKFOEyyiUGrtMQ/w400-h230/01.png" title="WebReaver (Advanced Web Security Scanner)" width="400" /> </p><p>WebReaver is an elegant, easy to use and fully-automated, web
application security security testing tool for Mac, Windows and Linux,
suitable for novice as well as advanced users.</p>
<p>WebReaver allows you easily test any web application for a large
variety of web vulnerabilities from the sever kinds such as SQL
Injection, Local and Remote File Includes, Command Injection, Cross-site
Scripting and Expression Injection to the less severe ones such as
variety of session and headers problems, information leakage and many
more.</p><p><b>Tutorial</b>:</p><p> </p><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="" class="BLOG_video_class" height="266" src="https://www.youtube.com/embed/4w5QbNTED8I" width="320" youtube-src-id="4w5QbNTED8I"></iframe></div><br /><br /><p></p><p><b>Download :</b></p><p><a href="https://s3-eu-west-1.amazonaws.com/data-desktop.secapps.com/webreaver/WebReaver+Setup+0.1.0.exe" rel="nofollow" target="_blank">Windows</a><b> |</b> <a href="https://s3-eu-west-1.amazonaws.com/data-desktop.secapps.com/webreaver/WebReaver-0.1.0.dmg" rel="nofollow" target="_blank">macOS</a><b> | </b><a href="https://s3-eu-west-1.amazonaws.com/data-desktop.secapps.com/webreaver/WebReaver-0.1.0-x86_64.AppImage" rel="nofollow" target="_blank">Linux</a><b><br /></b></p><p><a href="https://webreaver.com/" rel="nofollow" target="_blank"><b>Official Website</b> <br /></a></p>Anjali Sonihttp://www.blogger.com/profile/08303610882842659793noreply@blogger.com0tag:blogger.com,1999:blog-176362451191139722.post-80818515628512392482021-01-29T13:13:00.005+05:302021-01-29T13:13:41.071+05:30Creepy (A Geolocation OSINT Tool) :: Tools<p style="text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTMXR4-ayRdnriidUVQ4oZz3fyWm7PYeRQO3N5-pTyBtsw5Y4l_w6u_0VdPVfnV5IYPkcMwFhxmtgg2HZ8inLe_DG4acjmxSsWAQMA_5a4e_FZV4LPDsm5TOoHb7ZFBZmgMwaPRgSmuk1q/s1854/creepy.png" style="margin-left: 1em; margin-right: 1em;"><img alt="Creepy - A Geolocation OSINT Tool" border="0" data-original-height="1080" data-original-width="1854" height="233" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTMXR4-ayRdnriidUVQ4oZz3fyWm7PYeRQO3N5-pTyBtsw5Y4l_w6u_0VdPVfnV5IYPkcMwFhxmtgg2HZ8inLe_DG4acjmxSsWAQMA_5a4e_FZV4LPDsm5TOoHb7ZFBZmgMwaPRgSmuk1q/w400-h233/creepy.png" title="Creepy - A Geolocation OSINT Tool" width="400" /> </a></p><p style="text-align: justify;">Creepy
is an open-source Geolocation intelligence tool. It collects
information about Geolocation by using various social networking
platforms and image hosting services that are already published
somewhere else. Creepy presents the reports on the map, using a search
filter based on the exact location and date. These reports are available
in CSV or KML format to export for additional analysis.</p><h3>Quick Start Instructions</h3>
<ul><li>Download creepy ( source code or the installers provided here for your platform )</li><li>Configure the plugins. Edit -> Plugins Configuration -> Select plugin and run the wizards, following the instructions</li><li>Create a new project : Creepy -> New Project -> Person
Based Project . Search for the target selecting the available plugins.</li><li>Right click on the project -> Analyze Current Project</li><li>Wait :)</li><li>The locations will be drawn on the map, once the analysis is complete.</li><li>Filter locations, export locations, view them on the map.</li></ul><div style="text-align: left;"><b>Installation:</b><a href="https://www.geocreepy.com/" target="_blank"><b> </b>Installation Guide</a></div><div style="text-align: left;"> </div><div style="text-align: left;"><div style="text-align: left;"><b>Download Here: </b></div><div style="text-align: left;"><a href="https://github.com/jkakavas/creepy/releases/download/v1.4.1/creepy_setup_v1.4.1_x86_64.exe" target="_blank">Creepy v1.4.1 Windows x64</a></div><div style="text-align: left;"><a href="https://github.com/jkakavas/creepy/releases/download/v1.4.1/creepy_setup_v1.4.1_x86_32.exe" rel="nofollow" target="_blank">Creepy v1.4.1 Windows x32</a></div><div style="text-align: left;"><a href="https://github.com/jkakavas/creepy/releases/download/v1.4.1/cree.py_1.4.1.dmg.zip" rel="nofollow" target="_blank">Creepy v1.4.1 OSX</a><br /></div></div>Kapil Sonihttp://www.blogger.com/profile/14558520598231615559noreply@blogger.com0tag:blogger.com,1999:blog-176362451191139722.post-60248722768773041202021-01-28T19:26:00.000+05:302021-01-28T19:26:04.033+05:30SubBrute (Subdomain Bruteforcer) :: Tools<p style="text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEir8Vkrnp22NNcwJ4TRgPi1YAm_XJvNmKenaVQ0w98RW2yv5rqslLJflOiKfr0HEHmjopBvu_-nmjjxc3eYsn0w8kMP6PHuX9xMhvRigmyxoBDd-bwTEbnjX-H_haEpL0DfBWjSX9-CfDA/s1600/SubBrute.jpg" style="margin-left: 1em; margin-right: 1em;"><img alt="subbrute subdomain bruteforce" border="0" data-original-height="900" data-original-width="1600" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEir8Vkrnp22NNcwJ4TRgPi1YAm_XJvNmKenaVQ0w98RW2yv5rqslLJflOiKfr0HEHmjopBvu_-nmjjxc3eYsn0w8kMP6PHuX9xMhvRigmyxoBDd-bwTEbnjX-H_haEpL0DfBWjSX9-CfDA/w400-h225/SubBrute.jpg" title="subbrute subdomain bruteforce" width="400" /> </a></p><p style="text-align: justify;">SubBrute is a community driven project with the goal of creating the
fastest, and most accurate subdomain enumeration tool. Some of the
magic behind SubBrute is that it uses open resolvers as a kind of proxy
to circumvent DNS rate-limiting. This design also provides a layer of anonymity, as SubBrute does not send traffic directly to the target's name servers.</p><p><span style="font-size: medium;"><b>I<span>nstallation & Use:</span></b> </span></p><p>No install required for Windows, just cd into the 'windows' folder:</p>
<ul><li>subbrute.exe google.com</li></ul>
<p>Easy to install:
You just need and python2.7 or python3. This tool should work under any operating system: bsd, osx, windows, linux...</p>
<p>(On a side note giving a makefile root always bothers me, it would be a great way to install a backdoor...)</p>
<p>Under Ubuntu/Debian all you need is:</p>
<ul><li>sudo apt-get install python-dnspython</li></ul>
<p>On other operating systems you may have to install dnspython manually:</p>
<p>Easy to use:</p>
<ul><li>./subbrute.py google.com</li></ul>
<p>Tests multiple domains:</p>
<ul><li>./subbrute.py google.com gmail.com blogger.com</li></ul>
<p>or a newline delimited list of domains:</p>
<ul><li>./subbrute.py -t list.txt</li></ul>
<p>Also keep in mind that subdomains can have subdomains (example: _xmpp-server._tcp.gmail.com):</p>
<ul><li>
<p>./subbrute.py gmail.com > gmail.out</p>
</li><li>
<p>./subbrute.py -t gmail.out</p>
</li></ul><p style="text-align: justify;"><b><span style="font-size: small;">Download: <a href="https://github.com/TheRook/subbrute" target="_blank">Subbrute v1.2.1</a><br /></span></b></p>Anjali Sonihttp://www.blogger.com/profile/08303610882842659793noreply@blogger.com0tag:blogger.com,1999:blog-176362451191139722.post-44614172806894118402019-08-05T10:45:00.000+05:302019-08-05T10:47:34.458+05:30WebSlayer (Brute Forcing Web Applications) :: Tools<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB-Km_jr9rLE0PT8dWcX5nBk3Vg169tYvpjuYXyHIlJIjQjQiVszr8nD96mwiNPVRW85LZcoW5X_mMyw2crhTWikoBQ8v4OiWpaaZvhMCSAk5UzTLY5r67QXW9yjWBoUkY_WEAQKAphe81/s1600/webslayer-1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="OWASP WebSlayer :: ToolWar" border="0" height="318" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB-Km_jr9rLE0PT8dWcX5nBk3Vg169tYvpjuYXyHIlJIjQjQiVszr8nD96mwiNPVRW85LZcoW5X_mMyw2crhTWikoBQ8v4OiWpaaZvhMCSAk5UzTLY5r67QXW9yjWBoUkY_WEAQKAphe81/s1600/webslayer-1.png" title="OWASP WebSlayer :: ToolWar" width="400" /></a></div>
<div style="text-align: justify;">
<b>WebSlayer</b> is a tool designed for brute forcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts,files, etc), brute force GET and POST parameters, bruteforce Forms parameters (User/Password), Fuzzing, etc. The tools has a payload generator and an easy and powerful results analyzer. </div>
<div style="text-align: justify;">
You can perform attacks like: </div>
<ul style="text-align: justify;">
<li>Predictable resource locator, recursion supported (Discovery) </li>
</ul>
<ul style="text-align: justify;">
<li>Login forms brute force </li>
</ul>
<ul style="text-align: justify;">
<li>Session brute force </li>
</ul>
<ul style="text-align: justify;">
<li>Parameter brute force </li>
</ul>
<ul style="text-align: justify;">
<li>Parameter fuzzing and injection (XSS, SQL) </li>
</ul>
<ul style="text-align: justify;">
<li>Basic and Ntml authentication brute forcing </li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.youtube.com/embed/Ce413RcYuGI?feature=player_embedded' frameborder='0'></iframe></div>
<div style="text-align: center;">
</div>
<br />
<b>Download Here ::</b>
<a href="https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/webslayer/WebSlayer-Beta.msi" target="_blank">WebSlayer Beta</a><b><br /></b><br />
<b>Official Website :: </b>http://www.edge-security.com/webslayer.php </div>
Kapil Sonihttp://www.blogger.com/profile/14558520598231615559noreply@blogger.com0tag:blogger.com,1999:blog-176362451191139722.post-36484162438794110572019-07-01T12:47:00.000+05:302019-07-01T12:47:02.442+05:30OWASP Amass - Subdomain Enumeration/Scanner : Tool<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMkkEOynUt7XrCQ08ZO7DXwHrtiOnQ6KzkLBUGr1ORjHVElgEpZ9YVI12g5k_1CWCHXdVc6OtERaG_LVt1zaJauILNLAlL8-xYEHP_XzhiMuaTTQvj24MNCzzlTviXcpeJyIidAxA-V08e/s1600/Amass.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="OWASP Amass Subdomain Scanner" border="0" data-original-height="327" data-original-width="647" height="202" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMkkEOynUt7XrCQ08ZO7DXwHrtiOnQ6KzkLBUGr1ORjHVElgEpZ9YVI12g5k_1CWCHXdVc6OtERaG_LVt1zaJauILNLAlL8-xYEHP_XzhiMuaTTQvj24MNCzzlTviXcpeJyIidAxA-V08e/s400/Amass.JPG" title="OWASP Amass Subdomain Scanner" width="400" /></a></div>
<br />
<div style="text-align: justify;">
The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques.</div>
<b><br />
</b> <b>Information Gathering Techniques Used:</b><br />
<br />
<div style="text-align: justify;">
1] DNS: Basic enumeration, Brute forcing (upon request), Reverse DNS sweeping, Subdomain name alterations/permutations, Zone transfers (upon request)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
2] Scraping: Ask, Baidu, Bing, CommonCrawl, DNSDumpster, DNSTable, Dogpile, Exalead, FindSubdomains, Google, HackerOne, IPv4Info, Netcraft, PTRArchive, Riddler, SiteDossier, ViewDNS, Yahoo</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
3] Certificates: Active pulls (upon request), Censys, CertDB, CertSpotter, Crtsh, Entrust</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
4] APIs: AlienVault, BinaryEdge, BufferOver, CIRCL, DNSDB, HackerTarget, Mnemonic, NetworksDB, PassiveTotal, RADb, Robtex, SecurityTrails, ShadowServer, Shodan, Sublist3rAPI, TeamCymru, ThreatCrowd, Twitter, Umbrella, URLScan, VirusTotal</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
5] Web Archives: ArchiveIt, ArchiveToday, Arquivo, LoCArchive, OpenUKArchive, UKGovArchive, Wayback</div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Video Tutorial:</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/mEQnVkSG19M/0.jpg" frameborder="0" height="330" src="https://www.youtube.com/embed/mEQnVkSG19M?feature=player_embedded" width="100%"></iframe></div>
<h3 style="text-align: justify;">
</h3>
<h3 style="text-align: justify;">
Documentation: </h3>
<div style="text-align: justify;">
1] <a href="https://github.com/OWASP/Amass/blob/master/doc/install.md" target="_blank">Installation Guide </a></div>
<div style="text-align: justify;">
2] <a href="https://github.com/OWASP/Amass/blob/master/doc/user_guide.md" target="_blank">User's Manual/How to Use</a></div>
<h3 style="text-align: justify;">
Download:</h3>
<div style="text-align: justify;">
Amass is available for various platforms like Linux, Windows, MacOS etc.</div>
<div style="text-align: justify;">
1] <a href="https://github.com/OWASP/Amass" target="_blank">Download Link</a></div>
<div style="text-align: justify;">
2] <a href="https://github.com/OWASP/Amass/releases" target="_blank">Precompiled Binary</a> (Windows, MacOS, Linux)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Official Page:</b> <a href="https://github.com/OWASP/Amass" target="_blank">OWASP Amass</a></div>
Kapil Sonihttp://www.blogger.com/profile/14558520598231615559noreply@blogger.com0tag:blogger.com,1999:blog-176362451191139722.post-32894889993169056212019-03-31T16:54:00.002+05:302019-03-31T16:54:49.292+05:30FireEye Commando VM : Distribution<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUG0wWFAx6CM5Ug02umH4-Gc6HRmvdNUYizRu7qErUQoETWDi6nBqDxyH84E2hVlXWFsDVg3G3wT_7udATupj_wqUIRtOm37Jl6yBFvO6Bed8ykdD92751Aw067mQBmt2fRtP-fsn5CbK7/s1600/CVM+logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="commando vm fireeye" border="0" data-original-height="750" data-original-width="974" height="246" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUG0wWFAx6CM5Ug02umH4-Gc6HRmvdNUYizRu7qErUQoETWDi6nBqDxyH84E2hVlXWFsDVg3G3wT_7udATupj_wqUIRtOm37Jl6yBFvO6Bed8ykdD92751Aw067mQBmt2fRtP-fsn5CbK7/s320/CVM+logo.png" title="commando vm fireeye" width="320" /></a></div>
<div style="text-align: justify;">
CommandoVM - a fully customized, Windows-based security <a href="http://www.toolwar.com/search/label/Distribution" target="_blank">distribution</a> for penetration testing and red teaming. </div>
<div style="text-align: justify;">
Penetration testers commonly use their own variants of Windows
machines when assessing Active Directory environments. Commando VM was
designed specifically to be the go-to platform for performing these
internal penetration tests. The benefits of using a Windows machine
include native support for Windows and Active Directory, using your VM
as a staging area for C2 frameworks, browsing shares more easily (and
interactively), and using tools such as PowerView and BloodHound without having to worry about placing output files on client assets.</div>
<div style="text-align: justify;">
Commando VM uses Boxstarter, Chocolatey, and MyGet packages
to install all of the software, and delivers many tools and utilities
to support penetration testing. This list includes more than 140 tools,
including:</div>
<ul style="list-style-position: inside; text-align: justify;">
<li><a href="http://www.toolwar.com/2014/02/nmap-and-zenmap-network-discovery-and.html" target="_blank">Nmap</a></li>
<li><a href="http://www.toolwar.com/2013/09/wireshark-tools.html" target="_blank">Wireshark</a></li>
<li>Covenant</li>
<li>Python</li>
<li>Go</li>
<li>Remote Server Administration Tools</li>
<li><a href="http://www.toolwar.com/2013/09/sysinternals.html" target="_blank">Sysinternals</a></li>
<li>Mimikatz</li>
<li><a href="http://www.toolwar.com/2013/09/burp-suite-tools.html" target="_blank">Burp-Suite</a></li>
<li>x64dbg</li>
<li>Hashcat</li>
</ul>
<div style="text-align: justify;">
With such versatility, Commando VM aims to be the de facto <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows </a>machine for every penetration tester and red teamer. For the blue
teamers reading this, don’t worry, we’ve got full blue team support as
well! The versatile tool sets included in Commando VM provide blue teams
with the tools necessary to audit their networks and improve their
detection capabilities. With a library of offensive tools, it makes it
easy for blue teams to keep up with offensive tooling and attack trends.</div>
<div style="text-align: justify;">
<br /></div>
<h4>
Requirements</h4>
<ul>
<li>Windows 7 Service Pack 1 or Windows 10</li>
<li>60 GB Hard Drive</li>
<li>2 GB RAM</li>
</ul>
<h3 style="text-align: justify;">
Installation Instruction: </h3>
<ol>
<li>Create and configure a new Windows Virtual Machine</li>
</ol>
<ul>
<li>Ensure VM is updated completely. You may have to check for updates, reboot, and check again until no more remain</li>
<li>Take a snapshot of your machine!</li>
<li>Download and copy <code>install.ps1</code> on your newly configured machine.</li>
<li>Open PowerShell as an Administrator</li>
<li>Enable script execution by running the following command:
<ul>
<li><code>Set-ExecutionPolicy Unrestricted</code></li>
</ul>
</li>
<li>Finally, execute the installer script as follows:
<ul>
<li><code>.\install.ps1</code></li>
<li>You can also pass your password as an argument: <code>.\install.ps1 -password <password></code></li>
</ul>
</li>
</ul>
<div style="text-align: justify;">
<b>Detailed Installation Instruction: </b><a href="https://github.com/fireeye/commando-vm" rel="nofollow" target="_blank">Click Here</a><b> </b></div>
<div style="text-align: justify;">
<b>Download: </b><a href="https://github.com/fireeye/commando-vm" rel="nofollow" target="_blank">Commando VM</a></div>
<div style="text-align: justify;">
<b>Official Website: </b><a href="https://www.fireeye.com/blog/threat-research/2019/03/commando-vm-windows-offensive-distribution.html" rel="nofollow" target="_blank">FireEye</a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
Kapil Sonihttp://www.blogger.com/profile/14558520598231615559noreply@blogger.com1tag:blogger.com,1999:blog-176362451191139722.post-33802400127576094872019-02-23T12:47:00.000+05:302019-02-23T12:48:12.219+05:30Sublist3r - Subdomain Enumeration / Scanner : Tools<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiX9xrud6fayQX7f2OmbYU-qjmsBfi35Y0IOMLeMSt1J-XnREvEI3TP99ySPRbENncML8CtP-8Nj8ppzVMR1nkfJWP_4ACocVhp1ZkHhCTFlQlNxlDPkC0htQNyVAN8KELdRTWwRfydGVt3/s1600/Sublist3r.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Sublist3r - Subdomain Enumeration" border="0" data-original-height="413" data-original-width="867" height="190" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiX9xrud6fayQX7f2OmbYU-qjmsBfi35Y0IOMLeMSt1J-XnREvEI3TP99ySPRbENncML8CtP-8Nj8ppzVMR1nkfJWP_4ACocVhp1ZkHhCTFlQlNxlDPkC0htQNyVAN8KELdRTWwRfydGVt3/s400/Sublist3r.JPG" title="Sublist3r - Subdomain Scanner" width="400" /></a></div>
<div style="text-align: justify;">
Sublist3r is a python tool designed to enumerate subdomains of websites
using OSINT. It helps penetration testers and bug hunters collect and
gather subdomains for the domain they are targeting. Sublist3r
enumerates subdomains using many search engines such as Google, Yahoo,
Bing, Baidu, and Ask. Sublist3r also enumerates subdomains using
Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS.</div>
<div style="text-align: justify;">
<br /></div>
<h2 style="text-align: justify;">
<span style="font-size: large;">Installation:</span></h2>
<blockquote class="tr_bq">
<pre><code>git clone https://github.com/aboul3la/Sublist3r.git</code></pre>
</blockquote>
<b><span style="font-size: small;">Dependencies:</span></b><br />
<blockquote class="tr_bq">
<pre><code>sudo pip install -r requirements.txt</code></pre>
</blockquote>
<b><span style="font-size: small;">How To Use:</span></b> <br />
<blockquote class="tr_bq">
<span style="font-size: large;"> </span><code>python sublist3r.py -v -d example.com</code></blockquote>
where -V : Verbose, -d : Domain<br />
<br />
<h3>
<b>Download:: </b> </h3>
Linux & Windows : <a href="https://github.com/aboul3la/Sublist3r" rel="nofollow" target="_blank">Sublis3r (Official Page)</a> Kapil Sonihttp://www.blogger.com/profile/14558520598231615559noreply@blogger.com0tag:blogger.com,1999:blog-176362451191139722.post-20548693456765968642016-08-22T13:18:00.000+05:302016-08-22T13:18:20.718+05:30Raptor (Web Application Firewall) :: Tools<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiadcCxjJTdux51f0JnZ23ps_ghlV5q5tBnR2Xv4ExUOtd8LXLQSWTjZCMEyLd7dUktgn7BL70xkpRD5Hh2v461lGfjvlUGFsntnBgcuOUEU_JBZhfqZHYDfF-NPfiBj6aYlvqwxsQHwQ-z/s1600/Raptor.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Download Web Application Firewall Raptor" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiadcCxjJTdux51f0JnZ23ps_ghlV5q5tBnR2Xv4ExUOtd8LXLQSWTjZCMEyLd7dUktgn7BL70xkpRD5Hh2v461lGfjvlUGFsntnBgcuOUEU_JBZhfqZHYDfF-NPfiBj6aYlvqwxsQHwQ-z/s1600/Raptor.png" title="Raptor Web Application Firewall" /></a></div>
<div style="text-align: justify;">
<b>Raptor</b> is an Open Source Tool, your focus is study of attacks and find intelligent ways to block attacks. Raptor is made in pure C, don’t use regex or other common ways to block attacks, use deterministic finite automaton, yes is diferent and fast like a raptor dinosaur, Raptor follow principle KISS (Keep It Simple), you can use Raptor to simulate attacks and learning new ways to bypasses.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
WAF stands for Web Application Firewall. It is widely used nowadays to detect and defend SQL Injections and XSS...</div>
<ul>
<li> You can block XSS, SQL injection attacks and path traversal with Raptor</li>
<li> You can use blacklist of IPs to block some users at config/blacklist ip.txt</li>
<li> You can use IPv6 and IPv4 at communications</li>
<li> At the future DoS protector, request limit, rule interpreter and Malware detector at uploads.</li>
<li> At the future SSL/TLS...</li>
</ul>
<b>Installation: </b><br />
to run:<br />$ git clone https://github.com/CoolerVoid/raptor_waf<br />$ cd raptor_waf; make; bin/raptor<br />
<br />
<b>Usage: </b><br />
Up some HTTPd server at port 80<br />$ bin/Raptor -h localhost -p 80 -r 8883 -w 4 -o loglog.txt<br />
<b> </b><br />
<b>Documentation: </b><a href="https://github.com/CoolerVoid/raptor_waf/blob/master/doc/raptor.pdf" rel="nofollow" target="_blank">Click Here</a><b> </b><br />
<h3>
<b>Download: </b></h3>
<b>Linux: </b><a href="http://sourceforge.net/projects/raptorwaf/files/latest/download" rel="nofollow" target="_blank">Raptor</a> <b><br /></b>Kapil Sonihttp://www.blogger.com/profile/14558520598231615559noreply@blogger.com1tag:blogger.com,1999:blog-176362451191139722.post-24805748493530010172016-08-22T12:10:00.000+05:302016-08-22T13:19:18.889+05:30Katana (Penetration Testing) :: Framework<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhw1qTlDYqNtKvMj9NxyH9Z1j3SfWPp0LHjUlIvAoh3fymYv3sUWHQ5obhS3z3ZjfPDr8j-FcvHs27sgD2ea_KOxRs-iXdsa31FWYMOA5E8hajACfsjq2Q23aDoRo334OJnAsTMUjM7Cfo_/s1600/Katana+Framework.png" imageanchor="1"><img alt="Download Katana Framework For Penetration Testing" border="0" height="130" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhw1qTlDYqNtKvMj9NxyH9Z1j3SfWPp0LHjUlIvAoh3fymYv3sUWHQ5obhS3z3ZjfPDr8j-FcvHs27sgD2ea_KOxRs-iXdsa31FWYMOA5E8hajACfsjq2Q23aDoRo334OJnAsTMUjM7Cfo_/s400/Katana+Framework.png" title="Katana Framework" width="400" /></a></div>
<div style="text-align: justify;">
<b>Katana</b> is a framework written in <b>python</b> for making penetration testing, based on a simple and comprehensive structure for anyone to use, modify and share, the goal is to unify tools serve for professional when making a penetration test or simply as a routine tool, The current version is not completely stable, is recommended update ever that you use it.</div>
<h3>
<b>Installation::</b></h3>
Installation of Katana framework: is necesary install all dependencies for a good performance. <br />
<blockquote class="tr_bq">
<pre><i>git clone https://github.com/PowerScript/KatanaFramework.git
cd KatanaFramework
sudo sh dependencies
sudo python install
</i></pre>
<div style="text-align: justify;">
<br /></div>
</blockquote>
<b>How to Use:: </b><a href="https://github.com/PowerScript/KatanaFramework/wiki/How-to-use" rel="nofollow" target="_blank">Click Here</a> <br />
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Video Tutorial: </b></div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/B0QsDwYTrnI/0.jpg" frameborder="0" height="330px" src="https://www.youtube.com/embed/B0QsDwYTrnI?feature=player_embedded" width="100%"></iframe></div>
<div style="text-align: justify;">
<h3>
<b>Download:</b></h3>
<b>Linux: </b><a href="https://github.com/PowerScript/KatanaFramework" rel="nofollow" target="_blank">Katana Framework</a><br />
<br />
<b>Submitted By: </b>RedToor</div>
Kapil Sonihttp://www.blogger.com/profile/14558520598231615559noreply@blogger.com1tag:blogger.com,1999:blog-176362451191139722.post-56787051550024168542016-04-21T14:41:00.000+05:302016-04-21T14:41:54.291+05:30Echo Mirage 3.1 :: Tools<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifvB-lq7ocGqBXR7di9weB76khloj25f-AdTfIHjMhY1mlB5EDYxX5kz5DJnyRjhDaI2IfKRsb65SReUbaFQn-CqfpIec1dx1biJwetM3rFPQHtE5dLix-SIWXUaIbKm9jlayP2-4whOkm/s1600/Echo+Mirage.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Download Echo Mirage" border="0" height="219" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifvB-lq7ocGqBXR7di9weB76khloj25f-AdTfIHjMhY1mlB5EDYxX5kz5DJnyRjhDaI2IfKRsb65SReUbaFQn-CqfpIec1dx1biJwetM3rFPQHtE5dLix-SIWXUaIbKm9jlayP2-4whOkm/s320/Echo+Mirage.jpg" title="Echo Mirage 3.1 from ToolWar" width="320" /></a></div>
<div style="text-align: justify;">
<b>Echo Mirage</b> is a generic network proxy. It uses DLL injection and
function hooking techniques to redirect network related function calls
so that data transmitted and received by local applications can be
observed and modified.<br /><br />Windows encryption and OpenSSL functions
are also hooked so that plain text of data being sent and received over
an encrypted session is also available.<br /><br />Traffic can be intercepted in real-time, or manipulated with regular expressions and action scripts.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Note: Echo Mirage is no longer available from author. Here is the archived copy of it. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>License: </b>Freeware<b> </b></div>
<div style="text-align: justify;">
<b>Download:: </b><a href="http://woodmann.com/collaborative/tools/images/Bin_Echo_Mirage_2014-1-11_17.28_EchoMirage-3.1.rar" rel="nofollow" target="_blank">Echo Mirage 3.1</a> (.exe) </div>
<div style="text-align: justify;">
<br /></div>
Kapil Sonihttp://www.blogger.com/profile/14558520598231615559noreply@blogger.com0tag:blogger.com,1999:blog-176362451191139722.post-11849596148291173672016-03-21T14:05:00.000+05:302016-03-21T14:05:03.182+05:30Mobile Security Framework (MobSF) : Framework<div class="separator" style="clear: both; text-align: center;">
<img alt="Mobile Security Framework : ToolWar" border="0" height="232" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg92QuRFrhtVqI-D5Nzc-bu8_p0vvCirYl6qqK45JFNtlLSChwXklrMauZ_BLYvAZfq7H7ml0YTzaijl0GfbktnY_-sHW34h8B1tteqowCXjg_ELksZixDcb5Ff1B0JPxCVUTK9mYO9iNhL/s400/MobSF.png" title="Mobile Security Framework : ToolWar" width="400" /></div>
<div style="text-align: justify;">
<b>Mobile Security Framework (MobSF)</b> is an intelligent, all-in-one open
source mobile application (Android/iOS) automated pen-testing framework
capable of performing static and dynamic analysis. It can be used for
effective and fast security analysis of Android and iOS Applications and
supports both binaries (APK & IPA) and zipped source code.<b> MobSF</b>
can also perform Web API Security testing with it's API Fuzzer that can
do Information Gathering, analyze Security Headers, identify Mobile API
specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other
logical issues related to Session and API Rate Limiting.</div>
<div style="text-align: justify;">
<br /></div>
<h3>
Tutorial: </h3>
<ul>
<li><a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/wiki/1.-Documentation">https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/wiki/1.-Documentation</a></li>
</ul>
<h3>
Video Tutorial: </h3>
<h3>
Download: <strong> </strong></h3>
<strong>Windows</strong>: Extract the <a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/archive/master.zip" target="_blank">MobSF</a> compressed file to C:\MobSF<strong> </strong><br />
<strong>Mac</strong>: Extract <a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/archive/master.zip" target="_blank">MobSF</a> compressed file to /Users/[username]/MobSF<strong> </strong><br />
<strong>Linux</strong>: Extract <a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/archive/master.zip" target="_blank">MobSF</a> compressed file to /home/[username]/MobSF<br />
<br />
<div style="text-align: justify;">
<br /></div>
Kapil Sonihttp://www.blogger.com/profile/14558520598231615559noreply@blogger.com0tag:blogger.com,1999:blog-176362451191139722.post-87389165035553683842015-10-23T09:45:00.001+05:302015-10-26T23:45:34.268+05:30File Checksum Integrity Verifier (FCIV) :: Tools<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifiuoVgmPKnVv9FUPZCSghpYzLaUQwzuaKU8v8skrGBuWZoj41I7sJPa5FdwMXd-6eNTmk1tDeez_445FFajOVtFnJ41J5DDpJt86mLlt_wOEi4IlFikSdtZmR1TuI6jvApYPg6gM-Gx52/s1600/File+Checksum+Integrity+Verifier+FCIV.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="File Checksum Integrity Verifier (FCIV)" border="0" height="299" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifiuoVgmPKnVv9FUPZCSghpYzLaUQwzuaKU8v8skrGBuWZoj41I7sJPa5FdwMXd-6eNTmk1tDeez_445FFajOVtFnJ41J5DDpJt86mLlt_wOEi4IlFikSdtZmR1TuI6jvApYPg6gM-Gx52/s640/File+Checksum+Integrity+Verifier+FCIV.JPG" title="File Checksum Integrity Verifier (FCIV)" width="640" /></a></div><div style="text-align: justify;">The File Checksum Integrity Verifier (FCIV) is a command-prompt utility that computes and verifies cryptographic hash values of files. FCIV can compute MD5 or SHA-1 cryptographic hash values. These values can be displayed on the screen or saved in an XML file database for later use and verification.</div><div style="text-align: justify;">FCIV (File Checksum Integrity Verifier) is a small tool or utility from Microsoft that allow us to compute (MD5 and SHA1) and verify Integrity of files. If you are a malware analyst or a researcher or a user who want secure things then you can done a fabulous things with this small utility.</div><h3 class="sbody-h3" style="text-align: justify;">Features</h3><div style="text-align: justify;">The FCIV utility has the following features:</div><ul class="sbody-free_list"><li style="text-align: justify;"> Supports MD5 or SHA1 hash algorithms (The default is MD5.)</li>
<li style="text-align: justify;"> Can output hash values to the console or store the hash value and file name in an XML file</li>
<li style="text-align: justify;">Can recursively generate hash values for all files in a directory and in all subdirectories (for example, <span class="text-base">fciv.exe c:\ -r</span>)</li>
<li style="text-align: justify;">Supplies an exception list to specify files or directories to hash</li>
<li style="text-align: justify;">Can store hash values for a file with or without the full path of the file</li>
</ul><h3> Example usage</h3><ul class="sbody-free_list"><li>To display the MD5 hash of a file, type the following command at a command prompt: <div class="indent"><span class="sbody-userinput">fciv.exe <var class="sbody-var">filename</var></span></div><span class="text-base">Note </span><var class="sbody-var"> filename</var> is the name of the file.</li>
<li>To compute a hash of a file, type a command line that is similar to any one of the following command lines: <div class="indent"><span class="sbody-userinput">fciv.exe c:\mydir\<var class="sbody-var"><var class="sbody-var">myfile.dll</var></var></span><br />
<br />
<span class="sbody-userinput">fciv.exe c:\ -r -exc exceptions.txt -sha1 -xml dbsha.xml</span><br />
<br />
<span class="sbody-userinput">fciv.exe c:\<var class="sbody-var">mydir</var> -type *.exe</span><br />
<br />
<span class="sbody-userinput">fciv.exe c:\<var class="sbody-var">mydir</var> -wp -both -xml db.xml</span></div></li>
<li>To list the hashes that are stored in a database, type a command line that is similar to the following command line: <div class="indent"><span class="sbody-userinput">fciv.exe -list -sha1 -xml db.xml</span></div></li>
<li>To verify a hash in a file, type a command line that is similar to any one of the following command lines: <div class="indent"><span class="sbody-userinput">fciv.exe -v -sha1 -xml db.xml</span><br />
<br />
<span class="sbody-userinput">fciv.exe -v -bp c:\<var class="sbody-var">mydir</var> -sha1 -xml db.xml</span></div></li>
</ul><h3>Video Tutorial::</h3><br />
<div class="separator" style="clear: both; text-align: center;"><br />
<iframe width="100%" height="330" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/sOtnut9wM38/0.jpg" src="https://www.youtube.com/embed/sOtnut9wM38?feature=player_embedded" frameborder="0" allowfullscreen></iframe></div><br />
<h3>Download ::</h3><b>Windows:</b> <a href="http://www.microsoft.com/en-in/download/details.aspx?id=11533" rel="nofollow" target="_blank">Microsoft FCIV</a> Kapil Sonihttp://www.blogger.com/profile/14558520598231615559noreply@blogger.com0tag:blogger.com,1999:blog-176362451191139722.post-31864549519104549412015-04-13T12:44:00.000+05:302015-04-15T12:28:27.398+05:30SpiderFoot (Open Source Footprinting) :: Tools<div class="separator" style="clear: both; text-align: center;">
<img alt="spiderfoot logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3OsA6C6TqkPGzSteLe5Il6DIbd5vJ2R2ygYKxmMpztIbUkSadC9dsHcwl_7QR802M4qPoJJisrwSlI8DMAEUell4jeIyK4qx3jReRPGdrFQmb11OzHZZF0LqZ5PMxpn_9YKKrUSujN-Vq/s1600/spiderfoot-logo-named.jpg" height="97" title="spiderfoot logo" width="320" /></div>
<div style="text-align: justify;">
<b>SpiderFoot</b> is a free, <b>open-source footprinting tool</b>, enabling you to perform various scans against a given domain name in order to <i>obtain information</i> such as <i>sub-domains, e-mail addresses, owned netblocks, <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> server versions</i> and so on. The main objective of <b>SpiderFoot</b> is to automate the <b>footprinting</b> process to the greatest extent possible, freeing up a penetration tester’s time to focus their efforts on the <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> <a href="http://www.toolwar.com/search/label/Testing" target="_blank">testing</a> itself. <br />
<br />
<h3>
Features ::</h3>
</div>
<ul style="text-align: justify;">
<li><b>SpiderFoot's</b> simple web-based interface enables you to kick off a scan immediately after install - just give your scan a name, the domain name of your target and select which modules to enable. </li>
<li>You will quickly obtain information such as: URLs handling <a href="http://www.toolwar.com/search/label/Password" target="_blank">passwords</a>, <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> ranges (netblocks), web servers, open ports, information about SSL certificates, and much more.</li>
<li>All <b>SpiderFoot</b> scan results are stored within an internal SQLite database, meaning that during a running scan and after a scan has completed, you can easily browse results, export to CSV and soon also be able to search scan results.</li>
<li><b>SpiderFoot</b> is designed from the ground-up to be modular. This means you can easily add your own modules that consume data from other modules to perform whatever task you desire. As a simple example, you could create a module that automatically attempts to <a href="http://www.toolwar.com/search/label/Bruteforce" target="_blank">brute-force </a>usernames and passwords any time a password-handling webpage is identified by the spidering module.</li>
</ul>
<h3>
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.youtube.com/embed/jD2rgooP2T0?feature=player_embedded' frameborder='0'></iframe></div>
<h3>
</h3>
<b>Installing ::</b> <a href="https://github.com/smicallef/spiderfoot/wiki/Installing" target="_blank">Click Here</a>
<b> </b><br />
<b>Release Notes ::</b> <a href="https://github.com/smicallef/spiderfoot/wiki/Release-Notes" target="_blank">Click Here</a>
<br />
<br />
<h3>
Download ::</h3>
<b>Windows ::</b> <a href="http://sourceforge.net/projects/spiderfoot/files/SpiderFoot-2.1.0-w32.zip/download" target="_blank">SpiderFoot v2.1.0x86</a> (.zip)<br />
<b>Linux/Solaris/BSD ::</b> <a href="http://sourceforge.net/projects/spiderfoot/files/spiderfoot-2.1.0-src.tar.gz/download" target="_blank">SpiderFoot v2.10</a> (.tar.gz)
<b> </b><br />
<b>Official Website :: </b><a href="http://www.spiderfoot.net/">http://www.spiderfoot.net/</a>Kapil Sonihttp://www.blogger.com/profile/14558520598231615559noreply@blogger.com0tag:blogger.com,1999:blog-176362451191139722.post-4803404396012881622015-04-06T11:40:00.000+05:302015-04-15T12:29:01.974+05:30Suricata (IDS/IPS Engine) :: Tools<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="suricata logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBA8R1kVvwx8gIls0T9zJesWG83diVGoQDvpgQ64t30hKH72d_JYtyh6xI7vCSI20ZvkEvN3A3va6GdCt1J0dGvzTFshoa1K338lSeSq1we3BTEUrhBpV9mg7FY32RNfglod3Y94UbDU91/s1600/suricata.png" height="265" title="suricata logo" width="320" /></div>
<b>The Suricata Engine</b> is an <b>Open Source Next Generation Intrusion Detection and Prevention Engine.</b> This engine is not intended to just replace or emulate the existing <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> in the industry, but will bring new ideas and technologies to the field.<br />
<br />
<b>OISF</b> is part of and funded by the Department of Homeland Security's Directorate for Science and Technology HOST program (Homeland Open Security Technology), by the the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as through the very generous support of the members of the OISF Consortium. More information about the Consortium is available, as well as a list of our current Consortium Members.<br />
<br />
The <b>Suricata </b>Engine and the HTP Library are available to use under the GPLv2.<br />
<br />
The HTP Library is an HTTP normalizer and parser written by Ivan Ristic of Mod <a href="http://www.toolwar.com/search/label/Security" target="_blank">Security</a> fame for the OISF. This integrates and provides very advanced processing of HTTP streams for <b>Suricata</b>. The HTP library is required by the engine, but may also be used independently in a range of applications and tools.</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<h3>
Tutorial ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.youtube.com/embed/A8e3y2DRiWg?feature=player_embedded' frameborder='0'></iframe></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
</div>
<div style="text-align: justify;">
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.youtube.com/embed/-CDGwRm2ue8?feature=player_embedded' frameborder='0'></iframe></div>
<h3>
Download ::</h3>
</div>
<div style="text-align: justify;">
<b>Unix, Linux & Mac :: </b><a href="https://redmine.openinfosecfoundation.org/attachments/download/971/Suricata-1.4.7-1-32bit.msi" target="_blank">Suricata v1.4.7</a> (.tar.gz)<b>
</b></div>
<div style="text-align: justify;">
<b>Windows :: </b><a href="https://redmine.openinfosecfoundation.org/attachments/download/971/Suricata-1.4.7-1-32bit.msi" target="_blank">Suricata v1.4.7.1</a> (.msi)</div>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://www.openinfosecfoundation.org/index.php/download-suricata">http://www.openinfosecfoundation.org/index.php/download-suricata</a></div>
Kapil Sonihttp://www.blogger.com/profile/14558520598231615559noreply@blogger.com0tag:blogger.com,1999:blog-176362451191139722.post-89180585622711253892015-04-03T12:31:00.000+05:302015-04-15T12:29:21.024+05:30EtherApe (Graphical Network Monitor) :: Tools<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9-e6IMfm4L4BPvg8xBw_1z3S4tjBYqsZ0F40EyiJ_0oUmUbu8GJcn7a0xXie8ubZmErEnq-syvMbFgasiJG8trgldY0-0DMZs6LaVP-hTmlN6qvezeaFjLZzXZnbZt-F_d9hXYuUH-VN-/s1600/etherape_intro2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="etherape screenshot" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9-e6IMfm4L4BPvg8xBw_1z3S4tjBYqsZ0F40EyiJ_0oUmUbu8GJcn7a0xXie8ubZmErEnq-syvMbFgasiJG8trgldY0-0DMZs6LaVP-hTmlN6qvezeaFjLZzXZnbZt-F_d9hXYuUH-VN-/s1600/etherape_intro2.png" height="246" title="etherape screenshot" width="400" /></a></div>
<b>EtherApe</b> is a <b>graphical network monitor for Unix</b> modeled after <i>etherman</i>. Featuring link layer, IP and TCP modes, it displays <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> activity graphically. Hosts and links change in size with traffic. Color coded <a href="http://www.toolwar.com/search/label/Protocol" target="_blank">protocols</a> display.<br />
It supports Ethernet, FDDI, Token Ring, ISDN, PPP, SLIP and WLAN devices, plus several encapsulation formats. It can filter traffic to be shown, and can read <a href="http://www.toolwar.com/search/label/Packet" target="_blank">packets</a> from a file as well as live from the network. Node statistics can be exported.</div>
<div style="text-align: justify;">
<b>As of version 0.9.13, EtherApe as these features, in no particular order:
</b><br />
<ul>
<li><span style="background-color: white;">Network traffic is displayed graphically. The more
"talkative" a node is, the bigger its representation. </span></li>
<li><span style="background-color: white;">Node and link color shows the most used protocol. </span></li>
<li><span style="background-color: white;">User may select what level of the protocol stack to
concentrate on. </span></li>
<li><span style="background-color: white;">You may either look at traffic within your network,
end to end IP, or even port to port TCP. </span></li>
<li><span style="background-color: white;">Data can be captured "off the wire" from a live
network connection, or read from a tcpdump capture file. </span></li>
<li><span style="background-color: white;">Live data can be read from ethernet, FDDI, PPP, SLIP and WLAN interfaces,
plus several other incapsulated formats (e.g. Linux cooked, PPI).</span></li>
<li><span style="background-color: white;">The following frame and packet types are currently
supported: ETH_II, 802.2, 803.3, IP, IPv6, ARP, X25L3, REVARP, ATALK,
AARP, IPX, VINES, TRAIN, LOOP, VLAN, ICMP, IGMP, GGP, IPIP, TCP, EGP,
PUP, UDP, IDP, TP, ROUTING, RSVP, GRE, ESP, AH, EON,
VINES, EIGRP, OSPF, ENCAP, PIM, IPCOMP, VRRP; and most TCP and UDP
services, like TELNET, FTP, HTTP, POP3, NNTP, NETBIOS, IRC, DOMAIN,
SNMP, etc. </span></li>
<li><span style="background-color: white;">Data display can be refined using a network filter using pcap syntax.</span></li>
<li><span style="background-color: white;">Display averaging and node persistence times are
fully configurable. </span></li>
<li><span style="background-color: white;">Name resolution is done using standard libc
functions, thus supporting DNS, hosts file, etc. </span></li>
<li><span style="background-color: white;">Clicking on a node/link opens a detail
dialog showing protocol breakdown and other traffic
statistics. </span></li>
<li><span style="background-color: white;">Protocol summary dialog shows global traffic
statistics by protocol.</span></li>
<li><span style="background-color: white;">Node summary dialog shows traffic
statistics by node.</span></li>
<li><span style="background-color: white;">Node statistics export to XML file.</span></li>
<li><span style="background-color: white;">A single node can be centered on the display.</span></li>
<li><span style="background-color: white;">Scrollkeeper/rarian-compatible manual integrated with yelp.</span></li>
</ul>
</div>
<h3 style="text-align: justify;">
Tutorial ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.youtube.com/embed/3S95lWky9CU?feature=player_embedded' frameborder='0'></iframe></div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="http://sourceforge.net/projects/etherape/files/latest/download?source=files" target="_blank">Etherape v0.9.11</a> (.tar.gz)</div>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://etherape.sourceforge.net/">http://etherape.sourceforge.net/</a></div>
Kapil Sonihttp://www.blogger.com/profile/14558520598231615559noreply@blogger.com1tag:blogger.com,1999:blog-176362451191139722.post-60577683473776303022015-03-29T00:08:00.000+05:302015-03-29T00:08:44.605+05:30XSSYA v2.0 (Cross Site Scripting Vulnerability Confirmation) :: Tools<div class="separator" style="clear: both; text-align: center;">
<img alt="XSSYA" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNyLNtuNpGkSYVXv-zl0SWTmpu-N6hsMjZKUMWHY9Yr3-POS5ttLGClLCyeE9UKcizHkGBuH-983P6_jdBjo6CSewy_F_t5UcNwzj63_46CmPuWVQDysRaMutNYvz6cp9a2otmjHFyIcjA/s1600/XSSYA+Screenshot.png" height="331" title="XSSYA Screenshot" width="640" /></div>
<br />
<div style="text-align: justify;">
<b>XSSYA (Cross Site Scripting Scanner & Vulnerability Confirmation)</b> written in <a href="http://www.toolwar.com/search/label/Python" target="_blank">python</a> scripting language confirm the <a href="http://www.toolwar.com/search/label/XSS" target="_blank">XSS Vulnerability</a> in two method first work by execute the payload encoded to bypass <a href="http://www.toolwar.com/search/label/Web" target="_blank">Web</a> Application Firewall which is the first method request and response if it respond 200 it turn to Method 2 which search that payload decoded in web page HTML code if it confirmed get the last step which is execute document.cookie to get the cookie. </div>
<br />
<h3>
Key Features:</h3>
<ul>
<li>Support HTTPS</li>
<li>After Confirmation (execute payload to get cookies)</li>
<li>Can be run in (Windows - Linux)</li>
<li>Identify 3 types of WAF (Mod_Security - WebKnight - F5 BIG IP)</li>
<li>XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall)</li>
<li>Support Saving The Web HTML Code Before Executing</li>
<li>the Payload Viewing the Web HTML Code into the Screen or Terminal</li>
</ul>
<h3>
What's New: </h3>
(XSSYA v 2.0 has more payloads; library contains 41 payloads to enhance detection level XSS scanner is now removed from XSSYA to reduce false positive. URLs to be tested used to not allow any character at the end of the URL except (/ - = -?) but now this limitation has been removed.<br />
<br />
<div style="text-align: justify;">
Custom Payload 1 – You have the ability to Choose your Custom Payload Ex: and you can encode your custom payload with different types of encodings like (B64 – HEX – URL_Encode –- HEX with Semi Columns). (HTML Entities à Single & Double Quote only - brackets – And – or Encode all payload with HTML Entities) This feature will support also XSS vulnerability confirmation method which is you choose you custom payload and custom Encoding execute if response 200 check for same payload decoded in HTM code page. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
HTML5 Payloads XSYSA V2.0 contains a library of 44 HTLM5 payloads XSSYA have a Library for the most vulnerable application with XSS – Cross site scripting and this library counting (Apache – WordPress – PHPmy Admin) If you choose application it give the CVE Number version of Apache which is affected and the link for CVE for more details so it will be easy to search for certain version that is affected with XSS. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
XSSYA has the feature to convert the IP address of the attacker to (Hex, Dword, Octal) to bypass any security mechanism or IPS that will be exist on the target Domain. XSSYA check is the target is Vulnerable to XST (Cross Site Trace) which it sends custom Trace Request and check if the target domain is Vulnerable the request will be like this: </div>
<br />TRACE / HTTP/1.0 <br />Host: demo.testfire.net <br />Header1: < script >alert(document.cookie);<br />
<h3>
Tutorials:</h3>
<b>User Guide:</b> <a href="http://labs.dts-solution.com/xssya-forget-the-browser-for-xss-by-yehia-mamdouh/" target="_blank">Click Here</a><br />
<h3>
Download:</h3>
<b>Python: </b><a href="https://github.com/yehia-mamdouh/XSSYA-V-2.0/archive/master.zip" target="_blank">XSSYA v2.0</a> Kapil Sonihttp://www.blogger.com/profile/14558520598231615559noreply@blogger.com0tag:blogger.com,1999:blog-176362451191139722.post-77619009911705029702015-03-24T12:39:00.000+05:302015-03-24T12:39:08.329+05:30Distributed Network Attack (DNA) :: Framework<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="Distributed Network Attack (DNA)" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgN1ZMHUWsjTC9Dt1gSGHwIb7uX_fVP2wEVefcDrl4xAEhFWtrS40MMQJeHNbsyJpHPAyBuMo5re53V-mtj7tDVo_foJL2k5V5G6MGzC34betwn72UCVNwMKUzShO9IwPYFmaiSd_gp0vu3/s1600/Distributed+Network+Attack+(DNA).jpg" height="356" title="Distributed Network Attack (DNA)" width="640" /></div>
<b>Distributed Network Attack (DNA)</b> is a new approach to <i>recovering password protected files</i>.
In the past, recoveries have been limited to the processing
power of one machine. <b>Distributed Network Attack (DNA)</b> uses the power of machines across
the <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> or across the world to decrypt <a href="http://www.toolwar.com/search/label/Password" target="_blank">passwords</a>. The DNA
Server is installed in a central location where machines running
the <b>Distributed Network Attack (DNA)</b> Client can access it over the network. DNA Manager coordinates
the attack, assigning small portions of the key search to machines
distributed throughout the network. The DNA Client will run
in the background, only taking unused processor time. <b>Distributed Network Attack (DNA)</b> is used in many different environments to provide specific, <b>password <a href="http://www.toolwar.com/search/label/Cracking" target="_blank">cracking</a></b> related functions. <b><i>For example</i></b>, law enforcement and corporate <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> professionals can use <b>PRTK and DNA</b> in <i>computer <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">forensic</a> investigations</i> to access password-protected files. IT administrators can use <b>DNA</b> to recover system passwords, while individual users can use PRTK and DNA to recover lost passwords to personal files. These two products provide access to passwords for a large number of popular software applications. <b>DNA</b> uses multiple machines across the network or across the world to conduct key space and dictionary <a href="http://www.toolwar.com/search/label/Attack" target="_blank">attacks</a>. In many cases, this makes use of time those computers would normally be idle, saving the cost of additional hardware. Many organizations find that the cost of additional hardware is justified for a secure, dedicated password recovery lab. </div>
<div style="text-align: justify;">
<br />
<div class="ui-tabs-panel ui-widget-content ui-corner-bottom" id="dna-features">
<div class="featurewrapper">
<div class="FeatureRow">
<b>Distributed Network Attack® (DNA®) Features ::</b><br />
<ul class="square">
<li>Leverage graphic processing units on Microsoft Windows machines with CUDA-enabled GPUs.</li>
<li>Easy to read Statistics and Graphs</li>
<li>Add user dictionaries</li>
<li>Optimization for password attacks for specific <a href="http://www.toolwar.com/search/label/Language" target="_blank">languages</a></li>
<li>Customize user dictionaries</li>
<li>Stealth client installation functionality</li>
<li>Automatic Client update when updating the DNA Server</li>
<li>Control which clients work on certain jobs</li>
</ul>
</div>
</div>
</div>
<b>DNA® Worker Minimum Requirements :: </b><br />
<ul class="square">
<li>Operating System:</li>
</ul>
<ul class="square"><ul class="square">
<li><a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>® XP/2000</li>
<li>Macintosh OSX 10.3.9/10.4.x</li>
<li><a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> Red Hat/Fedora Core 4</li>
<li>Solaris</li>
</ul>
</ul>
<ul class="square">
<li>Processor:</li>
</ul>
<ul class="square"><ul class="square">
<li>Intel Pentium® III/P4/AMD Athlon™</li>
<li>Power PC G4/G5</li>
<li>Sparc</li>
</ul>
</ul>
<ul class="square">
<li>RAM: 1 Gb</li>
<li>Hard Disk Space: 40 Gb</li>
</ul>
</div>
<h3>
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.youtube.com/embed/EJxrRbrf12I?feature=player_embedded' frameborder='0'></iframe></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.youtube.com/embed/ghaOJoJ08cw?feature=player_embedded' frameborder='0'></iframe></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Windows :: </b><a href="http://marketing.accessdata.com/acton/attachment/4390/u-001a/0/-/-/-/-/" target="_blank">Distributed Network Attack (DNA) version 7.0.0 (.iso)</a></div>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://www.accessdata.com/">http://www.accessdata.com/</a>
</div>
Kapil Sonihttp://www.blogger.com/profile/14558520598231615559noreply@blogger.com0tag:blogger.com,1999:blog-176362451191139722.post-60399242870449347102015-03-22T21:09:00.000+05:302015-03-24T12:39:31.005+05:30FoxAnalysis :: Tools<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="foxanalysis" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVTDAJNO0D95q-mKwQdBNLvakgBNChOBpQ_8FNmp-9XPaB1EP7GnnXjRpGJLVcciK30kxboEHPaEyJ2oM4BBEI-vOw5Rn3pXrlGEDdzrvTeNjtvq4xwfgk94K7aIhI6uXVzqCj3gWENmhf/s640/foxanalysis.jpg" height="224" title="foxanalysis" width="640" /></div>
<b>FoxAnalysis Plus</b> is a software tool for <i>extracting, viewing and analysing internet history</i><b> </b>from the <b>Mozilla Firefox web browser</b>. The main features are described below: </div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b><span class="heading">Extract History</span> ::</b><br />
<span class="description2">Extract history regarding bookmarks, cookies, downloads, favicons, form entries, logins, saved sessions and website visits. </span> <span class="heading"> </span></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><span class="heading">Case Files</span> ::</b><br />
<span class="description2">Each Firefox profile analysed can be saved to a Case file for further analysis at a later date. </span> <span class="heading"> </span></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><span class="heading">Supports Firefox versions 3 to 24</span> ::</b><br />
<span class="description2">Extract history generated from Firefox versions 3 to 24 (new versions are added regularly). </span></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span class="description2"><b><span class="heading">Cache ::</span></b> <br />
<span class="description">The built-in image viewer can be used to view images from the cache. Images, web pages and other files from the cache can also be extracted.</span></span></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span class="description2"><span class="description"><b><span class="heading">Saved Sessions ::</span></b> <br />
Analyse current and last session data such as open windows and tabs, cookies and text typed into forms. Session data not displayed within a table can be analysed using the tree viewer. </span></span></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span class="description2"><span class="description"><b><span class="heading">Web History Timeline ::</span></b> <br />
Website visits can be viewed in a navigable timeline structure for easily viewing the time and order that websites were visited. </span></span></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span class="description2"><span class="description"><b><span class="heading">Web Page Reconstruction ::</span></b> <br />
Web pages stored in the cache can be reconstructed using other resource files from the cache. This allows the web page to be viewed in the state it was originally accessed. A report is also provided summarising how the web page was reconstructed. </span></span></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span class="description2"><span class="description"><b><span class="heading">Filtering ::</span></b> <br />
Analyse the extracted data with filtering by keyword, date range, download status, website visit or selection. Lists of keyword filters can also be saved and loaded. </span></span></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span class="description2"><span class="description"><b><span class="heading">Reporting ::</span></b> <br />
Generate reports in HTML, CSV and XML format. </span></span></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span class="description2"><span class="description"><b><span class="heading">Time Zone and DST Settings ::</span></b> <br />
Convert UTC timestamps to any time zone and apply custom daylight saving settings. </span></span></div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
<b><span class="description2"><span class="description">Tutorials ::</span></span></b></h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.youtube.com/embed/eeJBXOGNCi8?feature=player_embedded' frameborder='0'></iframe></div>
<h3 style="text-align: justify;">
<b><span class="description2"><span class="description"> </span></span></b></h3>
<h3 style="text-align: justify;">
<b><span class="description2"><span class="description">Download ::</span></span></b><span class="description2"><span class="description"> </span></span></h3>
<div style="text-align: justify;">
<span class="description2"><span class="description"><b>Windows ::</b> <a href="http://forensic-software.co.uk/Downloads/FoxAnalysisPlusTrial.aspx" target="_blank">FoxAnalysis Trial</a></span></span></div>
<div style="text-align: justify;">
<span class="description2"><span class="description"><b>Official Website ::</b> <a href="http://forensic-software.co.uk/" target="_blank">http://forensic-software.co.uk/ </a></span></span><span class="description2"> </span></div>
Kapil Sonihttp://www.blogger.com/profile/14558520598231615559noreply@blogger.com0tag:blogger.com,1999:blog-176362451191139722.post-69260715074133168112015-03-07T10:49:00.000+05:302015-03-07T10:49:14.494+05:30Juli (MITM) :: Tools<div class="separator" style="clear: both; text-align: center;">
<img alt="MITM Attack Security" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO8ISFmjA0ekD7MPO8ICWGwpqxp0xB5sjipk9sIvcZyXydEZ4YA3TdPy0DID6206FpnsQF94cYahJVQlvRI8mFhifxNHnoqQe8lRrQSzD1Nb0FulPIAmHltwTkMP-pCvxsLo32-8Gk8M3K/s1600/Parasite-Attack-MITM.jpg" height="305" title="MITM Attack Security" width="640" /></div>
<br />
A simple automated perl script for MiTM ( man-in-the-middle ) attacks. <br />
<h4>
</h4>
<h4>
Requirements:</h4>
<ul class="task-list">
<li>Linux ( I tested it on Ubuntu 14.04 LTS )</li>
<li>Perl</li>
<li>sslstrip <a href="https://github.com/moxie0/sslstrip">https://github.com/moxie0/sslstrip</a>
</li>
<li>arpsoof ( from dsniff can be found here <a href="http://www.monkey.org/%7Edugsong/dsniff/">http://www.monkey.org/~dugsong/dsniff/</a> )</li>
</ul>
<h4>
Usage:</h4>
Script must be runned as a root user<br />
<ul class="task-list">
<li>
sudo juli.pl interface targetip</li>
</ul>
<b>Download:</b><br />
<b>Linux: <a href="https://github.com/em616/Juli" target="_blank">Juli.pl</a></b>Kapil Sonihttp://www.blogger.com/profile/14558520598231615559noreply@blogger.com0tag:blogger.com,1999:blog-176362451191139722.post-8258122922229004482015-03-05T12:35:00.000+05:302015-03-24T12:39:42.953+05:30Orbot (Tor for Android Devices) :: Tools<div class="separator" style="clear: both; text-align: center;">
<img alt="orbot logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5RYmrfY-dbfDYpMMg0kD6ucxTAaijL-WLejZZ5J8cNhrGhCl0Y07Wnk3u8L2K65SE63V51dEeDhwL_hVod55CRBWkisVhoF5PHttLmmDBqNtI-0OLlkc9RkbWIcFGN0qHryBxqCyEOEI-/s640/orbot+logo.png" height="312" title="orbot logo" width="640" /></div>
<div style="text-align: justify;">
<b>Orbot</b> is a <b>free proxy app</b> that empowers other apps to use the <i> internet more securely</i>. <b>Orbot</b> uses Tor to <a href="http://www.toolwar.com/search/label/Encryption" target="_blank">encrypt</a> your Internet traffic and then hides it by bouncing through a series of computers around the world. <a href="http://www.toolwar.com/search/label/Tor" target="_blank"><b>Tor</b></a> is <a href="http://www.toolwar.com/search/label/Free" target="_blank">free</a> software and an open <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a>.</div>
<div style="text-align: justify;">
<b>Orbot</b> is the only app that creates a truly private internet connection. As the New York Times writes, “when a communication arrives from Tor, you can never know where or whom it’s from.” Tor won the 2012 Electronic Frontier Foundation (EFF) Pioneer Award.</div>
<div style="text-align: justify;">
<br />
<b>ACCEPT NO SUBSTITUTES</b>: <b>Orbot</b> is the safest way to use the Internet on <a href="http://www.toolwar.com/search/label/Android" target="_blank">Android</a>. Period. <b>Orbot</b> bounces your encrypted traffic several times through computers around the world, instead of connecting you directly like <a href="http://www.toolwar.com/search/label/Proxy" target="_blank">VPNs and proxies</a>. This process takes a little longer, but the strongest privacy and identity protection available is worth the wait.</div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.youtube.com/embed/Dcf5sh99ze0?feature=player_embedded' frameborder='0'></iframe></div>
<div style="text-align: justify;">
</div>
<h3 style="text-align: justify;">
</h3>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Android Play Store ::</b> <a href="https://market.android.com/details?id=org.torproject.android" target="_blank">Orbot</a> </div>
<div style="text-align: justify;">
<b>Direct Download :: </b><a href="https://guardianproject.info/releases/orbot-latest.apk" target="_blank">Orbot.apk</a></div>
<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
</div>
</div>
<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: left;">
<b>Official Website :: </b><a href="https://guardianproject.info/apps/orbot/">https://guardianproject.info/apps/orbot/</a></div>
<div class="separator" style="clear: both; text-align: left;">
<b>
</b></div>
<b> </b></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
</div>
Kapil Sonihttp://www.blogger.com/profile/14558520598231615559noreply@blogger.com0tag:blogger.com,1999:blog-176362451191139722.post-82858381603937092862015-03-01T17:37:00.000+05:302015-03-01T17:37:41.702+05:30Capstone (Disassembly Framework) :: Framework<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="capstone disassembler" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWQQc6jFFxBdew0SfkMRlTH0TSgVUzxWMCN6bSY2mxV-tcDnKFolrpjaOf0Dka2oqp6Dqs2WxUlRC3bh3ktMzdkyxqvc8ahRHCzUCVN4KF4Oz0IbzNy4CjtjcOnIZ_MH9cDNFmxMXRprqN/s320/Capstone+Disassembler.png" height="320" title="capstone disassembler" width="320" /></div>
<b>Capstone </b>is a lightweight multi-platform, multi-architecture <a href="http://www.toolwar.com/search/label/Assembler/Disassembler" target="_blank">disassembly</a> <a href="http://www.toolwar.com/search/label/Framework" target="_blank">framework</a>. Our target is to make <b>Capstone</b> the ultimate disassembly engine for binary analysis and <a href="http://www.toolwar.com/search/label/Reverse" target="_blank">reversing</a> in the <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> community.<br />
<h3>
Features</h3>
</div>
<ul style="text-align: justify;">
<li>Support hardware architectures: ARM, ARM64 (aka ARMv8), Mips & X86.</li>
<li>Clean/simple/lightweight/intuitive architecture-neutral API. </li>
<li>Provide details on disassembled instruction (called “decomposer” by others).</li>
<li>Provide some semantics of the disassembled instruction, such as list of implicit registers read & written.</li>
<li>Implemented in pure C language, with bindings for Python, Ruby, OCaml, C#, Java and GO available.</li>
<li>Native support for Windows & *nix (including MacOSX, Linux, *BSD platforms).</li>
<li>Thread-safe by design.</li>
<li>Distributed under the open source BSD license</li>
</ul>
<h3>
</h3>
<h3>
Tutorials ::</h3>
<b>Text Tutorials :: </b><a href="http://www.capstone-engine.org/documentation.html" target="_blank">Click Here </a><br />
<h3>
Download ::</h3>
<b>Windows ::</b> <a href="http://www.capstone-engine.org/download/1.0/capstone-1.0-win32.zip" target="_blank">Capstone v1 (Win32)</a><br />
<b>Linux :: <a href="http://www.blogger.com/goog_1808671360">C</a></b><a href="http://www.capstone-engine.org/download/1.0/capstone-1.0_i386.deb" target="_blank">apstone-1.0_i386.deb</a><br />
<b>Official Website :: </b><a href="http://www.capstone-engine.org/">http://www.capstone-engine.org/</a><br />
<div class="separator" style="clear: both; text-align: left;">
<a href="http://www.capstone-engine.org/download/1.0/capstone-1.0-win32.zip" target="_blank"></a></div>
Kapil Sonihttp://www.blogger.com/profile/14558520598231615559noreply@blogger.com0tag:blogger.com,1999:blog-176362451191139722.post-71096463256323449982015-02-09T12:04:00.000+05:302015-02-09T12:04:08.313+05:30Mandiant Redline (Memory and File Analysis) :: Tools<div class="separator" style="clear: both; text-align: center;">
<img alt="Mandiant Redline Logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi85inxEf7aGj9rwDfJlLA1TZjt029HkuPRCGRhLSQHEAM3zBvwbuLTQ5KRk0_EUdzGhbt6PbzzhpzYo2kQigms2_eBtiT3rOaRdXb8fjaQlF-7JuBE_st3IAFkZd3E5dxJ-TJdPkeBzB0X/s400/Memoryze+Logo.png" height="233" title="Mandiant Redline Logo" width="400" /></div>
<div style="text-align: justify;">
<b>Redline, Mandiant’s</b> premier free tool, provides<i> host investigative</i>
capabilities to users to find signs of <i>malicious activity through memory
and file analysis</i>, and the development of a threat assessment profile.
With <b>Redline,</b> users can:</div>
<ul style="text-align: justify;">
<li>Thoroughly audit and collect all running processes and drivers
from <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a>, file system metadata, <a href="http://www.toolwar.com/search/label/Registry" target="_blank">registry</a> data, event logs, <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a>
information, services, tasks, and <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> history.</li>
<li>Analyze and view imported audit data, including narrowing and
filtering results around a given timeframe using <b>Redline’s</b> Timeline
functionality with the TimeWrinkle™ and TimeCrunch™ features.</li>
<li>Streamline memory analysis with a proven workflow for analyzing <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a> based on relative priority.</li>
<li>Identify processes more likely worth investigating based on the <b>Redline</b> Malware Risk Index (MRI) score.</li>
<li>Perform Indicator of Compromise (IOC) <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a>. Supplied with a set
of IOCs, the Redline Portable Agent is automatically configured to
gather the data required to perform the IOC analysis and an IOC hit
result review. </li>
</ul>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
In addition, <b>Redline</b> can be used in conjunction with <b>Mandiant for Intelligent Response®(MIR®)</b> and <b>Mandiant for Security Operations™:</b></div>
<div style="text-align: justify;">
</div>
<ul style="text-align: justify;">
<li>Investigators can open audits gathered in Mandiant for
Intelligent Response (MIR) directly in Redline to quickly identify a
malicious process and create an IOC based on the analysis. MIR can use
this IOC to quickly sweep a <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> to identify all other systems
running the same or similar malware.</li>
<li>Mandiant for Security Operations users can open triage collections
directly in Redline in order to perform in-depth <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a> allowing the
user to establish a timeline and the scope of an incident.</li>
</ul>
<b>Mandiant Redline 1.11</b> includes various changes to improve your user
experience, and adds support for <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> 8 and 2012. A redesigned find
panel remains open and offers users the ability to search and filter on a
specific column. You can also filter lists by multiple tags at the same
time and choose whether to include only items that do or do not have a
comment. Finally, the Redline Collector now provides beta support for
gathering Windows 2012 and Windows 8 data..<br />
<br />
<br />
<b>Supported Operating Systems:</b> Windows XP, Windows Vista, Windows 7, Windows 8 (32-bit and 64-bit)<br />
<br />
<h3>
Tutorials ::</h3>
<b>User Guide :: </b><a href="http://www.mandiant.com/library/Redline1.11_UserGuide.pdf">Mandiant Redline 1.11 (PDF)</a><br />
<b>Redline Blog :: </b><a href="https://www.mandiant.com/blog/tag/redline/" target="_blank">Mandiant Redline Blog </a><br />
<br />
<h3>
Download ::</h3>
<b>Windows :: </b><a href="https://www.mandiant.com/library/Redline-1.11.msi" target="_blank">Mandiant Redline v1.11</a><b><br /></b><br />
<b>Official Website ::</b> <a href="https://www.mandiant.com/resources/download/redline">https://www.mandiant.com/resources/download/redline</a>Kapil Sonihttp://www.blogger.com/profile/14558520598231615559noreply@blogger.com0tag:blogger.com,1999:blog-176362451191139722.post-19595223821478731712015-01-29T12:11:00.000+05:302016-05-11T15:54:40.267+05:30Microsoft's Network Monitor (Capturing and Protocol Analysis of Network Traffic) :: Tools<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuFsGavVKjtg1dEaRPRUk32xdWIKamQW4Z316g0h_uszkMWNGQsKf4s1b6LprmWBYZ5WnOg38bBpcuJjEQQGQuK7HkywR3J1kJzcPIYR7FEZKbW1rI6kIMDrqpJjnmw7Kcbd8Aa_qiQehH/s1600/Microsoft+Network+Monitor+Sceenshot.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Microsoft Network Monitor Screenshot" border="0" height="377" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuFsGavVKjtg1dEaRPRUk32xdWIKamQW4Z316g0h_uszkMWNGQsKf4s1b6LprmWBYZ5WnOg38bBpcuJjEQQGQuK7HkywR3J1kJzcPIYR7FEZKbW1rI6kIMDrqpJjnmw7Kcbd8Aa_qiQehH/s1600/Microsoft+Network+Monitor+Sceenshot.jpg" title="Microsoft Network Monitor Screenshot" width="640" /></a></div>
<div style="text-align: justify;">
<b>Microsoft's Network Monitor</b> is a tools that allow <b>capturing and protocol analysis of network traffic</b>. Network Monitor 3 is a <a href="http://www.toolwar.com/search/label/Protocol" target="_blank">protocol analyzer</a>. It enables you to capture, to
view, and to analyze <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> data. You can use it to help troubleshoot
problems with applications on the network. This article
contains download and support information, installation notes, and
general usage information about Network Monitor 3. Network Monitor 3.4
is the latest version.</div>
<div style="text-align: justify;">
<b>Network Monitor 3 </b> is a complete overhaul of the earlier Network Monitor 2.<var>x</var> version. Some key features of Network Monitor 3 include the following:</div>
<ul style="text-align: justify;">
<li>Script-based parser model with frequent updates </li>
<li>Concurrent live capture sessions</li>
<li>Support for Windows 7</li>
<li>Support for 32-bit platforms and for 64-bit platforms </li>
<li>Support for network conversations and process tracking</li>
<li> API to access capture and parsing engine</li>
<li> <a href="http://www.toolwar.com/search/label/Wireless" target="_blank">Wireless</a> Monitor Mode Capturing</li>
</ul>
<div class="toggle-area" style="display: block; text-align: justify;">
<div class="system-requirements">
<div class="supported-os">
<b>Supported Operating System ::</b></div>
<div itemprop="operatingSystems">
<a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> 7, Windows 8, Windows Server 2003
Service Pack 2, Windows Server 2003 Service Pack 2 x64 Edition, Windows
Server 2008, Windows Server 2008 R2, Windows Server 2008 R2 for
Itanium-based Systems, Windows Server 2012, Windows Vista 64-bit
Editions Service Pack 1, Windows Vista Service Pack 1, Windows XP
64-bit, Windows XP Service Pack 3
</div>
<ul class="htmldetails other-requirements">
Hardware ::
<ul>
<li>1 GHz or greater CPU</li>
<li>1 GB or greater <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a></li>
<li>60 MB free hard disk space plus extra room for capture files</li>
</ul>
</ul>
</div>
</div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>Installation Instruction :: </b> </div>
<div style="text-align: justify;">
The Network <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">Monitor</a> core engine has been decoupled from the parser set.
To install the full <b>Network Monitor 3.4</b> product:
</div>
<ul style="text-align: justify;">
<li>Run the setup.exe for the platform you are installing.</li>
<li>You will be prompted first to install the core engine. Follow the installation
directions. Make sure you close existing instances of netmon.exe, nmcap.exe
and any running NMAPI applications.</li>
<li>Next you will be prompted to install the parser package. Follow the
installation directions:</li>
</ul>
<div style="text-align: justify;">
<b>
To uninstall the full Network Monitor 3.4 product ::</b></div>
<ul style="text-align: justify;">
<li>Go to Add/Remove Programs in Control Panel</li>
<li>Uninstall both <b>Microsoft Network Monitor 3.4</b> and Microsoft Network Monitor: Network Monitor
Parsers 3.4</li>
</ul>
<b>Network Monitor Blog ::</b> <a href="http://go.microsoft.com/fwlink/?LinkID=92890" target="_blank">Click Here</a><br />
<b>Network Monitor Blog ::</b> <a href="http://go.microsoft.com/fwlink/?LinkID=151800" target="_blank">Click Here</a><br />
<br />
<b>Video Tutorial :: </b> <a href="http://www.youtube.com/watch?v=jsShLK5bhoY" target="_blank">Click Here</a><br />
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Windows :: <a href="https://www.microsoft.com/en-in/download/details.aspx?id=4865" target="_blank">Network Monitor 3.4</a> (x86 & x64)</b><a href="http://www.microsoft.com/en-us/download/details.aspx?id=4865" target="_blank"></a></div>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://www.microsoft.com/en-us/download/details.aspx?id=4865">http://www.microsoft.com/en-us/download/details.aspx?id=4865</a></div>
<div style="text-align: justify;">
<br /></div>
</div>
Kapil Sonihttp://www.blogger.com/profile/14558520598231615559noreply@blogger.com0tag:blogger.com,1999:blog-176362451191139722.post-22313737885563442452014-12-15T13:59:00.000+05:302014-12-15T15:01:27.430+05:30WAIDPS (Wireless Auditing and IDS/IPS) :: Tools<div class="MsoNormal" style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP2brw15uNZM6cni3F7-EtWQHYhj-0aNTw7yRP5neqqvJNHGdMiVN1N_0W3-Viquk330eFmeUtUUvL8svfYNwbfTIeN9EHznj0wezjqVUp-xF_BlO8Gs1EjB_PoXg6gp8JdoTV0ztUiuyz/s1600/WAIDPS.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP2brw15uNZM6cni3F7-EtWQHYhj-0aNTw7yRP5neqqvJNHGdMiVN1N_0W3-Viquk330eFmeUtUUvL8svfYNwbfTIeN9EHznj0wezjqVUp-xF_BlO8Gs1EjB_PoXg6gp8JdoTV0ztUiuyz/s1600/WAIDPS.png" height="281" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: Arial;"><b>WAIDPS</b> (Wireless Auditing, Intrusion Detection and Prevention System) is an open source <b>wireless swissknife</b> written in <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> and work on <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> environment. This is a multipurpose tools designed for audit (<a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration testing</a>) networks, detect wireless intrusion (WEP/WPA/WPS attacks) and also intrusion prevention (stopping station from associating to access point). Apart from these, it will harvest all <a href="http://www.toolwar.com/search/label/WiFi" target="_blank">WiFi</a> information in the surrounding and store in databases. This will be useful when it comes to auditing a <a href="http://www.toolwar.com/search/label/Network" target="_blank">network </a>if the access point is ‘MAC filtered’ or ‘hidden SSID’ and there isn’t any existing client at that moment. </span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;"><b>WAIDPS</b> may be useful to penetration testers, <a href="http://www.toolwar.com/search/label/Wireless" target="_blank">wireless</a> trainers, law enforcement agencies and those who is interested to know more about wireless auditing and protection. The primarily purpose for this script is to detect intrusion. Once wireless detect is found, it display on screen and also log to file on the attack. Additional features are added to current script where previous WIDS does not have are :</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span><span style="font-family: Arial;">automatically save the attack packets into a file</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span><span style="font-family: Arial;">interactive mode where users are allow to perform many functions</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span><span style="font-family: Arial;">allow user to analyse captured packets</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span><span style="font-family: Arial;">load previously saved pcap file or any other pcap file to be examine</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span><span style="font-family: Arial;">customizing filters</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span><span style="font-family: Arial;">customize detection threshold (sensitivity of IDS in detection)</span></div>
<div class="MsoNormal" style="margin-left: 0.5in; text-align: justify;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">At present, <b>WAIDPS</b> is able to detect the following wireless attacks and will subsequently add other detection found in the previous WIDS.</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span><span style="font-family: Arial;">Association / Authentication flooding</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span><span style="font-family: Arial;">Detect mass deauthentication which may indicate a possible WPA attack for handshake </span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span><span style="font-family: Arial;">Detect possible WEP attack using the ARP request replay method</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span><span style="font-family: Arial;">Detect possible WEP attack using chopchop method</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span><span style="font-family: Arial;">Detect possible WPS pin bruteforce attack by Reaver, Bully, etc.</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span><span style="font-family: Arial;">Detection of Evil-Twin</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span><span style="font-family: Arial;">Detection of Rogue Access Point</span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">The whole structure of the <a href="http://www.toolwar.com/search/label/WiFi" target="_blank">Wireless Auditing</a>, <a href="http://www.toolwar.com/search/label/IDS" target="_blank">Intrusion Detection</a> & <a href="http://www.toolwar.com/search/label/IPS" target="_blank">Prevention System</a> will comprise of </span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">Harvesting WiFi Information [Done]</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">Intrusion Detection [Done]</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">Intrusion Prevention [Done]</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">Auditing (Testing network) [Done]</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">Other additional item include analyzing of packets, display of captured dump, display network barchart and much more.</span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<b><span style="font-family: Arial;">Requirements</span></b></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">No special equipment is required to use this script as long as you have the following :</span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;"> 1. Root access (admin)</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;"> </span><span style="font-family: Arial;">2. Wireless interface which is capable of monitoring and injection</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;"> </span><span style="font-family: Arial;">3. Python 2.7 installed </span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;"> </span><span style="font-family: Arial;">4. <a href="http://www.toolwar.com/2013/09/aircrack-ng-12-beta.html" target="_blank">Aircrack-NG suite</a>installed</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;"> </span><span style="font-family: Arial;">5. TShark installed</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;"> </span><span style="font-family: Arial;">6 TCPDump installed</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;"> </span><span style="font-family: Arial;">7 Mergecap installed (for joining pcap files)</span></div>
<div style="text-align: justify;">
<span style="font-family: Arial;"> </span><span style="font-family: Arial;">8 xterm installed</span></div>
<div style="text-align: justify;">
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<b><span style="font-weight: normal;"><span style="font-family: Arial;"><b>Structure of WAIDS’ Display :: </b></span></span></b></div>
<div class="MsoNormal">
<span style="font-family: Arial;">Before starting with the detail description of the whole application, WAIDPS display structures are separated in several parts. For better understanding, the structures are as below.</span></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<b><span style="font-family: Arial;">WiFi-Harvesting Module</span></b></div>
<div class="MsoNormal">
<span style="font-family: Arial;">- Collecting/Storing of Access Points/Stations details and the relationship with each other. [<b>Access Points / Wireless Clients Listing</b>]</span></div>
<span style="font-family: Arial;">- Displaying of unassociated station information and its probe </span></div>
<div style="text-align: justify;">
<span style="font-family: Arial;">[<b>Unassociated Stations</b>]</span> <br />
<div class="MsoNormal">
<span style="font-family: Arial;">- Allowing user to enter MAC addresses / Names to be monitored </span></div>
<div class="MsoNormal">
<span style="font-family: Arial;">[<b>Monitoring Panel</b>]</span></div>
<span style="font-family: Arial;">- Association of stations to access point, station switch from one access point to another, station acting as both a wireless client and access point, etc </span></div>
<div style="text-align: justify;">
<span style="font-family: Arial;">[<b>Association/Connection Alert</b>]</span> <br />
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<b><span style="font-family: Arial;">Intrusion Detection</span></b></div>
<div class="MsoNormal">
<span style="font-family: Arial;">- Capture/Analyzing of packets </span></div>
<div class="MsoNormal">
<span style="font-family: Arial;">- Displaying of Station/Access Point MAC addresses and detected suspicious data count [<b>Suspicious Activity Listing</b>]</span></div>
<div class="MsoNormal">
<span style="font-family: Arial;">- Displaying of analysed WEP/WPA/WPS attack pattern and its detail [<b>Attack Detected</b>]</span></div>
<div class="MsoNormal">
</div>
</div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>Screenshots :: </b><a href="http://syworks.blogspot.in/2014/04/waidps-wireless-auditing-intrusion.html" target="_blank">Click Here</a><br />
<b>Text & Image Tutorial :: </b><a href="http://syworks.blogspot.in/2014/04/waidps-wireless-auditing-intrusion.html" target="_blank">Click Here</a><br />
<b>Installation Tutorial::</b><br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen='allowfullscreen' webkitallowfullscreen='webkitallowfullscreen' mozallowfullscreen='mozallowfullscreen' width='320' height='266' src='https://www.youtube.com/embed/aGTQAWoeujA?feature=player_embedded' frameborder='0'></iframe></div>
<span id="goog_894600077"></span><span id="goog_894600078"></span>
</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>More Video Tutorials: </b> <a href="https://www.youtube.com/watch?v=s7kzQqOY3X0&index=2&list=PLrekpjW7JwW-T0CeXP8GwudtJmTJ6KZ8O" target="_blank">Click Here</a></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="https://github.com/SYWorks/waidps/archive/master.zip" target="_blank">WAIDPS</a><b> (.py)</b></div>
<div style="text-align: justify;">
<b>Source ::</b> <a href="https://github.com/SYWorks/waidps" target="_blank">https://github.com/SYWorks/waidps</a> </div>
<div style="text-align: justify;">
<b>Submitted By :: </b>SYChua</div>
Kapil Sonihttp://www.blogger.com/profile/14558520598231615559noreply@blogger.com0