PatrowlHears (Vulnerability Intelligence Center) :: Tools

<p style="text-align: center;"> <a href="#" style="margin-left: 1em; margin-right: 1em;"><img alt="PatrowlHears - Vulnerability Intelligence Center" border="0" data-original-height="95" data-original-width="426" height="142" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg78Yi-fUn6UnelJNfinTL6GmFcle_rN2kJVvbZkCeqyMWPTE-1c0Uo0rhirqcu-htF2eTBr5F4EYy0qj6L6eKHXBSOd387DApVooZ6SjJo612jyJVpfoFrQ1IfveC9EfrYrc_MsYqZrVpm/w640-h142-rw/logo-patrowl-light.png" title="PatrowlHears - Vulnerability Intelligence Center" width="640" /> </a></p><p style="text-align: justify;"><span style="font-size: medium;"><span style="font-family: arial;"><span>PatrowlHears provides a unified source of vulnerability, exploit and threat Intelligence feeds. Users accesses a comprehensive and continuously updated vulnerability database scored and enriched with exploit and threat news information. These metadata are collected from public OSINT and private feeds. As today, it’s one of the most extended database.</span></span></span></p><code></code><p style="text-align: justify;"><span style="font-size: medium;"><b>Tutorial: </b><a href="https://makyotox.medium.com/patrowlhears-open-source-vulnerability-intelligence-center-a8577c462257" rel="nofollow" target="_blank">Click Here</a></span></p><p style="text-align: justify;"><span style="font-size: medium;"></span></p><div class="separator" style="clear: both; text-align: center;"><span style="font-size: medium;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgESDSSt8WN9e9FE8jTgauibslgmGYU-gxlA2KUNFhYXA77F5I2MfmxBDStpGCL335dQ6qq1X5nkgMYcGg91nl3KL7F1-bI7rb4o9QUYieLnTPuGrttTYC1Dd5UiZuR_jFIOTJWyPrO0p25/s700/1+2BX5kinORfnh_Y0cJA5XFA.png" rel="nofollow" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img alt="PatrowlHears" border="0" data-original-height="313" data-original-width="700" height="179" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgESDSSt8WN9e9FE8jTgauibslgmGYU-gxlA2KUNFhYXA77F5I2MfmxBDStpGCL335dQ6qq1X5nkgMYcGg91nl3KL7F1-bI7rb4o9QUYieLnTPuGrttTYC1Dd5UiZuR_jFIOTJWyPrO0p25/w400-h179-rw/1+2BX5kinORfnh_Y0cJA5XFA.png" title="PatrowlHears" width="400" /></a></span></div><p></p><p style="text-align: justify;"><span style="font-size: medium;"><b>Download</b>: </span></p><p style="text-align: justify;"><span style="font-size: medium;">Linux: </span></p><pre><code>git clone https://github.com/Patrowl/PatrowlHears cd PatrowlHears ./install.sh </code></pre><pre><code><span style="font-size: small;"><code><span style="font-family: arial;"><b>For Detailed Installation Guide:</b> <a href="https://github.com/Patrowl/PatrowlHears/blob/master/INSTALL.md" rel="nofollow" target="_blank">Click Here</a></span> </code></span> </code></pre><p style="text-align: justify;"><span style="font-size: medium;"><b>Submitted By:</b> <a href="https://twitter.com/makyotox" rel="nofollow" target="_blank">makyotox</a></span><br /></p>

PatrowlHears (Vulnerability Intelligence Center) :: Tools

    PatrowlHears provides a unified source of vulnerability, exploit and threat Intelligence feeds. Users accesses a comprehensive and conti...

Read more »

WebReaver (Advanced Web Security Scanner) :: Framework

<p style="text-align: center;"><img alt="WebReaver (Advanced Web Security Scanner)" border="0" data-original-height="1180" data-original-width="2048" height="230" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3ne2Pm852WocBoS6pz22kpKIauMIwx-ZeFPTcJO-aGtAj8oSokpLjpSwuepPZHfMMuzME0wJa_nx8KJc62uNIUMKOuGHy9Pdf_-zlKrlYFmpW3gVbABfveI7jWvWSWUKFOEyyiUGrtMQ/w400-h230-rw/01.png" title="WebReaver (Advanced Web Security Scanner)" width="400" />  </p><p>WebReaver is an elegant, easy to use and fully-automated, web application security security testing tool for Mac, Windows and Linux, suitable for novice as well as advanced users.</p> <p>WebReaver allows you easily test any web application for a large variety of web vulnerabilities from the sever kinds such as SQL Injection, Local and Remote File Includes, Command Injection, Cross-site Scripting and Expression Injection to the less severe ones such as variety of session and headers problems, information leakage and many more.</p><p><b>Tutorial</b>:</p><p> </p><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="" class="BLOG_video_class" height="266" src="https://www.youtube.com/embed/4w5QbNTED8I" width="320" youtube-src-id="4w5QbNTED8I"></iframe></div><br /><br /><p></p><p><b>Download :</b></p><p><a href="https://s3-eu-west-1.amazonaws.com/data-desktop.secapps.com/webreaver/WebReaver+Setup+0.1.0.exe" rel="nofollow" target="_blank">Windows</a><b> |</b> <a href="https://s3-eu-west-1.amazonaws.com/data-desktop.secapps.com/webreaver/WebReaver-0.1.0.dmg" rel="nofollow" target="_blank">macOS</a><b> | </b><a href="https://s3-eu-west-1.amazonaws.com/data-desktop.secapps.com/webreaver/WebReaver-0.1.0-x86_64.AppImage" rel="nofollow" target="_blank">Linux</a><b><br /></b></p><p><a href="https://webreaver.com/" rel="nofollow" target="_blank"><b>Official Website</b> <br /></a></p>

WebReaver (Advanced Web Security Scanner) :: Framework

  WebReaver is an elegant, easy to use and fully-automated, web application security security testing tool for Mac, Windows and Linux, sui...

Read more »

FireEye Commando VM : Distribution

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUG0wWFAx6CM5Ug02umH4-Gc6HRmvdNUYizRu7qErUQoETWDi6nBqDxyH84E2hVlXWFsDVg3G3wT_7udATupj_wqUIRtOm37Jl6yBFvO6Bed8ykdD92751Aw067mQBmt2fRtP-fsn5CbK7/s1600/CVM+logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="commando vm fireeye" border="0" data-original-height="750" data-original-width="974" height="246" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUG0wWFAx6CM5Ug02umH4-Gc6HRmvdNUYizRu7qErUQoETWDi6nBqDxyH84E2hVlXWFsDVg3G3wT_7udATupj_wqUIRtOm37Jl6yBFvO6Bed8ykdD92751Aw067mQBmt2fRtP-fsn5CbK7/s320-rw/CVM+logo.png" title="commando vm fireeye" width="320" /></a></div> <div style="text-align: justify;"> CommandoVM - a fully customized, Windows-based security <a href="http://www.toolwar.com/search/label/Distribution" target="_blank">distribution</a> for penetration testing and red teaming. </div> <div style="text-align: justify;"> Penetration testers commonly use their own variants of Windows machines when assessing Active Directory environments. Commando VM was designed specifically to be the go-to platform for performing these internal penetration tests. The benefits of using a Windows machine include native support for Windows and Active Directory, using your VM as a staging area for C2 frameworks, browsing shares more easily (and interactively), and using tools such as PowerView and BloodHound without having to worry about placing output files on client assets.</div> <div style="text-align: justify;"> Commando VM uses Boxstarter, Chocolatey, and MyGet packages to install all of the software, and delivers many tools and utilities to support penetration testing. This list includes more than 140 tools, including:</div> <ul style="list-style-position: inside; text-align: justify;"> <li><a href="http://www.toolwar.com/2014/02/nmap-and-zenmap-network-discovery-and.html" target="_blank">Nmap</a></li> <li><a href="http://www.toolwar.com/2013/09/wireshark-tools.html" target="_blank">Wireshark</a></li> <li>Covenant</li> <li>Python</li> <li>Go</li> <li>Remote Server Administration Tools</li> <li><a href="http://www.toolwar.com/2013/09/sysinternals.html" target="_blank">Sysinternals</a></li> <li>Mimikatz</li> <li><a href="http://www.toolwar.com/2013/09/burp-suite-tools.html" target="_blank">Burp-Suite</a></li> <li>x64dbg</li> <li>Hashcat</li> </ul> <div style="text-align: justify;"> With such versatility, Commando VM aims to be the de facto <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows </a>machine for every penetration tester and red teamer. For the blue teamers reading this, don’t worry, we’ve got full blue team support as well! The versatile tool sets included in Commando VM provide blue teams with the tools necessary to audit their networks and improve their detection capabilities. With a library of offensive tools, it makes it easy for blue teams to keep up with offensive tooling and attack trends.</div> <div style="text-align: justify;"> <br /></div> <h4> Requirements</h4> <ul> <li>Windows 7 Service Pack 1 or Windows 10</li> <li>60 GB Hard Drive</li> <li>2 GB RAM</li> </ul> <h3 style="text-align: justify;"> Installation Instruction: </h3> <ol> <li>Create and configure a new Windows Virtual Machine</li> </ol> <ul> <li>Ensure VM is updated completely. You may have to check for updates, reboot, and check again until no more remain</li> <li>Take a snapshot of your machine!</li> <li>Download and copy <code>install.ps1</code> on your newly configured machine.</li> <li>Open PowerShell as an Administrator</li> <li>Enable script execution by running the following command: <ul> <li><code>Set-ExecutionPolicy Unrestricted</code></li> </ul> </li> <li>Finally, execute the installer script as follows: <ul> <li><code>.\install.ps1</code></li> <li>You can also pass your password as an argument: <code>.\install.ps1 -password <password></code></li> </ul> </li> </ul> <div style="text-align: justify;"> <b>Detailed Installation Instruction: </b><a href="https://github.com/fireeye/commando-vm" rel="nofollow" target="_blank">Click Here</a><b> </b></div> <div style="text-align: justify;"> <b>Download: </b><a href="https://github.com/fireeye/commando-vm" rel="nofollow" target="_blank">Commando VM</a></div> <div style="text-align: justify;"> <b>Official Website: </b><a href="https://www.fireeye.com/blog/threat-research/2019/03/commando-vm-windows-offensive-distribution.html" rel="nofollow" target="_blank">FireEye</a></div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <br /></div>

FireEye Commando VM : Distribution

CommandoVM - a fully customized, Windows-based security distribution for penetration testing and red teaming. Penetration testers comm...

Read more »

Sublist3r - Subdomain Enumeration / Scanner : Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiX9xrud6fayQX7f2OmbYU-qjmsBfi35Y0IOMLeMSt1J-XnREvEI3TP99ySPRbENncML8CtP-8Nj8ppzVMR1nkfJWP_4ACocVhp1ZkHhCTFlQlNxlDPkC0htQNyVAN8KELdRTWwRfydGVt3/s1600/Sublist3r.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Sublist3r - Subdomain Enumeration" border="0" data-original-height="413" data-original-width="867" height="190" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiX9xrud6fayQX7f2OmbYU-qjmsBfi35Y0IOMLeMSt1J-XnREvEI3TP99ySPRbENncML8CtP-8Nj8ppzVMR1nkfJWP_4ACocVhp1ZkHhCTFlQlNxlDPkC0htQNyVAN8KELdRTWwRfydGVt3/s400-rw/Sublist3r.JPG" title="Sublist3r - Subdomain Scanner" width="400" /></a></div> <div style="text-align: justify;"> Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu, and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS.</div> <div style="text-align: justify;"> <br /></div> <h2 style="text-align: justify;"> <span style="font-size: large;">Installation:</span></h2> <blockquote class="tr_bq"> <pre><code>git clone https://github.com/aboul3la/Sublist3r.git</code></pre> </blockquote> <b><span style="font-size: small;">Dependencies:</span></b><br /> <blockquote class="tr_bq"> <pre><code>sudo pip install -r requirements.txt</code></pre> </blockquote> <b><span style="font-size: small;">How To Use:</span></b> <br /> <blockquote class="tr_bq"> <span style="font-size: large;"> </span><code>python sublist3r.py -v -d example.com</code></blockquote> where -V : Verbose, -d : Domain<br /> <br /> <h3> <b>Download:: </b> </h3> Linux & Windows : <a href="https://github.com/aboul3la/Sublist3r" rel="nofollow" target="_blank">Sublis3r (Official Page)</a>

Sublist3r - Subdomain Enumeration / Scanner : Tools

Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collec...

Read more »

Katana (Penetration Testing) :: Framework

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhw1qTlDYqNtKvMj9NxyH9Z1j3SfWPp0LHjUlIvAoh3fymYv3sUWHQ5obhS3z3ZjfPDr8j-FcvHs27sgD2ea_KOxRs-iXdsa31FWYMOA5E8hajACfsjq2Q23aDoRo334OJnAsTMUjM7Cfo_/s1600/Katana+Framework.png" imageanchor="1"><img alt="Download Katana Framework For Penetration Testing" border="0" height="130" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhw1qTlDYqNtKvMj9NxyH9Z1j3SfWPp0LHjUlIvAoh3fymYv3sUWHQ5obhS3z3ZjfPDr8j-FcvHs27sgD2ea_KOxRs-iXdsa31FWYMOA5E8hajACfsjq2Q23aDoRo334OJnAsTMUjM7Cfo_/s400-rw/Katana+Framework.png" title="Katana Framework" width="400" /></a></div> <div style="text-align: justify;"> <b>Katana</b> is a framework written in <b>python</b> for making penetration testing, based on a simple and comprehensive structure for anyone to use, modify and share, the goal is to unify tools serve for professional when making a penetration test or simply as a routine tool, The current version is not completely stable, is recommended update ever that you use it.</div> <h3> <b>Installation::</b></h3> Installation of Katana framework: is necesary install all dependencies for a good performance. <br /> <blockquote class="tr_bq"> <pre><i>git clone https://github.com/PowerScript/KatanaFramework.git cd KatanaFramework sudo sh dependencies sudo python install </i></pre> <div style="text-align: justify;"> <br /></div> </blockquote> <b>How to Use:: </b><a href="https://github.com/PowerScript/KatanaFramework/wiki/How-to-use" rel="nofollow" target="_blank">Click Here</a> <br /> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Video Tutorial: </b></div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/B0QsDwYTrnI/0.jpg" frameborder="0" height="330px" src="https://www.youtube.com/embed/B0QsDwYTrnI?feature=player_embedded" width="100%"></iframe></div> <div style="text-align: justify;"> <h3> <b>Download:</b></h3> <b>Linux:  </b><a href="https://github.com/PowerScript/KatanaFramework" rel="nofollow" target="_blank">Katana Framework</a><br /> <br /> <b>Submitted By: </b>RedToor</div>

Katana (Penetration Testing) :: Framework

Katana is a framework written in python for making penetration testing, based on a simple and comprehensive structure for anyone to us...

Read more »

Echo Mirage 3.1 :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifvB-lq7ocGqBXR7di9weB76khloj25f-AdTfIHjMhY1mlB5EDYxX5kz5DJnyRjhDaI2IfKRsb65SReUbaFQn-CqfpIec1dx1biJwetM3rFPQHtE5dLix-SIWXUaIbKm9jlayP2-4whOkm/s1600/Echo+Mirage.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Download Echo Mirage" border="0" height="219" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifvB-lq7ocGqBXR7di9weB76khloj25f-AdTfIHjMhY1mlB5EDYxX5kz5DJnyRjhDaI2IfKRsb65SReUbaFQn-CqfpIec1dx1biJwetM3rFPQHtE5dLix-SIWXUaIbKm9jlayP2-4whOkm/s320-rw/Echo+Mirage.jpg" title="Echo Mirage 3.1 from ToolWar" width="320" /></a></div> <div style="text-align: justify;"> <b>Echo Mirage</b> is a generic network proxy. It uses DLL injection and function hooking techniques to redirect network related function calls so that data transmitted and received by local applications can be observed and modified.<br /><br />Windows encryption and OpenSSL functions are also hooked so that plain text of data being sent and received over an encrypted session is also available.<br /><br />Traffic can be intercepted in real-time, or manipulated with regular expressions and action scripts.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> Note: Echo Mirage is no longer available from author. Here is the archived copy of it. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>License: </b>Freeware<b> </b></div> <div style="text-align: justify;"> <b>Download:: </b><a href="http://woodmann.com/collaborative/tools/images/Bin_Echo_Mirage_2014-1-11_17.28_EchoMirage-3.1.rar" rel="nofollow" target="_blank">Echo Mirage 3.1</a> (.exe) </div> <div style="text-align: justify;"> <br /></div>

Echo Mirage 3.1 :: Tools

Echo Mirage is a generic network proxy. It uses DLL injection and function hooking techniques to redirect network related function call...

Read more »

Mobile Security Framework (MobSF) : Framework

<div class="separator" style="clear: both; text-align: center;"> <img alt="Mobile Security Framework : ToolWar" border="0" height="232" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg92QuRFrhtVqI-D5Nzc-bu8_p0vvCirYl6qqK45JFNtlLSChwXklrMauZ_BLYvAZfq7H7ml0YTzaijl0GfbktnY_-sHW34h8B1tteqowCXjg_ELksZixDcb5Ff1B0JPxCVUTK9mYO9iNhL/s400-rw/MobSF.png" title="Mobile Security Framework : ToolWar" width="400" /></div> <div style="text-align: justify;"> <b>Mobile Security Framework (MobSF)</b> is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code.<b> MobSF</b> can also perform Web API Security testing with it's API Fuzzer that can do Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session and API Rate Limiting.</div> <div style="text-align: justify;"> <br /></div> <h3> Tutorial: </h3> <ul> <li><a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/wiki/1.-Documentation">https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/wiki/1.-Documentation</a></li> </ul> <h3> Video Tutorial: </h3> <h3> Download: <strong> </strong></h3> <strong>Windows</strong>: Extract the <a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/archive/master.zip" target="_blank">MobSF</a> compressed file to C:\MobSF<strong> </strong><br /> <strong>Mac</strong>: Extract <a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/archive/master.zip" target="_blank">MobSF</a> compressed file to /Users/[username]/MobSF<strong> </strong><br /> <strong>Linux</strong>: Extract <a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/archive/master.zip" target="_blank">MobSF</a> compressed file to /home/[username]/MobSF<br /> <br /> <div style="text-align: justify;"> <br /></div>

Mobile Security Framework (MobSF) : Framework

Mobile Security Framework (MobSF) is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing fram...

Read more »

File Checksum Integrity Verifier (FCIV) :: Tools

<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifiuoVgmPKnVv9FUPZCSghpYzLaUQwzuaKU8v8skrGBuWZoj41I7sJPa5FdwMXd-6eNTmk1tDeez_445FFajOVtFnJ41J5DDpJt86mLlt_wOEi4IlFikSdtZmR1TuI6jvApYPg6gM-Gx52/s1600/File+Checksum+Integrity+Verifier+FCIV.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="File Checksum Integrity Verifier (FCIV)" border="0" height="299" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifiuoVgmPKnVv9FUPZCSghpYzLaUQwzuaKU8v8skrGBuWZoj41I7sJPa5FdwMXd-6eNTmk1tDeez_445FFajOVtFnJ41J5DDpJt86mLlt_wOEi4IlFikSdtZmR1TuI6jvApYPg6gM-Gx52/s640-rw/File+Checksum+Integrity+Verifier+FCIV.JPG" title="File Checksum Integrity Verifier (FCIV)" width="640" /></a></div><div style="text-align: justify;">The File Checksum Integrity Verifier (FCIV) is a command-prompt utility that computes and verifies cryptographic hash values of files. FCIV can compute MD5 or SHA-1 cryptographic hash values. These values can be displayed on the screen or saved in an XML file database for later use and verification.</div><div style="text-align: justify;">FCIV (File Checksum Integrity Verifier) is a small tool or utility from Microsoft that allow us to compute (MD5 and SHA1) and verify Integrity of files. If you are a malware analyst or a researcher or a user who want secure things then you can done a fabulous things with this small utility.</div><h3 class="sbody-h3" style="text-align: justify;">Features</h3><div style="text-align: justify;">The FCIV utility has the following features:</div><ul class="sbody-free_list"><li style="text-align: justify;"> Supports MD5 or SHA1 hash algorithms (The default is MD5.)</li> <li style="text-align: justify;"> Can output hash values to the console or store the hash value and file name in an XML file</li> <li style="text-align: justify;">Can recursively generate hash values for all files in a directory and in all subdirectories (for example, <span class="text-base">fciv.exe c:\ -r</span>)</li> <li style="text-align: justify;">Supplies an exception list to specify files or directories to hash</li> <li style="text-align: justify;">Can store hash values for a file with or without the full path of the file</li> </ul><h3> Example usage</h3><ul class="sbody-free_list"><li>To display the MD5 hash of a file, type the following command at a command prompt: <div class="indent"><span class="sbody-userinput">fciv.exe <var class="sbody-var">filename</var></span></div><span class="text-base">Note </span><var class="sbody-var"> filename</var> is the name of the file.</li> <li>To compute a hash of a file, type a command line that is similar to any one of the following command lines: <div class="indent"><span class="sbody-userinput">fciv.exe c:\mydir\<var class="sbody-var"><var class="sbody-var">myfile.dll</var></var></span><br /> <br /> <span class="sbody-userinput">fciv.exe c:\ -r -exc exceptions.txt -sha1 -xml dbsha.xml</span><br /> <br /> <span class="sbody-userinput">fciv.exe c:\<var class="sbody-var">mydir</var> -type *.exe</span><br /> <br /> <span class="sbody-userinput">fciv.exe c:\<var class="sbody-var">mydir</var> -wp -both -xml db.xml</span></div></li> <li>To list the hashes that are stored in a database, type a command line that is similar to the following command line: <div class="indent"><span class="sbody-userinput">fciv.exe -list -sha1 -xml db.xml</span></div></li> <li>To verify a hash in a file, type a command line that is similar to any one of the following command lines: <div class="indent"><span class="sbody-userinput">fciv.exe -v -sha1 -xml db.xml</span><br /> <br /> <span class="sbody-userinput">fciv.exe -v -bp c:\<var class="sbody-var">mydir</var> -sha1 -xml db.xml</span></div></li> </ul><h3>Video Tutorial::</h3><br /> <div class="separator" style="clear: both; text-align: center;"><br /> <iframe width="100%" height="330" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/sOtnut9wM38/0.jpg" src="https://www.youtube.com/embed/sOtnut9wM38?feature=player_embedded" frameborder="0" allowfullscreen></iframe></div><br /> <h3>Download ::</h3><b>Windows:</b> <a href="http://www.microsoft.com/en-in/download/details.aspx?id=11533" rel="nofollow" target="_blank">Microsoft FCIV</a>

File Checksum Integrity Verifier (FCIV) :: Tools

The File Checksum Integrity Verifier (FCIV) is a command-prompt utility that computes and verifies cryptographic hash values of files. FCI...

Read more »

FoxAnalysis :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="foxanalysis" border="0" height="224" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVTDAJNO0D95q-mKwQdBNLvakgBNChOBpQ_8FNmp-9XPaB1EP7GnnXjRpGJLVcciK30kxboEHPaEyJ2oM4BBEI-vOw5Rn3pXrlGEDdzrvTeNjtvq4xwfgk94K7aIhI6uXVzqCj3gWENmhf/s640-rw/foxanalysis.jpg" title="foxanalysis" width="640" /></div> <b>FoxAnalysis Plus</b> is a software tool for <i>extracting, viewing and analysing internet history</i><b> </b>from the <b>Mozilla Firefox web browser</b>. The main features are described below: </div> <div style="text-align: justify;">   </div> <div style="text-align: justify;"> <b><span class="heading">Extract History</span>  ::</b><br /> <span class="description2">Extract history regarding bookmarks, cookies, downloads, favicons, form entries, logins, saved sessions and website visits. </span> <span class="heading"> </span></div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b><span class="heading">Case Files</span>  ::</b><br /> <span class="description2">Each Firefox profile analysed can be saved to a Case file for further analysis at a later date. </span> <span class="heading"> </span></div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b><span class="heading">Supports Firefox versions 3 to 24</span>  ::</b><br /> <span class="description2">Extract history generated from Firefox versions 3 to 24 (new versions are added regularly). </span></div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <span class="description2"><b><span class="heading">Cache ::</span></b> <br /> <span class="description">The built-in image viewer can be used to view images from the cache. Images, web pages and other files from the cache can also be extracted.</span></span></div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <span class="description2"><span class="description"><b><span class="heading">Saved Sessions ::</span></b> <br /> Analyse current and last session data such as open windows and tabs, cookies and text typed into forms. Session data not displayed within a table can be analysed using the tree viewer. </span></span></div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <span class="description2"><span class="description"><b><span class="heading">Web History Timeline ::</span></b> <br /> Website visits can be viewed in a navigable timeline structure for easily viewing the time and order that websites were visited. </span></span></div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <span class="description2"><span class="description"><b><span class="heading">Web Page Reconstruction ::</span></b> <br /> Web pages stored in the cache can be reconstructed using other resource files from the cache. This allows the web page to be viewed in the state it was originally accessed. A report is also provided summarising how the web page was reconstructed. </span></span></div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <span class="description2"><span class="description"><b><span class="heading">Filtering ::</span></b> <br /> Analyse the extracted data with filtering by keyword, date range, download status, website visit or selection. Lists of keyword filters can also be saved and loaded. </span></span></div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <span class="description2"><span class="description"><b><span class="heading">Reporting ::</span></b> <br /> Generate reports in HTML, CSV and XML format. </span></span></div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <span class="description2"><span class="description"><b><span class="heading">Time Zone and DST Settings ::</span></b> <br /> Convert UTC timestamps to any time zone and apply custom daylight saving settings.  </span></span></div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> <b><span class="description2"><span class="description">Tutorials ::</span></span></b></h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/eeJBXOGNCi8?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;"> <b><span class="description2"><span class="description"> </span></span></b></h3> <h3 style="text-align: justify;"> <b><span class="description2"><span class="description">Download ::</span></span></b><span class="description2"><span class="description"> </span></span></h3> <div style="text-align: justify;"> <span class="description2"><span class="description"><b>Windows ::</b> <a href="http://forensic-software.co.uk/Downloads/FoxAnalysisPlusTrial.aspx" target="_blank">FoxAnalysis Trial</a></span></span></div> <div style="text-align: justify;"> <span class="description2"><span class="description"><b>Official Website ::</b> <a href="http://forensic-software.co.uk/" target="_blank">http://forensic-software.co.uk/ </a></span></span><span class="description2"> </span></div>

FoxAnalysis :: Tools

FoxAnalysis Plus is a software tool for extracting, viewing and analysing internet history from the Mozilla Firefox web browser...

Read more »

Mandiant Redline (Memory and File Analysis) :: Tools

<div class="separator" style="clear: both; text-align: center;">  <img alt="Mandiant Redline Logo" border="0" height="233" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi85inxEf7aGj9rwDfJlLA1TZjt029HkuPRCGRhLSQHEAM3zBvwbuLTQ5KRk0_EUdzGhbt6PbzzhpzYo2kQigms2_eBtiT3rOaRdXb8fjaQlF-7JuBE_st3IAFkZd3E5dxJ-TJdPkeBzB0X/s400-rw/Memoryze+Logo.png" title="Mandiant Redline Logo" width="400" /></div> <div style="text-align: justify;"> <b>Redline, Mandiant’s</b> premier free tool, provides<i> host investigative</i> capabilities to users to find signs of <i>malicious activity through memory and file analysis</i>, and the development of a threat assessment profile.  With <b>Redline,</b> users can:</div> <ul style="text-align: justify;"> <li>Thoroughly audit and collect all running processes and drivers from <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a>, file system metadata, <a href="http://www.toolwar.com/search/label/Registry" target="_blank">registry</a> data, event logs, <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> information, services, tasks, and <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> history.</li> <li>Analyze and view imported audit data, including narrowing and filtering results around a given timeframe using <b>Redline’s</b> Timeline functionality with the TimeWrinkle™ and TimeCrunch™ features.</li> <li>Streamline memory analysis with a proven workflow for analyzing <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a> based on relative priority.</li> <li>Identify processes more likely worth investigating based on the <b>Redline</b> Malware Risk Index (MRI) score.</li> <li>Perform Indicator of Compromise (IOC) <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a>. Supplied with a set of IOCs, the Redline Portable Agent is automatically configured to gather the data required to perform the IOC analysis and an IOC hit result review. </li> </ul> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> In addition, <b>Redline</b> can be used in conjunction with <b>Mandiant for Intelligent Response®(MIR®)</b> and <b>Mandiant for Security Operations™:</b></div> <div style="text-align: justify;"> </div> <ul style="text-align: justify;"> <li>Investigators can open audits gathered in Mandiant for Intelligent Response (MIR) directly in Redline to quickly identify a malicious process and create an IOC based on the analysis. MIR can use this IOC to quickly sweep a <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> to identify all other systems running the same or similar malware.</li> <li>Mandiant for Security Operations users can open triage collections directly in Redline in order to perform in-depth <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a> allowing the user to establish a timeline and the scope of an incident.</li> </ul> <b>Mandiant Redline 1.11</b> includes various changes to improve your user experience, and adds support for <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> 8 and 2012. A redesigned find panel remains open and offers users the ability to search and filter on a specific column. You can also filter lists by multiple tags at the same time and choose whether to include only items that do or do not have a comment. Finally, the Redline Collector now provides beta support for gathering Windows 2012 and Windows 8 data..<br /> <br /> <br /> <b>Supported Operating Systems:</b> Windows XP, Windows Vista, Windows 7, Windows 8 (32-bit and 64-bit)<br /> <br /> <h3> Tutorials ::</h3> <b>User Guide :: </b><a href="http://www.mandiant.com/library/Redline1.11_UserGuide.pdf">Mandiant Redline 1.11 (PDF)</a><br /> <b>Redline Blog :: </b><a href="https://www.mandiant.com/blog/tag/redline/" target="_blank">Mandiant Redline Blog </a><br /> <br /> <h3> Download ::</h3> <b>Windows :: </b><a href="https://www.mandiant.com/library/Redline-1.11.msi" target="_blank">Mandiant Redline v1.11</a><b><br /></b><br /> <b>Official Website ::</b> <a href="https://www.mandiant.com/resources/download/redline">https://www.mandiant.com/resources/download/redline</a>

Mandiant Redline (Memory and File Analysis) :: Tools

  Redline, Mandiant’s premier free tool, provides host investigative capabilities to users to find signs of malicious activity throug...

Read more »

Microsoft's Network Monitor (Capturing and Protocol Analysis of Network Traffic) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuFsGavVKjtg1dEaRPRUk32xdWIKamQW4Z316g0h_uszkMWNGQsKf4s1b6LprmWBYZ5WnOg38bBpcuJjEQQGQuK7HkywR3J1kJzcPIYR7FEZKbW1rI6kIMDrqpJjnmw7Kcbd8Aa_qiQehH/s1600/Microsoft+Network+Monitor+Sceenshot.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Microsoft Network Monitor Screenshot" border="0" height="377" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuFsGavVKjtg1dEaRPRUk32xdWIKamQW4Z316g0h_uszkMWNGQsKf4s1b6LprmWBYZ5WnOg38bBpcuJjEQQGQuK7HkywR3J1kJzcPIYR7FEZKbW1rI6kIMDrqpJjnmw7Kcbd8Aa_qiQehH/s1600-rw/Microsoft+Network+Monitor+Sceenshot.jpg" title="Microsoft Network Monitor Screenshot" width="640" /></a></div> <div style="text-align: justify;"> <b>Microsoft's Network Monitor</b> is a tools that allow <b>capturing and protocol analysis of network traffic</b>. Network Monitor 3 is a <a href="http://www.toolwar.com/search/label/Protocol" target="_blank">protocol analyzer</a>. It enables you to capture, to view, and to analyze <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> data. You can use it to help troubleshoot problems with applications on the network. This article contains download and support information, installation notes, and general usage information about Network Monitor 3. Network Monitor 3.4 is the latest version.</div> <div style="text-align: justify;"> <b>Network Monitor 3 </b> is a complete overhaul of the earlier Network Monitor 2.<var>x</var> version. Some key features of Network Monitor 3 include the following:</div> <ul style="text-align: justify;"> <li>Script-based parser model with frequent updates </li> <li>Concurrent live capture sessions</li> <li>Support for Windows 7</li> <li>Support for 32-bit platforms and for 64-bit platforms </li> <li>Support for network conversations and process tracking</li> <li> API to access capture and parsing engine</li> <li> <a href="http://www.toolwar.com/search/label/Wireless" target="_blank">Wireless</a> Monitor Mode Capturing</li> </ul> <div class="toggle-area" style="display: block; text-align: justify;"> <div class="system-requirements"> <div class="supported-os"> <b>Supported Operating System ::</b></div> <div itemprop="operatingSystems"> <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> 7, Windows 8, Windows Server 2003 Service Pack 2, Windows Server 2003 Service Pack 2 x64 Edition, Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 R2 for Itanium-based Systems, Windows Server 2012, Windows Vista 64-bit Editions Service Pack 1, Windows Vista Service Pack 1, Windows XP 64-bit, Windows XP Service Pack 3 </div> <ul class="htmldetails other-requirements"> Hardware :: <ul> <li>1 GHz or greater CPU</li> <li>1 GB or greater <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a></li> <li>60 MB free hard disk space plus extra room for capture files</li> </ul> </ul> </div> </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Installation Instruction :: </b> </div> <div style="text-align: justify;"> The Network <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">Monitor</a> core engine has been decoupled from the parser set. To install the full <b>Network Monitor 3.4</b> product: </div> <ul style="text-align: justify;"> <li>Run the setup.exe for the platform you are installing.</li> <li>You will be prompted first to install the core engine. Follow the installation directions. Make sure you close existing instances of netmon.exe, nmcap.exe and any running NMAPI applications.</li> <li>Next you will be prompted to install the parser package. Follow the installation directions:</li> </ul> <div style="text-align: justify;"> <b> To uninstall the full Network Monitor 3.4 product ::</b></div> <ul style="text-align: justify;"> <li>Go to Add/Remove Programs in Control Panel</li> <li>Uninstall both <b>Microsoft Network Monitor 3.4</b> and Microsoft Network Monitor: Network Monitor Parsers 3.4</li> </ul> <b>Network Monitor Blog ::</b> <a href="http://go.microsoft.com/fwlink/?LinkID=92890" target="_blank">Click Here</a><br /> <b>Network Monitor Blog ::</b> <a href="http://go.microsoft.com/fwlink/?LinkID=151800" target="_blank">Click Here</a><br /> <br /> <b>Video Tutorial :: </b> <a href="http://www.youtube.com/watch?v=jsShLK5bhoY" target="_blank">Click Here</a><br /> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows :: <a href="https://www.microsoft.com/en-in/download/details.aspx?id=4865" target="_blank">Network Monitor 3.4</a> (x86 & x64)</b><a href="http://www.microsoft.com/en-us/download/details.aspx?id=4865" target="_blank"></a></div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="http://www.microsoft.com/en-us/download/details.aspx?id=4865">http://www.microsoft.com/en-us/download/details.aspx?id=4865</a></div> <div style="text-align: justify;"> <br /></div> </div>

Microsoft's Network Monitor (Capturing and Protocol Analysis of Network Traffic) :: Tools

Microsoft's Network Monitor is a tools that allow capturing and protocol analysis of network traffic . Network Monitor 3 is a proto...

Read more »

WAIDPS (Wireless Auditing and IDS/IPS) :: Tools

<div class="MsoNormal" style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP2brw15uNZM6cni3F7-EtWQHYhj-0aNTw7yRP5neqqvJNHGdMiVN1N_0W3-Viquk330eFmeUtUUvL8svfYNwbfTIeN9EHznj0wezjqVUp-xF_BlO8Gs1EjB_PoXg6gp8JdoTV0ztUiuyz/s1600/WAIDPS.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="281" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP2brw15uNZM6cni3F7-EtWQHYhj-0aNTw7yRP5neqqvJNHGdMiVN1N_0W3-Viquk330eFmeUtUUvL8svfYNwbfTIeN9EHznj0wezjqVUp-xF_BlO8Gs1EjB_PoXg6gp8JdoTV0ztUiuyz/s1600-rw/WAIDPS.png" width="400" /></a></div> <div class="separator" style="clear: both; text-align: center;"> </div> <span style="font-family: Arial;"><b>WAIDPS</b> (Wireless Auditing, Intrusion Detection and Prevention System) is an open source <b>wireless swissknife</b> written in <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> and work on <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> environment. This is a multipurpose tools designed for audit (<a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration testing</a>) networks, detect wireless intrusion (WEP/WPA/WPS attacks) and also intrusion prevention (stopping station from associating to access point). Apart from these, it will harvest all <a href="http://www.toolwar.com/search/label/WiFi" target="_blank">WiFi</a> information in the surrounding and store in databases. This will be useful when it comes to auditing a <a href="http://www.toolwar.com/search/label/Network" target="_blank">network </a>if the access point is ‘MAC filtered’ or ‘hidden SSID’ and there isn’t any existing client at that moment. </span></div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;"><b>WAIDPS</b> may be useful to penetration testers, <a href="http://www.toolwar.com/search/label/Wireless" target="_blank">wireless</a> trainers, law enforcement agencies and those who is interested to know more about wireless auditing and protection. The primarily purpose for this script is to detect intrusion. Once wireless detect is found, it display on screen and also log to file on the attack. Additional features are added to current script where previous WIDS does not have are :</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">automatically save the attack packets into a file</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">interactive mode where users are allow to perform many functions</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">allow user to analyse captured packets</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">load previously saved pcap file or any other pcap file to be examine</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">customizing filters</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">customize detection threshold (sensitivity of IDS in detection)</span></div> <div class="MsoNormal" style="margin-left: 0.5in; text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">At present, <b>WAIDPS</b> is able to detect the following wireless attacks and will subsequently add other detection found in the previous WIDS.</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Association / Authentication flooding</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect mass deauthentication which may indicate a possible WPA attack for handshake </span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect possible WEP attack using the ARP request replay method</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect possible WEP attack using chopchop method</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect possible WPS pin bruteforce attack by Reaver, Bully, etc.</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detection of Evil-Twin</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detection of Rogue Access Point</span></div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">The whole structure of the <a href="http://www.toolwar.com/search/label/WiFi" target="_blank">Wireless Auditing</a>, <a href="http://www.toolwar.com/search/label/IDS" target="_blank">Intrusion Detection</a> & <a href="http://www.toolwar.com/search/label/IPS" target="_blank">Prevention System</a> will comprise of </span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">Harvesting WiFi Information         [Done]</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">Intrusion Detection                         [Done]</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">Intrusion Prevention                       [Done]</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">Auditing (Testing network)            [Done]</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">Other additional item include analyzing of packets, display of captured dump, display network barchart and much more.</span></div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> <b><span style="font-family: Arial;">Requirements</span></b></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">No special equipment is required to use this script as long as you have the following :</span></div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">   1. Root access (admin)</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">   </span><span style="font-family: Arial;">2. Wireless interface which is capable of monitoring and injection</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">   </span><span style="font-family: Arial;">3. Python 2.7 installed </span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">   </span><span style="font-family: Arial;">4. <a href="http://www.toolwar.com/2013/09/aircrack-ng-12-beta.html" target="_blank">Aircrack-NG suite</a>installed</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">   </span><span style="font-family: Arial;">5. TShark installed</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">   </span><span style="font-family: Arial;">6 TCPDump installed</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">   </span><span style="font-family: Arial;">7 Mergecap installed (for joining pcap files)</span></div> <div style="text-align: justify;"> <span style="font-family: Arial;">   </span><span style="font-family: Arial;">8 xterm  installed</span></div> <div style="text-align: justify;"> <div style="text-align: left;"> <br /></div> <div style="text-align: left;"> <b><span style="font-weight: normal;"><span style="font-family: Arial;"><b>Structure of WAIDS’ Display :: </b></span></span></b></div> <div class="MsoNormal"> <span style="font-family: Arial;">Before starting with the detail description of the whole application, WAIDPS display structures are separated in several parts. For better understanding, the structures are as below.</span></div> <div class="MsoNormal"> </div> <div class="MsoNormal"> <b><span style="font-family: Arial;">WiFi-Harvesting Module</span></b></div> <div class="MsoNormal"> <span style="font-family: Arial;">- Collecting/Storing of Access Points/Stations details and the relationship with each other. [<b>Access Points / Wireless Clients Listing</b>]</span></div> <span style="font-family: Arial;">- Displaying of unassociated station information and its probe </span></div> <div style="text-align: justify;"> <span style="font-family: Arial;">[<b>Unassociated Stations</b>]</span> <br /> <div class="MsoNormal"> <span style="font-family: Arial;">- Allowing user to enter MAC addresses / Names to be monitored </span></div> <div class="MsoNormal"> <span style="font-family: Arial;">[<b>Monitoring Panel</b>]</span></div> <span style="font-family: Arial;">- Association of stations to access point, station switch from one access point to another, station acting as both a wireless client and access point, etc </span></div> <div style="text-align: justify;"> <span style="font-family: Arial;">[<b>Association/Connection Alert</b>]</span> <br /> <div class="MsoNormal"> </div> <div class="MsoNormal"> <b><span style="font-family: Arial;">Intrusion Detection</span></b></div> <div class="MsoNormal"> <span style="font-family: Arial;">- Capture/Analyzing of packets </span></div> <div class="MsoNormal"> <span style="font-family: Arial;">- Displaying of Station/Access Point MAC addresses and detected suspicious data count [<b>Suspicious Activity Listing</b>]</span></div> <div class="MsoNormal"> <span style="font-family: Arial;">- Displaying of analysed WEP/WPA/WPS attack pattern and its detail [<b>Attack Detected</b>]</span></div> <div class="MsoNormal"> </div> </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Screenshots ::  </b><a href="http://syworks.blogspot.in/2014/04/waidps-wireless-auditing-intrusion.html" target="_blank">Click Here</a><br /> <b>Text & Image Tutorial :: </b><a href="http://syworks.blogspot.in/2014/04/waidps-wireless-auditing-intrusion.html" target="_blank">Click Here</a><br /> <b>Installation Tutorial::</b><br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/aGTQAWoeujA?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <span id="goog_894600077"></span><span id="goog_894600078"></span> </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>More Video Tutorials: </b> <a href="https://www.youtube.com/watch?v=s7kzQqOY3X0&index=2&list=PLrekpjW7JwW-T0CeXP8GwudtJmTJ6KZ8O" target="_blank">Click Here</a></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="https://github.com/SYWorks/waidps/archive/master.zip" target="_blank">WAIDPS</a><b> (.py)</b></div> <div style="text-align: justify;"> <b>Source ::</b> <a href="https://github.com/SYWorks/waidps" target="_blank">https://github.com/SYWorks/waidps</a> </div> <div style="text-align: justify;"> <b>Submitted By :: </b>SYChua</div>

WAIDPS (Wireless Auditing and IDS/IPS) :: Tools

WAIDPS (Wireless Auditing, Intrusion Detection and Prevention System) is an open source wireless swissknife written in Python and wo...

Read more »

NoGoToFail :: Network Traffic Security Testing Tool

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrZyKNhyphenhyphenNN1-cYypGXqoLUErO5y7F-od5ou1fO4m9ViAXljsDDnINyDGBvdk1SGRfYbZnVDNBvg_-b7pOI4JTOSKEGfSxfYai6pY0-f5hP_4TTJuvyLdgBbo3Ef4pUS5ylCqFhZZx2SvwW/s1600/NoGotofail+toolwar.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="272" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrZyKNhyphenhyphenNN1-cYypGXqoLUErO5y7F-od5ou1fO4m9ViAXljsDDnINyDGBvdk1SGRfYbZnVDNBvg_-b7pOI4JTOSKEGfSxfYai6pY0-f5hP_4TTJuvyLdgBbo3Ef4pUS5ylCqFhZZx2SvwW/s1600-rw/NoGotofail+toolwar.jpg" width="640" /></a></div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Nogotofail</b> is a <b>network security testing tool</b> designed to help developers and <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.</div> <div style="text-align: justify;"> <b>Google</b> is committed to increasing the use of TLS/SSL in all applications and services. But “HTTPS everywhere” is not enough; it also needs to be used correctly. Most platforms and devices have secure defaults, but some applications and libraries override the defaults for the worse, and in some instances we’ve seen platforms make mistakes as well. As applications get more complex, connect to more services, and use more third party libraries, it becomes easier to introduce these types of mistakes.<br />The Android Security Team has built a tool, called <b>nogotofail</b>, that provides an easy way to confirm that the devices or applications you are using are safe against known TLS/SSL vulnerabilities and misconfigurations. <b>Nogotofail</b> works for <a href="http://www.toolwar.com/search/label/Android" target="_blank">Android</a>, iOS, <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, Chrome OS, OSX, in fact any device you use to connect to the Internet. There’s an easy-to-use client to configure the settings and get notifications on Android and Linux, as well as the attack engine itself which can be deployed as a router, VPN server, or proxy.<br />We’ve been using this tool ourselves for some time and have worked with many developers to improve the security of their apps. But we want the use of TLS/SSL to advance as quickly as possible. Today, we’re releasing it as an open source project, so anyone can test their applications, contribute new features, provide support for more platforms, and help improve the security of the Internet.</div> <h3 style="text-align: justify;"> <b>Download ::</b></h3> <div style="text-align: justify;"> <b>Python:</b> <a href="https://github.com/google/nogotofail/archive/dev.zip" target="_blank">nogotofail</a> (Github)</div> <div style="text-align: justify;"> <b>Official Website:</b> https://github.com/google/nogotofail</div>

NoGoToFail :: Network Traffic Security Testing Tool

Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connect...

Read more »

Crypto Implementations Analysis Toolkit :: Framework

<div class="separator" style="clear: both; text-align: center;"> <img alt="Crypto Implementation Analysis Toolkit (CIAT)" border="0" height="240" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAZPIwVYWPyohkcKc1fGGaHZAcyEw0BoiIWqylgFCnmnY1VjNEgNvH1QOaOPUW0oKzjIUDWaaT-w2W0NnTovjr_7z_6iDQDsIk1zJ32bIxlmbcNT-H9milmKcnN3YE4dztJDAY7SjbM_Ll/s1600-rw/Crypto+Implementation+Analysis+Toolkit+(CIAT).png" title="Crypto Implementation Analysis Toolkit (CIAT)" width="400" /></div> <div style="text-align: justify;"> The <b>Cryptographic Implementations Analysis Toolkit (CIAT)</b> is compendium of command line and graphical tools whose aim is to help in the detection and analysis of encrypted byte sequences within files (executable and non-executable). </div> <br /> <h3> Download :: </h3> <b>Linux & Windows :: </b><a href="http://sourceforge.net/projects/ciat/files/latest/download" target="_blank">Crypto Implementation Analysis Toolkit (CIAT) (.zip)</a><b> </b><br /> <b>Official Website :: </b><a href="http://ciat.sourceforge.net/">http://ciat.sourceforge.net/</a>

Crypto Implementations Analysis Toolkit :: Framework

The Cryptographic Implementations Analysis Toolkit (CIAT) is compendium of command line and graphical tools whose aim is to help in th...

Read more »

NIELD (Network Forensics) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Network Forensics" border="0" height="300" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiv5UkdWZtYhJYA6juKwBWqbScPIAPAkUhoLvGVeVrnlB4umNPTnorlKGSInBzLSy5Faqe9YyG7bXA-bWiHYnBzqN5Tu9v9dATd-eeiHXBlHWrgZjE8-jsyhz7TnGf6q93Y-6Tm_4WPr1RJ/s400-rw/Network+Forensics.jpg" title="Network Forensics" width="400" /></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>NIELD (Network Interface Events Logging Daemon)</b> is a tool that receives notifications from the kernel through the netlink socket, and generates logs related to interfaces, neighbor cache(ARP,NDP), IP address(IPv4,IPv6), routing, FIB rules, traffic control.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Installation :: </b><a href="http://nield.sourceforge.net/install.html" target="_blank">Click Here </a></div> <div style="text-align: justify;"> <b>Help :: </b><a href="http://nield.sourceforge.net/man.html" target="_blank">Click Here</a> </div> <h3 style="text-align: justify;"> Download :: </h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://sourceforge.net/projects/nield/files/nield-0.4.0/nield-0.4.0.tar.gz/download" target="_blank">NIELD 0.4.0 (.tar.gz)</a></div> <div style="text-align: justify;"> <b>Source :: </b><a href="http://nield.sourceforge.net/index.html">http://nield.sourceforge.net/index.html</a></div>

NIELD (Network Forensics) :: Tools

NIELD (Network Interface Events Logging Daemon) is a tool that receives notifications from the kernel through the netlink socket, and...

Read more »

Mandiant Memoryze (Live Memory Forensic) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Memoryze Logo" border="0" height="233" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhP6Kiq6DL8HvQGQr0mM99tRZ4IPEArJ8MAgMScreZuK6ooQ73__V7_InhX_VZ_JTI3i6HMxlsvJ6HheaMaVEey7VHFt_4UHW_vW8sSMttY7brLEr-rMCOR-jWHctlRSlXt85RjFwYA_CZ2/s400-rw/Memoryze+Logo.png" title="Memoryze Logo" width="400" /></div> <div style="text-align: justify;"> <b>Mandiant’s Memoryze</b> is free<i> <b>memory forensic software</b></i> that helps incident responders <b><i>find evil in live memory.</i></b> <b>Memoryze</b> can acquire and/or analyze <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a> images, and on live systems, can include the paging file in its <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a>.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Mandiant’s Memoryze</b> features:</div> <ul style="text-align: justify;"> <li>image the full range of <a href="http://www.toolwar.com/search/label/System" target="_blank">system</a> memory (not reliant on API calls).</li> <li>image a process’ entire address space to disk. This includes a process’ loaded DLLs, EXEs, heaps and stacks.</li> <li>image a specified driver or all drivers loaded in <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a> to disk.</li> <li>enumerate all running processes (including those hidden by rootkits). For each process, Memoryze can:</li> <ul> <li>report all open handles in a process (for example, all files, registry keys, etc.).</li> <li>list the virtual address space of a given process including:</li> <ul> <li>displaying all loaded DLLs.</li> <li>displaying all allocated portions of the heap and execution stack.</li> </ul> <li>list all <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> sockets that the process has open, including any hidden by rootkits.</li> <li>specify the functions imported by the EXE and DLLs.</li> <li>specify the functions exported by the EXE and DLLs.</li> <li>hash the EXE and DLLs in the process address space (MD5, SHA1, SHA256.  This is disk based.)</li> <li>hash the EXE and DLLs in the process address space. (This is a MemD5 of the binary in memory).</li> <li>verify the digital signatures of the EXE and DLLs. (This is disk based.)</li> <li>output all strings in memory on a per process basis.</li> </ul> <li>identify all drivers loaded in memory, including those hidden by rootkits. For each driver, Memoryze can: </li> <ul> <li>specify the functions the driver imports.</li> <li>specify the functions the driver exports.</li> <li><a href="http://www.toolwar.com/search/label/Hash" target="_blank">hash</a> the driver. (MD5, SHA1, SHA256. this is disk based.)</li> <li>verify the digital signature of the driver (This is disk based.)</li> <li>output all strings in memory on a per driver base.</li> </ul> <li>report device and driver layering, which can be used to intercept network <a href="http://www.toolwar.com/search/label/Packet" target="_blank">packets</a>, keystrokes and file activity.</li> <li>identify all loaded kernel modules by walking a linked list.</li> <li>identify hooks (often used by rootkits) in the System Call Table, the Interrupt Descriptor Tables (IDTs) and driver function tables (IRP tables).</li> </ul> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Mandiant’s Memoryze can perform all these functions on live system memory or memory image files – whether they were acquired by Memoryze or other memory acquisition tools. </b></div> <div style="text-align: justify;"> Memoryze officially supports:</div> <ul style="text-align: justify;"> <li><a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> 2000 Service Pack 4 (32-bit)</li> <li>Windows XP Service Pack 2 and Service Pack 3 (32-bit)</li> <li>Windows Vista Service Pack 1 and Service Pack 2 (32-bit)</li> <li>*Windows Vista Service Pack 2 (64-bit)</li> <li>Windows 2003 Service Pack 2 (32-bit and 64-bit)</li> <li>Windows 7 Service Pack 0 (32-bit and 64-bit)</li> <li>*Windows 2008 Service Pack 1 and Service Pack 2 (32-bit)</li> <li>Windows 2008 R2 Service Pack 0 (64-bit)</li> <li>*Windows 8 Service Pack 0 (32-bit and 64-bit)</li> <li>*Windows Server 2012 Service Pack 0 (64-bit)</li> </ul> <div style="text-align: justify;"> * means support for a new operating system without experience on millions of host</div> <div style="text-align: justify;"> In order to visualize Memoryze’s output, please download Redline™ or use an XML viewer.  Redline is Mandiant’s premier <a href="http://www.toolwar.com/search/label/Free" target="_blank">free</a> tool for investigating hosts for signs of malicious activity through memory and file <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a>, and the development of a threat assessment profile.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials :: </h3> <b>Youtube ::</b><a href="http://www.youtube.com/watch?v=NskrZmwwV5s" target="_blank"><b> </b>Click Here</a><br /> <b>Forum :: </b><a href="https://forums.mandiant.com/" target="_blank">Mandiant Memoryze Forum</a> <br /> <b>User Guide ::  </b><a href="http://www.mandiant.com/library/MemoryzeUserGuide.pdf" target="_blank">Memoryze User Guide PDF</a><br /> <h3 style="text-align: justify;">  </h3> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="https://www.mandiant.com/library/MemoryzeSetup3.0.msi" target="_blank">Mandiant Memoryze 3.0</a><b><br /></b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="https://www.mandiant.com/resources/download/memoryze">https://www.mandiant.com/resources/download/memoryze</a></div> <div style="text-align: justify;"> <br /></div>

Mandiant Memoryze (Live Memory Forensic) :: Tools

Mandiant’s Memoryze is free memory forensic software that helps incident responders find evil in live memory. Memoryze can acquire ...

Read more »

PeePDF (PDF Analysis, Forensics, Creation and Modification) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdfssXOHi8T0g4PNVG2niVEqC8bGVS2bQv8_wc0aLv8WDhBJ6Qf4HmwrkQoJlcQQtkcpLkUrvaJT9SEivG30mCR9_7y4Shf87TpVzinYYtGUbSzmXiSqszzlHsUI0d9T1VuVnq7P5KubfM/s1600/PeePDF.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="PeePDF Analysis" border="0" height="400" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdfssXOHi8T0g4PNVG2niVEqC8bGVS2bQv8_wc0aLv8WDhBJ6Qf4HmwrkQoJlcQQtkcpLkUrvaJT9SEivG30mCR9_7y4Shf87TpVzinYYtGUbSzmXiSqszzlHsUI0d9T1VuVnq7P5KubfM/s1600-rw/PeePDF.jpg" title="PeePDF Analysis" width="400" /></a></div> <b>PeePDF</b> is a <b>Python tool to explore PDF files</b> in order to find out if the file can be harmful or not. The aim of this <a href="http://www.toolwar.com/search/label/Tools" target="_blank"> tool</a> is to provide all the necessary components that a <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> researcher could need in a <a href="http://www.toolwar.com/search/label/PDF" target="_blank">PDF analysis</a> without using 3 or 4 tools to make all the tasks. With peepdf it's possible to see all the objects in the document showing the suspicious elements, supports all the most used filters and encodings, it can parse different versions of a file, object streams and encrypted files. With the installation of PyV8 and Pylibemu it provides <b>Javascript and shellcode <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a></b> wrappers too. Apart of this it's able to create new PDF files and to modify/obfuscate existent ones. </div> <div style="text-align: justify;"> <br /> The main functionalities of peepdf are the following: </div> <div style="text-align: justify;"> <h3> <b> Analysis: </b></h3> </div> <ul style="text-align: justify;"> <li> Decodings: hexadecimal, octal, name objects </li> <li> More used filters </li> <li> References in objects and where an object is referenced </li> <li> Strings search (including streams) </li> <li> Physical structure (offsets) </li> <li> Logical tree structure </li> <li> Metadata </li> <li> Modifications between versions (changelog) </li> <li> Compressed objects (object streams) </li> <li> Analysis and modification of Javascript (PyV8): unescape, replace, join </li> <li> Shellcode analysis (Libemu python wrapper, pylibemu) </li> <li> Variables (set command) </li> <li> Extraction of old versions of the document </li> <li> Easy extraction of objects, Javascript code, shellcodes (>, >>, $>, $>>) </li> <li> Checking hashes on <a href="http://www.toolwar.com/2013/12/virustotal-analyze-files-and-urls-tools.html" target="_blank"><b>VirusTotal</b></a> </li> </ul> <div style="text-align: justify;"> <b> Creation/Modification: </b></div> <ul style="text-align: justify;"> <li> Basic PDF creation </li> <li> Creation of PDF with Javascript executed wen the document is opened </li> <li> Creation of object streams to compress objects </li> <li> Embedded PDFs </li> <li> Strings and names obfuscation </li> <li> Malformed PDF output: without endobj, garbage in the header, bad header... </li> <li> Filters modification </li> <li> Objects modification </li> </ul> <div style="text-align: justify;"> <b> Execution modes: </b></div> <ul style="text-align: justify;"> <li> Simple command line execution </li> <li> <b>Powerful interactive console</b> (colorized or not) </li> <li> Batch mode </li> </ul> <div style="text-align: justify;"> <b> TODO: </b></div> <ul style="text-align: justify;"> <li> Embedded PDFs analysis </li> <li> Improving automatic Javascript analysis </li> <li> GUI </li> </ul> <h3> Tutorials :: </h3> <b>PeePDF Installation :: </b><a href="http://code.google.com/p/peepdf/wiki/Installation" target="_blank">Click Here</a><b><a href="http://code.google.com/p/peepdf/wiki/Installation" target="_blank"> </a></b><br /> <b>PeePDF Execution :: </b><a href="http://code.google.com/p/peepdf/wiki/Execution" target="_blank">Click Here</a><br /> <b>PeePDF Commands ::  </b><a href="http://code.google.com/p/peepdf/wiki/Commands" target="_blank">Click Here</a><br /> <b>PDF Forensics and Analysis eBook</b> :: <a href="https://www.amazon.com/dp/B00LSF1TU6" target="_blank">Click Here</a> <br /> <br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/T1GcheLaY5M?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> Download ::</h3> <b>Linux | Windows :: </b><a href="http://peepdf.googlecode.com/files/peepdf_0.2-BlackHatVegas.zip" target="_blank">peepdf v0.2</a> (.zip)<b> | </b><a href="http://peepdf.googlecode.com/files/peepdf_0.2-BlackHatVegas.tar.gz" target="_blank">peepdf v0.2</a> (.tar.gz) <b> </b><br /> <b>Source Website ::</b> <a href="http://code.google.com/p/peepdf/">http://code.google.com/p/peepdf/</a>

PeePDF (PDF Analysis, Forensics, Creation and Modification) :: Tools

PeePDF is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to prov...

Read more »

Sandcat Browser (Web Penetration Testing) :: Framework

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTNeBldokTCCp2sKPEkIFaDYKilr89PbQIxdeIWaz7JEOT9ziJ36DF-zxINRCMAbUy_Rc-T4mqfPDm3Xl4N6chlKsO3pt3ex66r0qn8tqjYWzD6SbtSiTx3GHA8JDP2E633tsV5RAGFdVa/s1600/sandcat+browser+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="sandcat browser screenshot" border="0" height="310" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTNeBldokTCCp2sKPEkIFaDYKilr89PbQIxdeIWaz7JEOT9ziJ36DF-zxINRCMAbUy_Rc-T4mqfPDm3Xl4N6chlKsO3pt3ex66r0qn8tqjYWzD6SbtSiTx3GHA8JDP2E633tsV5RAGFdVa/s400-rw/sandcat+browser+screenshot.png" title="sandcat browser screenshot" width="400" /></a></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>Sandcat Browser</b> is the fastest web browser combined with the fastest scripting language packed with features for pen-testers<b>. Sandcat Browser</b> is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team. The <b> Sandcat Browser</b> is built on top of Chromium, the same engine that powers the Google Chrome browser, and uses the Lua programming language to provide extensions and scripting support. </div> <div class="vspace" style="text-align: justify;"> Some of its unique features include: </div> <ul style="text-align: justify;"> <li><b>Live HTTP Headers</b> — built-in live headers with a dedicated cache per tab and support for preview extensions </li> <li><b>Sandcat Console</b> — an extensible command line console; Allows you to easily run custom commands and scripts in a loaded page </li> <li><b>Resources</b> tab — allows you to view the page resources, such as JavaScript files and other web files. </li> <li><b>Page Menu</b> extensions — allows you to view details about a page and more. </li> <li><b>Pen-Tester Tools</b> — Sandcat comes with a multitude of pen-test oriented extensions. This includes a Fuzzer, a Script Runner, HTTP & XHR Editors, Request Loader, Request Replay capabilities and more. </li> </ul> <div class="vspace" style="text-align: justify;"> Features inherited from Chromium include: </div> <ul style="text-align: justify;"> <li><b>Multi-Process Architecture</b> — each tab is its own process </li> <li><b>Developer Tools</b> — in addition to the Chromium Developer Tools, Sandcat comes with a Source Code Editor and its own JavaScript and Lua consoles. </li> </ul> <h3 style="text-align: justify;"> <b> </b></h3> <h3 style="text-align: justify;"> <b>Tutorials ::</b></h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/xdeXF4F4T_Q?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> <b>Download ::</b></h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="http://www.syhunt.com/pub/downloads/sandcat-browser-4.4.exe" target="_blank">Sandcat v4.4</a><b> </b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://www.syhunt.com/?n=Sandcat.Browser">http://www.syhunt.com/?n=Sandcat.Browser</a><b> </b></div> <h3 style="text-align: justify;"> </h3> <div style="text-align: justify;"> </div>

Sandcat Browser (Web Penetration Testing) :: Framework

Sandcat Browser is the fastest web browser combined with the fastest scripting language packed with features for pen-testers . Sandcat...

Read more »

Volatility (Advanced Memory Forensics Framework) :: Framework

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Volatility Framework (Advance Memory Framework)" border="0" height="244" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwYsvSKFWGazVkY8HTm3e9MOP8FLgDHrNIEhfik5auQuUNypN7S2Vl_ZHpcAkdSMaAcULytu3T0GEW5lT53Towrr6YEo48gjALbDFYqIdwWgbH_SwnzwssHoTNoZWyDysqNDN1W5rFYL0S/s320-rw/volatility+logo.png" title="Volatility Framework (Advance Memory Framework)" width="320" /></div> <b>Volatility Framework</b> is a <i>Advanced Memory Forensics Framework. </i>The <b>Volatility Framework</b> is a completely open collection of <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a>, implemented in <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> under the GNU General Public License, for the extraction of digital artifacts from volatile <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a> (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibilty into the runtime state of the system. The <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank"> framework</a> is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile <a href="http://www.toolwar.com/search/label/Memory" target="_blank"> memory</a> samples and provide a platform for further work into this exciting area of research. <br /> The <b>Volatility Framework</b> demonstrates our commitment to and belief in the importance of open source digital investigation <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> . Volatile Systems is committed to the belief that the technical procedures used to extract digital evidence should be open to peer analysis and review. We also believe this is in the best interest of the digital investigation community, as it helps increase the communal knowledge about systems we are forced to investigate. Similarly, we do not believe the availability of these tools should be restricted and therefore encourage people to modify, extend, and make derivative works, as permitted by the GPL. </div> <h3 style="text-align: left;"> <span style="font-size: small;">Capabilities :-</span></h3> <div style="text-align: justify;"> The <b>Volatility Framework</b> currently provides the following extraction capabilities for memory samples </div> <ul style="list-style-type: disc; text-align: justify;"> <li>Image information (date, time, CPU count)</li> <li>Running processes</li> <li>Process SIDs and environment variables</li> <li>Open network sockets</li> <li>Open network connections</li> <li>DLLs loaded for each process</li> <li>Open handles to all kernel/executive objects (files, keys, mutexes)</li> <li>OS kernel modules</li> <li>Dump any process, DLL, or module to disk</li> <li>Mapping physical offsets to virtual addresses</li> <li>Virtual Address Descriptor information</li> <li>Addressable memory for each process</li> <li>Memory maps for each process</li> <li>Extract executable samples</li> <li>Scanning examples: processes, threads, sockets, connections, modules</li> <li>Command histories (cmd.exe) and console input/output buffers</li> <li>Imported and exported API functions</li> <li>PE version information</li> <li>System call tables (IDT, GDT, SSDT)</li> <li>API hooks in user- and kernel-mode (inline, IAT, EAT, NT syscall, winsock)</li> <li>Explore cached registry hives</li> <li>Dump LM/NTLM hashes and LSA secrets</li> <li>User assist and shimcache exploration</li> <li>Scan for byte patterns, regular expressions, or strings in memory</li> <li>Analyze kernel timers and callback functions</li> <li>Report on windows services</li> </ul> <h3> Tutorial ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/zhQP07YKLL0?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> </h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/zXh-1mK5FyU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> </h3> <h3> Download ::</h3> <b>Windows :: </b><a href="https://volatility.googlecode.com/files/volatility-2.3.1.standalone.exe" target="_blank">Volatility 2.3.1 Standalone </a><b> </b> <b> </b><br /> <b>Linux :: </b><a href="https://volatility.googlecode.com/files/volatility-2.3.1.tar.gz" target="_blank">Volatility 2.3.1.tar.gz</a><b> </b> <b> </b><br /> <b>Mac :: </b><a href="https://volatility.googlecode.com/files/MacProfilesAll.zip" target="_blank">Volatility Framework </a><br /> <b></b><b>Source :: </b><a href="https://code.google.com/p/volatility/">https://code.google.com/p/volatility/</a><b> </b>

Volatility (Advanced Memory Forensics Framework) :: Framework

Volatility Framework is a Advanced Memory Forensics Framework. The Volatility Framework is a completely open collection of tools , imp...

Read more »

OWASP Androick (Forensic Analysis on Android) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Android Forensics" border="0" height="290" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZJ_1RDUELmZ8Hp8cgrssB5b0X5mgQR8j1Vwh1HV1yITtkSA9nd57u9Vod3tLTOgvRJRdActpiJ0szI73A-Y38mXv3e43879WHZ30qYNoak_X9fz6wcJjDDe8pYSZc4iYwuJFzZmPMKizj/s1600-rw/Android+Forensics.jpg" title="Android Forensics" width="400" /></div> <div style="text-align: justify;"> <b>OWASP Androick</b> is a <a href="http://www.toolwar.com/search/label/Python" target="_blank">python tool</a> to help in <b>forensics analysis on android</b>. Put the package name, some options and the programm will download automatically apk, datas, files permissions, manifest, databases and logs. It is easy to use and avoid all repetitives tasks !</div> <h3 style="text-align: justify;"> Tutorials :: </h3> <div style="text-align: justify;"> <b>Usages :: </b></div> <pre><code><span style="font-family: "Courier New",Courier,monospace;">1) show help message ./androick.py -h </span> 2) show informations ./androick.py -a 3) select device to use ./androick.py -D serial_number PACKAGE_NAME_1 PACKAGE_NAME_2 ETC... ./androick.py --device serial_number PACKAGE_NAME_1 PACKAGE_NAME_2 ETC... 4) find package name ./androick.py [-v] -f <Part of package name> 5) download all related things of application ./androick.py [-v] -A PACKAGE_NAME_1 PACKAGE_NAME_2 ETC... 6) select only things you want extract ./androick.py [-v] [-d --datas] [-s --sql] [-m --manifest] [-p --permissions] </code></pre> <pre><code>[-m --memory-dump] [-l --logs] [--keyLogs="keywords"] PACKAGE_NAME_1 PACKAGE_NAME_2 ETC... 7) how to use option --keyLogs --keyLogs="key1,key2,key3" if more than one package --keyLogs="key1_P1,key2_P1|key1_P2|key1_P3,key2_P3,key3_P3" </code></pre> <pre><code> </code></pre> <pre><code>Example : ./androick.py -l --keyLogs="antivirus,protection|music,licence" com.package.antivirus com.music.player /!\ The memory dump option will mostly not works with production builds </code></pre> <h2> <a class="anchor" href="https://github.com/Flo354/Androick#author" name="user-content-author"></a><code> </code></h2> <h3 style="text-align: justify;"> Dependencies ::</h3> <div style="text-align: justify;"> Python - Python >=2.6 | Python Magic</div> <div style="text-align: justify;"> SDK - aapt | adb | hprof-conv</div> <div style="text-align: justify;"> Others - a rooted device | sqlite3</div> <h3 style="text-align: justify;"> Download :: </h3> <div style="text-align: justify;"> <b>Windows | Linux | Mac :: </b><a href="https://github.com/Flo354/Androick/archive/master.zip" target="_blank">OWASP Androick</a><b> </b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="https://www.owasp.org/index.php/OWASP_Androick_Project">https://www.owasp.org/index.php/OWASP_Androick_Project</a></div>

OWASP Androick (Forensic Analysis on Android) :: Tools

OWASP Androick is a python tool to help in forensics analysis on android . Put the package name, some options and the programm will dow...

Read more »