ToolWar | Information Security (InfoSec) Tools: CLI

PatrowlHears (Vulnerability Intelligence Center) :: Tools

<p style="text-align: center;"> <a href="#" style="margin-left: 1em; margin-right: 1em;"><img alt="PatrowlHears - Vulnerability Intelligence Center" border="0" data-original-height="95" data-original-width="426" height="142" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg78Yi-fUn6UnelJNfinTL6GmFcle_rN2kJVvbZkCeqyMWPTE-1c0Uo0rhirqcu-htF2eTBr5F4EYy0qj6L6eKHXBSOd387DApVooZ6SjJo612jyJVpfoFrQ1IfveC9EfrYrc_MsYqZrVpm/w640-h142/logo-patrowl-light.png" title="PatrowlHears - Vulnerability Intelligence Center" width="640" /> </a></p><p style="text-align: justify;"><span style="font-size: medium;"><span style="font-family: arial;"><span>PatrowlHears provides a unified source of vulnerability, exploit and threat Intelligence feeds. Users accesses a comprehensive and continuously updated vulnerability database scored and enriched with exploit and threat news information. These metadata are collected from public OSINT and private feeds. As today, it’s one of the most extended database.</span></span></span></p><code></code><p style="text-align: justify;"><span style="font-size: medium;"><b>Tutorial: </b><a href="https://makyotox.medium.com/patrowlhears-open-source-vulnerability-intelligence-center-a8577c462257" rel="nofollow" target="_blank">Click Here</a></span></p><p style="text-align: justify;"><span style="font-size: medium;"></span></p><div class="separator" style="clear: both; text-align: center;"><span style="font-size: medium;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgESDSSt8WN9e9FE8jTgauibslgmGYU-gxlA2KUNFhYXA77F5I2MfmxBDStpGCL335dQ6qq1X5nkgMYcGg91nl3KL7F1-bI7rb4o9QUYieLnTPuGrttTYC1Dd5UiZuR_jFIOTJWyPrO0p25/s700/1+2BX5kinORfnh_Y0cJA5XFA.png" rel="nofollow" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img alt="PatrowlHears" border="0" data-original-height="313" data-original-width="700" height="179" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgESDSSt8WN9e9FE8jTgauibslgmGYU-gxlA2KUNFhYXA77F5I2MfmxBDStpGCL335dQ6qq1X5nkgMYcGg91nl3KL7F1-bI7rb4o9QUYieLnTPuGrttTYC1Dd5UiZuR_jFIOTJWyPrO0p25/w400-h179/1+2BX5kinORfnh_Y0cJA5XFA.png" title="PatrowlHears" width="400" /></a></span></div><p></p><p style="text-align: justify;"><span style="font-size: medium;"><b>Download</b>: </span></p><p style="text-align: justify;"><span style="font-size: medium;">Linux: </span></p><pre><code>git clone https://github.com/Patrowl/PatrowlHears
cd PatrowlHears
./install.sh </code></pre><pre><code><span style="font-size: small;"><code><span style="font-family: arial;"><b>For Detailed Installation Guide:</b> <a href="https://github.com/Patrowl/PatrowlHears/blob/master/INSTALL.md" rel="nofollow" target="_blank">Click Here</a></span> </code></span> </code></pre><p style="text-align: justify;"><span style="font-size: medium;"><b>Submitted By:</b> <a href="https://twitter.com/makyotox" rel="nofollow" target="_blank">makyotox</a></span><br /></p>

PatrowlHears (Vulnerability Intelligence Center) :: Tools

PatrowlHears provides a unified source of vulnerability, exploit and threat Intelligence feeds. Users accesses a comprehensive and conti...

SubBrute (Subdomain Bruteforcer) :: Tools

<p style="text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEir8Vkrnp22NNcwJ4TRgPi1YAm_XJvNmKenaVQ0w98RW2yv5rqslLJflOiKfr0HEHmjopBvu_-nmjjxc3eYsn0w8kMP6PHuX9xMhvRigmyxoBDd-bwTEbnjX-H_haEpL0DfBWjSX9-CfDA/s1600/SubBrute.jpg" style="margin-left: 1em; margin-right: 1em;"><img alt="subbrute subdomain bruteforce" border="0" data-original-height="900" data-original-width="1600" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEir8Vkrnp22NNcwJ4TRgPi1YAm_XJvNmKenaVQ0w98RW2yv5rqslLJflOiKfr0HEHmjopBvu_-nmjjxc3eYsn0w8kMP6PHuX9xMhvRigmyxoBDd-bwTEbnjX-H_haEpL0DfBWjSX9-CfDA/w400-h225/SubBrute.jpg" title="subbrute subdomain bruteforce" width="400" /> </a></p><p style="text-align: justify;">SubBrute is a community driven project with the goal of creating the 
fastest, and most accurate subdomain enumeration tool.  Some of the 
magic behind SubBrute is that it uses open resolvers as a kind of proxy 
to circumvent DNS rate-limiting.  This design also provides a layer of anonymity, as SubBrute does not send traffic directly to the target's name servers.</p><p><span style="font-size: medium;"><b>I<span>nstallation & Use:</span></b> </span></p><p>No install required for Windows,  just cd into the 'windows' folder:</p>
<ul><li>subbrute.exe google.com</li></ul>
<p>Easy to install:
You just need and python2.7 or python3.  This tool should work under any operating system:  bsd, osx, windows, linux...</p>
<p>(On a side note giving a makefile root always bothers me,  it would be a great way to install a backdoor...)</p>
<p>Under Ubuntu/Debian all you need is:</p>
<ul><li>sudo apt-get install python-dnspython</li></ul>
<p>On other operating systems you may have to install dnspython manually:</p>

<p>Easy to use:</p>
<ul><li>./subbrute.py google.com</li></ul>
<p>Tests multiple domains:</p>
<ul><li>./subbrute.py google.com gmail.com blogger.com</li></ul>
<p>or a newline delimited list of domains:</p>
<ul><li>./subbrute.py -t list.txt</li></ul>
<p>Also keep in mind that subdomains can have subdomains (example: _xmpp-server._tcp.gmail.com):</p>
<ul><li>
<p>./subbrute.py gmail.com > gmail.out</p>
</li><li>
<p>./subbrute.py -t gmail.out</p>
</li></ul><p style="text-align: justify;"><b><span style="font-size: small;">Download: <a href="https://github.com/TheRook/subbrute" target="_blank">Subbrute v1.2.1</a><br /></span></b></p>

SubBrute (Subdomain Bruteforcer) :: Tools

SubBrute is a community driven project with the goal of creating the fastest, and most accurate subdomain enumeration tool. Some of th...

Sublist3r - Subdomain Enumeration / Scanner : Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiX9xrud6fayQX7f2OmbYU-qjmsBfi35Y0IOMLeMSt1J-XnREvEI3TP99ySPRbENncML8CtP-8Nj8ppzVMR1nkfJWP_4ACocVhp1ZkHhCTFlQlNxlDPkC0htQNyVAN8KELdRTWwRfydGVt3/s1600/Sublist3r.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Sublist3r - Subdomain Enumeration" border="0" data-original-height="413" data-original-width="867" height="190" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiX9xrud6fayQX7f2OmbYU-qjmsBfi35Y0IOMLeMSt1J-XnREvEI3TP99ySPRbENncML8CtP-8Nj8ppzVMR1nkfJWP_4ACocVhp1ZkHhCTFlQlNxlDPkC0htQNyVAN8KELdRTWwRfydGVt3/s400/Sublist3r.JPG" title="Sublist3r - Subdomain Scanner" width="400" /></a></div>
<div style="text-align: justify;">
Sublist3r is a python tool designed to enumerate subdomains of websites 
using OSINT. It helps penetration testers and bug hunters collect and 
gather subdomains for the domain they are targeting. Sublist3r 
enumerates subdomains using many search engines such as Google, Yahoo, 
Bing, Baidu, and Ask. Sublist3r also enumerates subdomains using 
Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS.</div>
<div style="text-align: justify;">
<br /></div>
<h2 style="text-align: justify;">
<span style="font-size: large;">Installation:</span></h2>
<blockquote class="tr_bq">
<pre><code>git clone https://github.com/aboul3la/Sublist3r.git</code></pre>
</blockquote>
<b><span style="font-size: small;">Dependencies:</span></b><br />
<blockquote class="tr_bq">
<pre><code>sudo pip install -r requirements.txt</code></pre>
</blockquote>
<b><span style="font-size: small;">How To Use:</span></b> <br />
<blockquote class="tr_bq">
<span style="font-size: large;"> </span><code>python sublist3r.py -v -d example.com</code></blockquote>
where -V : Verbose, -d : Domain<br />
<br />
<h3>
<b>Download:: </b> </h3>
Linux & Windows : <a href="https://github.com/aboul3la/Sublist3r" rel="nofollow" target="_blank">Sublis3r (Official Page)</a>

Sublist3r - Subdomain Enumeration / Scanner : Tools

Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collec...

Raptor (Web Application Firewall) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiadcCxjJTdux51f0JnZ23ps_ghlV5q5tBnR2Xv4ExUOtd8LXLQSWTjZCMEyLd7dUktgn7BL70xkpRD5Hh2v461lGfjvlUGFsntnBgcuOUEU_JBZhfqZHYDfF-NPfiBj6aYlvqwxsQHwQ-z/s1600/Raptor.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Download Web Application Firewall Raptor" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiadcCxjJTdux51f0JnZ23ps_ghlV5q5tBnR2Xv4ExUOtd8LXLQSWTjZCMEyLd7dUktgn7BL70xkpRD5Hh2v461lGfjvlUGFsntnBgcuOUEU_JBZhfqZHYDfF-NPfiBj6aYlvqwxsQHwQ-z/s1600/Raptor.png" title="Raptor Web Application Firewall" /></a></div>
<div style="text-align: justify;">
<b>Raptor</b> is an Open Source Tool, your focus is study of attacks and find intelligent ways to block attacks. Raptor is made in pure C, don’t use regex or other common ways to block attacks, use deterministic finite automaton, yes is diferent and fast like a raptor dinosaur, Raptor follow principle KISS (Keep It Simple), you can use Raptor to simulate attacks and learning new ways to bypasses.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
WAF stands for Web Application Firewall. It is widely used nowadays to detect and defend SQL Injections and XSS...</div>
<ul>
<li>    You can block XSS, SQL injection attacks and path traversal with Raptor</li>
<li>    You can use blacklist of IPs to block some users at config/blacklist ip.txt</li>
<li>    You can use IPv6 and IPv4 at communications</li>
<li>    At the future DoS protector, request limit, rule interpreter and Malware detector at uploads.</li>
<li>    At the future SSL/TLS...</li>
</ul>
<b>Installation: </b><br />
to run:<br />$ git clone https://github.com/CoolerVoid/raptor_waf<br />$ cd raptor_waf; make; bin/raptor<br />
<br />
<b>Usage: </b><br />
Up some HTTPd server at port 80<br />$ bin/Raptor -h localhost -p 80 -r 8883 -w 4 -o loglog.txt<br />
<b> </b><br />
<b>Documentation: </b><a href="https://github.com/CoolerVoid/raptor_waf/blob/master/doc/raptor.pdf" rel="nofollow" target="_blank">Click Here</a><b> </b><br />
<h3>
<b>Download: </b></h3>
<b>Linux: </b><a href="http://sourceforge.net/projects/raptorwaf/files/latest/download" rel="nofollow" target="_blank">Raptor</a>  <b><br /></b>

Raptor (Web Application Firewall) :: Tools

Raptor is an Open Source Tool, your focus is study of attacks and find intelligent ways to block attacks. Raptor is made in pure C, don’...

Katana (Penetration Testing) :: Framework

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhw1qTlDYqNtKvMj9NxyH9Z1j3SfWPp0LHjUlIvAoh3fymYv3sUWHQ5obhS3z3ZjfPDr8j-FcvHs27sgD2ea_KOxRs-iXdsa31FWYMOA5E8hajACfsjq2Q23aDoRo334OJnAsTMUjM7Cfo_/s1600/Katana+Framework.png" imageanchor="1"><img alt="Download Katana Framework For Penetration Testing" border="0" height="130" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhw1qTlDYqNtKvMj9NxyH9Z1j3SfWPp0LHjUlIvAoh3fymYv3sUWHQ5obhS3z3ZjfPDr8j-FcvHs27sgD2ea_KOxRs-iXdsa31FWYMOA5E8hajACfsjq2Q23aDoRo334OJnAsTMUjM7Cfo_/s400/Katana+Framework.png" title="Katana Framework" width="400" /></a></div>
<div style="text-align: justify;">
<b>Katana</b> is a framework written in <b>python</b> for making penetration testing,  based on a simple and comprehensive structure for anyone to use, modify  and share, the goal is to unify tools serve for professional when making  a penetration test or simply as a routine tool, The current version is  not completely stable, is recommended update ever that you use it.</div>
<h3>
<b>Installation::</b></h3>
Installation of Katana framework: is necesary install all dependencies for a good performance. <br />
<blockquote class="tr_bq">
<pre><i>git clone https://github.com/PowerScript/KatanaFramework.git
cd KatanaFramework
sudo sh dependencies
sudo python install
</i></pre>
<div style="text-align: justify;">
<br /></div>
</blockquote>
<b>How to Use:: </b><a href="https://github.com/PowerScript/KatanaFramework/wiki/How-to-use" rel="nofollow" target="_blank">Click Here</a> <br />
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Video Tutorial: </b></div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/B0QsDwYTrnI/0.jpg" frameborder="0" height="330px" src="https://www.youtube.com/embed/B0QsDwYTrnI?feature=player_embedded" width="100%"></iframe></div>
<div style="text-align: justify;">
<h3>
<b>Download:</b></h3>
<b>Linux:  </b><a href="https://github.com/PowerScript/KatanaFramework" rel="nofollow" target="_blank">Katana Framework</a><br />
<br />
<b>Submitted By: </b>RedToor</div>

Katana (Penetration Testing) :: Framework

Katana is a framework written in python for making penetration testing, based on a simple and comprehensive structure for anyone to us...

File Checksum Integrity Verifier (FCIV) :: Tools

<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifiuoVgmPKnVv9FUPZCSghpYzLaUQwzuaKU8v8skrGBuWZoj41I7sJPa5FdwMXd-6eNTmk1tDeez_445FFajOVtFnJ41J5DDpJt86mLlt_wOEi4IlFikSdtZmR1TuI6jvApYPg6gM-Gx52/s1600/File+Checksum+Integrity+Verifier+FCIV.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="File Checksum Integrity Verifier (FCIV)" border="0" height="299" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifiuoVgmPKnVv9FUPZCSghpYzLaUQwzuaKU8v8skrGBuWZoj41I7sJPa5FdwMXd-6eNTmk1tDeez_445FFajOVtFnJ41J5DDpJt86mLlt_wOEi4IlFikSdtZmR1TuI6jvApYPg6gM-Gx52/s640/File+Checksum+Integrity+Verifier+FCIV.JPG" title="File Checksum Integrity Verifier (FCIV)" width="640" /></a></div><div style="text-align: justify;">The File Checksum Integrity Verifier (FCIV)  is a command-prompt utility  that computes and verifies cryptographic hash values of files. FCIV   can compute MD5 or SHA-1 cryptographic hash values. These values can be  displayed on the screen or saved in an XML file database for later use  and verification.</div><div style="text-align: justify;">FCIV (File Checksum Integrity Verifier) is a small tool or utility from  Microsoft that allow us to compute (MD5 and SHA1) and verify Integrity  of files. If you are a malware analyst or a researcher or a user who  want secure things then you can done a fabulous things with this small  utility.</div><h3 class="sbody-h3" style="text-align: justify;">Features</h3><div style="text-align: justify;">The FCIV utility has the following features:</div><ul class="sbody-free_list"><li style="text-align: justify;"> Supports MD5  or SHA1 hash algorithms (The default is MD5.)</li>
<li style="text-align: justify;"> Can output hash values to the console or store the hash value and file name in an XML file</li>
<li style="text-align: justify;">Can recursively generate hash values for all files in a directory and in all subdirectories (for example, <span class="text-base">fciv.exe c:\ -r</span>)</li>
<li style="text-align: justify;">Supplies an exception list to specify files or directories to hash</li>
<li style="text-align: justify;">Can store hash values for a file with or without the full path of the file</li>
</ul><h3> Example usage</h3><ul class="sbody-free_list"><li>To display the MD5 hash of a file, type the following command at a command prompt: <div class="indent"><span class="sbody-userinput">fciv.exe <var class="sbody-var">filename</var></span></div><span class="text-base">Note </span><var class="sbody-var"> filename</var> is the name of the file.</li>
<li>To compute a hash of a file, type a command line that is similar to any one of the following command lines:         <div class="indent"><span class="sbody-userinput">fciv.exe c:\mydir\<var class="sbody-var"><var class="sbody-var">myfile.dll</var></var></span><br />
<br />
<span class="sbody-userinput">fciv.exe c:\ -r -exc exceptions.txt -sha1 -xml dbsha.xml</span><br />
<br />
<span class="sbody-userinput">fciv.exe c:\<var class="sbody-var">mydir</var> -type *.exe</span><br />
<br />
<span class="sbody-userinput">fciv.exe c:\<var class="sbody-var">mydir</var> -wp -both -xml db.xml</span></div></li>
<li>To list the  hashes that are stored in a database, type a command line that is similar to the following command line:         <div class="indent"><span class="sbody-userinput">fciv.exe -list -sha1 -xml db.xml</span></div></li>
<li>To verify a hash in a file, type a command line that is similar to any one of the following command lines:         <div class="indent"><span class="sbody-userinput">fciv.exe -v -sha1 -xml db.xml</span><br />
<br />
<span class="sbody-userinput">fciv.exe -v -bp c:\<var class="sbody-var">mydir</var> -sha1 -xml db.xml</span></div></li>
</ul><h3>Video Tutorial::</h3><br />
<div class="separator" style="clear: both; text-align: center;"><br />
<iframe width="100%" height="330" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/sOtnut9wM38/0.jpg" src="https://www.youtube.com/embed/sOtnut9wM38?feature=player_embedded" frameborder="0" allowfullscreen></iframe></div><br />
<h3>Download ::</h3><b>Windows:</b> <a href="http://www.microsoft.com/en-in/download/details.aspx?id=11533" rel="nofollow" target="_blank">Microsoft FCIV</a>

File Checksum Integrity Verifier (FCIV) :: Tools

The File Checksum Integrity Verifier (FCIV) is a command-prompt utility that computes and verifies cryptographic hash values of files. FCI...

SpiderFoot (Open Source Footprinting) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="spiderfoot logo" border="0" height="97" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3OsA6C6TqkPGzSteLe5Il6DIbd5vJ2R2ygYKxmMpztIbUkSadC9dsHcwl_7QR802M4qPoJJisrwSlI8DMAEUell4jeIyK4qx3jReRPGdrFQmb11OzHZZF0LqZ5PMxpn_9YKKrUSujN-Vq/s1600/spiderfoot-logo-named.jpg" title="spiderfoot logo" width="320" /></div>
<div style="text-align: justify;">
<b>SpiderFoot</b> is a free, <b>open-source footprinting tool</b>, enabling you to perform various scans against a given domain name in order to <i>obtain information</i> such as <i>sub-domains, e-mail addresses, owned netblocks, <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> server versions</i> and so on. The main objective of <b>SpiderFoot</b> is to automate the <b>footprinting</b> process to the greatest extent possible, freeing up a penetration tester’s time to focus their efforts on the <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> <a href="http://www.toolwar.com/search/label/Testing" target="_blank">testing</a> itself. <br />
<br />
<h3>
Features ::</h3>
</div>
<ul style="text-align: justify;">
<li><b>SpiderFoot's</b> simple web-based interface enables you to kick off a scan immediately after install - just give your scan a name, the domain name of your target and select which modules to enable. </li>
<li>You will quickly obtain information such as: URLs handling <a href="http://www.toolwar.com/search/label/Password" target="_blank">passwords</a>, <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> ranges (netblocks), web servers, open ports, information about SSL certificates, and much more.</li>
<li>All <b>SpiderFoot</b> scan results are stored within an internal SQLite database, meaning that during a running scan and after a scan has completed, you can easily browse results, export to CSV and soon also be able to search scan results.</li>
<li><b>SpiderFoot</b> is designed from the ground-up to be modular. This means you can easily add your own modules that consume data from other modules to perform whatever task you desire. As a simple example, you could create a module that automatically attempts to <a href="http://www.toolwar.com/search/label/Bruteforce" target="_blank">brute-force </a>usernames and passwords any time a password-handling webpage is identified by the spidering module.</li>
</ul>
<h3>
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/jD2rgooP2T0?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3>
 </h3>
<b>Installing ::</b> <a href="https://github.com/smicallef/spiderfoot/wiki/Installing" target="_blank">Click Here</a>  
<b> </b><br />
<b>Release Notes ::</b> <a href="https://github.com/smicallef/spiderfoot/wiki/Release-Notes" target="_blank">Click Here</a>

<br />
<br />
<h3>
Download ::</h3>
<b>Windows ::</b> <a href="http://sourceforge.net/projects/spiderfoot/files/SpiderFoot-2.1.0-w32.zip/download" target="_blank">SpiderFoot v2.1.0x86</a> (.zip)<br />
<b>Linux/Solaris/BSD ::</b> <a href="http://sourceforge.net/projects/spiderfoot/files/spiderfoot-2.1.0-src.tar.gz/download" target="_blank">SpiderFoot v2.10</a> (.tar.gz)
<b> </b><br />
<b>Official Website :: </b><a href="http://www.spiderfoot.net/">http://www.spiderfoot.net/</a>

SpiderFoot (Open Source Footprinting) :: Tools

SpiderFoot is a free, open-source footprinting tool , enabling you to perform various scans against a given domain name in order to obta...

Suricata (IDS/IPS Engine) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="suricata logo" border="0" height="265" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBA8R1kVvwx8gIls0T9zJesWG83diVGoQDvpgQ64t30hKH72d_JYtyh6xI7vCSI20ZvkEvN3A3va6GdCt1J0dGvzTFshoa1K338lSeSq1we3BTEUrhBpV9mg7FY32RNfglod3Y94UbDU91/s1600/suricata.png" title="suricata logo" width="320" /></div>
<b>The Suricata Engine</b> is an <b>Open Source Next Generation Intrusion Detection and Prevention Engine.</b> This engine is not intended to just replace or emulate the existing <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> in the industry, but will bring new ideas and technologies to the field.<br />
<br />
<b>OISF</b> is part of and funded by the Department of Homeland Security's Directorate for Science and Technology HOST program (Homeland Open Security Technology), by the the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as through the very generous support of the members of the OISF Consortium. More information about the Consortium is available, as well as a list of our current Consortium Members.<br />
<br />
The <b>Suricata </b>Engine and the HTP Library are available to use under the GPLv2.<br />
<br />
The HTP Library is an HTTP normalizer and parser written by Ivan Ristic of Mod <a href="http://www.toolwar.com/search/label/Security" target="_blank">Security</a> fame for the OISF. This integrates and provides very advanced processing of HTTP streams for <b>Suricata</b>. The HTP library is required by the engine, but may also be used independently in a range of applications and tools.</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<h3>
Tutorial ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/A8e3y2DRiWg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
</div>
<div style="text-align: justify;">
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/-CDGwRm2ue8?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3>
Download ::</h3>
</div>
<div style="text-align: justify;">
<b>Unix, Linux & Mac :: </b><a href="https://redmine.openinfosecfoundation.org/attachments/download/971/Suricata-1.4.7-1-32bit.msi" target="_blank">Suricata v1.4.7</a> (.tar.gz)<b>
</b></div>
<div style="text-align: justify;">
<b>Windows :: </b><a href="https://redmine.openinfosecfoundation.org/attachments/download/971/Suricata-1.4.7-1-32bit.msi" target="_blank">Suricata v1.4.7.1</a> (.msi)</div>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://www.openinfosecfoundation.org/index.php/download-suricata">http://www.openinfosecfoundation.org/index.php/download-suricata</a></div>

Suricata (IDS/IPS Engine) :: Tools

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just re...

XSSYA v2.0 (Cross Site Scripting Vulnerability Confirmation) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="XSSYA" border="0" height="331" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNyLNtuNpGkSYVXv-zl0SWTmpu-N6hsMjZKUMWHY9Yr3-POS5ttLGClLCyeE9UKcizHkGBuH-983P6_jdBjo6CSewy_F_t5UcNwzj63_46CmPuWVQDysRaMutNYvz6cp9a2otmjHFyIcjA/s1600/XSSYA+Screenshot.png" title="XSSYA Screenshot" width="640" /></div>
<br />
<div style="text-align: justify;">
<b>XSSYA (Cross Site Scripting Scanner & Vulnerability Confirmation)</b> written in <a href="http://www.toolwar.com/search/label/Python" target="_blank">python</a> scripting language confirm the <a href="http://www.toolwar.com/search/label/XSS" target="_blank">XSS Vulnerability</a> in two method first work by execute the payload encoded to bypass <a href="http://www.toolwar.com/search/label/Web" target="_blank">Web</a> Application Firewall which is the first method  request and response if it respond 200 it turn to Method 2 which search that payload decoded in web page HTML code if it confirmed get the last step which is execute document.cookie to get the cookie. </div>
<br />
<h3>
Key Features:</h3>
<ul>
<li>Support HTTPS</li>
<li>After Confirmation (execute payload to get cookies)</li>
<li>Can be run in (Windows - Linux)</li>
<li>Identify 3 types of WAF (Mod_Security - WebKnight - F5 BIG IP)</li>
<li>XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall)</li>
<li>Support Saving The Web HTML Code Before Executing</li>
<li>the Payload Viewing the Web HTML Code into the Screen or Terminal</li>
</ul>
<h3>
What's New: </h3>
(XSSYA v 2.0 has more payloads; library contains 41 payloads to enhance detection level XSS scanner is now removed from XSSYA to reduce false positive. URLs to be tested used to not allow any character at the end of the URL except (/ - = -?) but now this limitation has been removed.<br />
<br />
<div style="text-align: justify;">
Custom Payload 1 – You have the ability to Choose your Custom Payload Ex: and you can encode your custom payload with different types of encodings like (B64 – HEX – URL_Encode –- HEX with Semi Columns). (HTML Entities à Single & Double Quote only - brackets – And – or Encode all payload with HTML Entities) This feature will support also XSS vulnerability confirmation method which is you choose you custom payload and custom Encoding execute if response 200 check for same payload decoded in HTM code page. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
HTML5 Payloads XSYSA V2.0 contains a library of 44 HTLM5 payloads XSSYA have a Library for the most vulnerable application with XSS – Cross site scripting and this library counting (Apache – WordPress – PHPmy Admin) If you choose application it give the CVE Number version of Apache which is affected and the link for CVE for more details so it will be easy to search for certain version that is affected with XSS. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
XSSYA has the feature to convert the IP address of the attacker to (Hex, Dword, Octal) to bypass any security mechanism or IPS that will be exist on the target Domain. XSSYA check is the target is Vulnerable to XST (Cross Site Trace) which it sends custom Trace Request and check if the target domain is Vulnerable the request will be like this: </div>
<br />TRACE / HTTP/1.0 <br />Host: demo.testfire.net <br />Header1: < script >alert(document.cookie);<br />
<h3>
Tutorials:</h3>
<b>User Guide:</b> <a href="http://labs.dts-solution.com/xssya-forget-the-browser-for-xss-by-yehia-mamdouh/" target="_blank">Click Here</a><br />
<h3>
Download:</h3>
<b>Python: </b><a href="https://github.com/yehia-mamdouh/XSSYA-V-2.0/archive/master.zip" target="_blank">XSSYA v2.0</a>

XSSYA v2.0 (Cross Site Scripting Vulnerability Confirmation) :: Tools

XSSYA (Cross Site Scripting Scanner & Vulnerability Confirmation) written in python scripting language confirm the XSS Vulnerabili...

Juli (MITM) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="MITM Attack Security" border="0" height="305" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO8ISFmjA0ekD7MPO8ICWGwpqxp0xB5sjipk9sIvcZyXydEZ4YA3TdPy0DID6206FpnsQF94cYahJVQlvRI8mFhifxNHnoqQe8lRrQSzD1Nb0FulPIAmHltwTkMP-pCvxsLo32-8Gk8M3K/s1600/Parasite-Attack-MITM.jpg" title="MITM Attack Security" width="640" /></div>
<br />
A simple automated perl script for MiTM ( man-in-the-middle ) attacks. <br />
<h4>
</h4>
<h4>
Requirements:</h4>
<ul class="task-list">
<li>Linux ( I tested it on Ubuntu 14.04 LTS )</li>
<li>Perl</li>
<li>sslstrip <a href="https://github.com/moxie0/sslstrip">https://github.com/moxie0/sslstrip</a>
</li>
<li>arpsoof ( from dsniff can be found here <a href="http://www.monkey.org/%7Edugsong/dsniff/">http://www.monkey.org/~dugsong/dsniff/</a> )</li>
</ul>
<h4>
Usage:</h4>
Script must be runned as a root user<br />

<ul class="task-list">
<li>
sudo juli.pl interface targetip</li>
</ul>
<b>Download:</b><br />
<b>Linux: <a href="https://github.com/em616/Juli" target="_blank">Juli.pl</a></b>

Juli (MITM) :: Tools

A simple automated perl script for MiTM ( man-in-the-middle ) attacks. Requirements: Linux ( I tested it on Ubuntu 14.04 LTS ) Per...

Capstone (Disassembly Framework) :: Framework

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="capstone disassembler" border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWQQc6jFFxBdew0SfkMRlTH0TSgVUzxWMCN6bSY2mxV-tcDnKFolrpjaOf0Dka2oqp6Dqs2WxUlRC3bh3ktMzdkyxqvc8ahRHCzUCVN4KF4Oz0IbzNy4CjtjcOnIZ_MH9cDNFmxMXRprqN/s320/Capstone+Disassembler.png" title="capstone disassembler" width="320" /></div>
<b>Capstone </b>is a lightweight multi-platform, multi-architecture <a href="http://www.toolwar.com/search/label/Assembler/Disassembler" target="_blank">disassembly</a> <a href="http://www.toolwar.com/search/label/Framework" target="_blank">framework</a>. Our target is to make <b>Capstone</b> the ultimate disassembly engine for binary analysis and <a href="http://www.toolwar.com/search/label/Reverse" target="_blank">reversing</a> in the <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> community.<br />
<h3>
Features</h3>
</div>
<ul style="text-align: justify;">
<li>Support hardware architectures: ARM, ARM64 (aka ARMv8), Mips & X86.</li>
<li>Clean/simple/lightweight/intuitive architecture-neutral API. </li>
<li>Provide details on disassembled instruction (called “decomposer” by others).</li>
<li>Provide some semantics of the disassembled instruction, such as list of implicit registers read & written.</li>
<li>Implemented in pure C language, with bindings for Python, Ruby, OCaml, C#, Java and GO available.</li>
<li>Native support for Windows & *nix (including MacOSX, Linux, *BSD platforms).</li>
<li>Thread-safe by design.</li>
<li>Distributed under the open source BSD license</li>
</ul>
<h3>
 </h3>
<h3>
Tutorials ::</h3>
<b>Text Tutorials :: </b><a href="http://www.capstone-engine.org/documentation.html" target="_blank">Click Here </a><br />
<h3>
Download ::</h3>
<b>Windows ::</b> <a href="http://www.capstone-engine.org/download/1.0/capstone-1.0-win32.zip" target="_blank">Capstone v1 (Win32)</a><br />
<b>Linux :: <a href="http://www.blogger.com/goog_1808671360">C</a></b><a href="http://www.capstone-engine.org/download/1.0/capstone-1.0_i386.deb" target="_blank">apstone-1.0_i386.deb</a><br />
<b>Official Website :: </b><a href="http://www.capstone-engine.org/">http://www.capstone-engine.org/</a><br />
<div class="separator" style="clear: both; text-align: left;">
<a href="http://www.capstone-engine.org/download/1.0/capstone-1.0-win32.zip" target="_blank"></a></div>

Capstone (Disassembly Framework) :: Framework

Capstone is a lightweight multi-platform, multi-architecture disassembly framework . Our target is to make Capstone the ultimate disass...

Mandiant Redline (Memory and File Analysis) :: Tools

<div class="separator" style="clear: both; text-align: center;">
 <img alt="Mandiant Redline Logo" border="0" height="233" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi85inxEf7aGj9rwDfJlLA1TZjt029HkuPRCGRhLSQHEAM3zBvwbuLTQ5KRk0_EUdzGhbt6PbzzhpzYo2kQigms2_eBtiT3rOaRdXb8fjaQlF-7JuBE_st3IAFkZd3E5dxJ-TJdPkeBzB0X/s400/Memoryze+Logo.png" title="Mandiant Redline Logo" width="400" /></div>
<div style="text-align: justify;">
<b>Redline, Mandiant’s</b> premier free tool, provides<i> host investigative</i> 
capabilities to users to find signs of <i>malicious activity through memory
 and file analysis</i>, and the development of a threat assessment profile. 
 With <b>Redline,</b> users can:</div>
<ul style="text-align: justify;">
<li>Thoroughly audit and collect all running processes and drivers 
from <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a>, file system metadata, <a href="http://www.toolwar.com/search/label/Registry" target="_blank">registry</a> data, event logs, <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> 
information, services, tasks, and <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> history.</li>
<li>Analyze and view imported audit data, including narrowing and 
filtering results around a given timeframe using <b>Redline’s</b> Timeline 
functionality with the TimeWrinkle™ and TimeCrunch™ features.</li>
<li>Streamline memory analysis with a proven workflow for analyzing <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a> based on relative priority.</li>
<li>Identify processes more likely worth investigating based on the <b>Redline</b> Malware Risk Index (MRI) score.</li>
<li>Perform Indicator of Compromise (IOC) <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a>. Supplied with a set 
of IOCs, the Redline Portable Agent is automatically configured to 
gather the data required to perform the IOC analysis and an IOC hit 
result review. </li>
</ul>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
In addition, <b>Redline</b> can be used in conjunction with <b>Mandiant for Intelligent Response®(MIR®)</b> and <b>Mandiant for Security Operations™:</b></div>
<div style="text-align: justify;">
</div>
<ul style="text-align: justify;">
<li>Investigators can open audits gathered in Mandiant for 
Intelligent Response (MIR) directly in Redline to quickly identify a 
malicious process and create an IOC based on the analysis. MIR can use 
this IOC to quickly sweep a <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> to identify all other systems 
running the same or similar malware.</li>
<li>Mandiant for Security Operations users can open triage collections 
directly in Redline in order to perform in-depth <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a> allowing the 
user to establish a timeline and the scope of an incident.</li>
</ul>
<b>Mandiant Redline 1.11</b> includes various changes to improve your user 
experience, and adds support for <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> 8 and 2012. A redesigned find 
panel remains open and offers users the ability to search and filter on a
 specific column. You can also filter lists by multiple tags at the same
 time and choose whether to include only items that do or do not have a 
comment. Finally, the Redline Collector now provides beta support for 
gathering Windows 2012 and Windows 8 data..<br />
<br />
<br />
<b>Supported Operating Systems:</b> Windows XP, Windows Vista, Windows 7, Windows 8 (32-bit and 64-bit)<br />
<br />
<h3>
Tutorials ::</h3>
<b>User Guide :: </b><a href="http://www.mandiant.com/library/Redline1.11_UserGuide.pdf">Mandiant Redline 1.11 (PDF)</a><br />
<b>Redline Blog :: </b><a href="https://www.mandiant.com/blog/tag/redline/" target="_blank">Mandiant Redline Blog </a><br />
<br />
<h3>
Download ::</h3>
<b>Windows :: </b><a href="https://www.mandiant.com/library/Redline-1.11.msi" target="_blank">Mandiant Redline v1.11</a><b><br /></b><br />
<b>Official Website ::</b> <a href="https://www.mandiant.com/resources/download/redline">https://www.mandiant.com/resources/download/redline</a>

Mandiant Redline (Memory and File Analysis) :: Tools

Redline, Mandiant’s premier free tool, provides host investigative capabilities to users to find signs of malicious activity throug...

WAIDPS (Wireless Auditing and IDS/IPS) :: Tools

<div class="MsoNormal" style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP2brw15uNZM6cni3F7-EtWQHYhj-0aNTw7yRP5neqqvJNHGdMiVN1N_0W3-Viquk330eFmeUtUUvL8svfYNwbfTIeN9EHznj0wezjqVUp-xF_BlO8Gs1EjB_PoXg6gp8JdoTV0ztUiuyz/s1600/WAIDPS.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="281" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP2brw15uNZM6cni3F7-EtWQHYhj-0aNTw7yRP5neqqvJNHGdMiVN1N_0W3-Viquk330eFmeUtUUvL8svfYNwbfTIeN9EHznj0wezjqVUp-xF_BlO8Gs1EjB_PoXg6gp8JdoTV0ztUiuyz/s1600/WAIDPS.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: Arial;"><b>WAIDPS</b> (Wireless Auditing, Intrusion Detection and Prevention System) is an open source <b>wireless swissknife</b> written in <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> and work on <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> environment. This is a multipurpose tools designed for audit (<a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration testing</a>) networks, detect wireless intrusion (WEP/WPA/WPS attacks) and also intrusion prevention (stopping station from associating to access point). Apart from these, it will harvest all <a href="http://www.toolwar.com/search/label/WiFi" target="_blank">WiFi</a> information in the surrounding and store in databases. This will be useful when it comes to auditing a <a href="http://www.toolwar.com/search/label/Network" target="_blank">network </a>if the access point is ‘MAC filtered’ or ‘hidden SSID’ and there isn’t any existing client at that moment. </span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;"><b>WAIDPS</b> may be useful to penetration testers, <a href="http://www.toolwar.com/search/label/Wireless" target="_blank">wireless</a> trainers, law enforcement agencies and those who is interested to know more about wireless auditing and protection. The primarily purpose for this script is to detect intrusion. Once wireless detect is found, it display on screen and also log to file on the attack. Additional features are added to current script where previous WIDS does not have are :</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">automatically save the attack packets into a file</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">interactive mode where users are allow to perform many functions</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">allow user to analyse captured packets</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">load previously saved pcap file or any other pcap file to be examine</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">customizing filters</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">customize detection threshold (sensitivity of IDS in detection)</span></div>
<div class="MsoNormal" style="margin-left: 0.5in; text-align: justify;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">At present, <b>WAIDPS</b> is able to detect the following wireless attacks and will subsequently add other detection found in the previous WIDS.</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Association / Authentication flooding</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect mass deauthentication which may indicate a possible WPA attack for handshake </span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect possible WEP attack using the ARP request replay method</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect possible WEP attack using chopchop method</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect possible WPS pin bruteforce attack by Reaver, Bully, etc.</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detection of Evil-Twin</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detection of Rogue Access Point</span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">The whole structure of the <a href="http://www.toolwar.com/search/label/WiFi" target="_blank">Wireless Auditing</a>, <a href="http://www.toolwar.com/search/label/IDS" target="_blank">Intrusion Detection</a> & <a href="http://www.toolwar.com/search/label/IPS" target="_blank">Prevention System</a> will comprise of </span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">Harvesting WiFi Information         [Done]</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">Intrusion Detection                         [Done]</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">Intrusion Prevention                       [Done]</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">Auditing (Testing network)            [Done]</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">Other additional item include analyzing of packets, display of captured dump, display network barchart and much more.</span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<b><span style="font-family: Arial;">Requirements</span></b></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">No special equipment is required to use this script as long as you have the following :</span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   1. Root access (admin)</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">2. Wireless interface which is capable of monitoring and injection</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">3. Python 2.7 installed </span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">4. <a href="http://www.toolwar.com/2013/09/aircrack-ng-12-beta.html" target="_blank">Aircrack-NG suite</a>installed</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">5. TShark installed</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">6 TCPDump installed</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">7 Mergecap installed (for joining pcap files)</span></div>
<div style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">8 xterm  installed</span></div>
<div style="text-align: justify;">
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<b><span style="font-weight: normal;"><span style="font-family: Arial;"><b>Structure of WAIDS’ Display :: </b></span></span></b></div>
<div class="MsoNormal">
<span style="font-family: Arial;">Before starting with the detail description of the whole application, WAIDPS display structures are separated in several parts. For better understanding, the structures are as below.</span></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<b><span style="font-family: Arial;">WiFi-Harvesting Module</span></b></div>
<div class="MsoNormal">
<span style="font-family: Arial;">- Collecting/Storing of Access Points/Stations details and the relationship with each other. [<b>Access Points / Wireless Clients Listing</b>]</span></div>
<span style="font-family: Arial;">- Displaying of unassociated station information and its probe </span></div>
<div style="text-align: justify;">
<span style="font-family: Arial;">[<b>Unassociated Stations</b>]</span> <br />
<div class="MsoNormal">
<span style="font-family: Arial;">- Allowing user to enter MAC addresses / Names to be monitored </span></div>
<div class="MsoNormal">
<span style="font-family: Arial;">[<b>Monitoring Panel</b>]</span></div>
<span style="font-family: Arial;">- Association of stations to access point, station switch from one access point to another, station acting as both a wireless client and access point, etc </span></div>
<div style="text-align: justify;">
<span style="font-family: Arial;">[<b>Association/Connection Alert</b>]</span> <br />
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<b><span style="font-family: Arial;">Intrusion Detection</span></b></div>
<div class="MsoNormal">
<span style="font-family: Arial;">- Capture/Analyzing of packets </span></div>
<div class="MsoNormal">
<span style="font-family: Arial;">- Displaying of Station/Access Point MAC addresses and detected suspicious data count [<b>Suspicious Activity Listing</b>]</span></div>
<div class="MsoNormal">
<span style="font-family: Arial;">- Displaying of analysed WEP/WPA/WPS attack pattern and its detail [<b>Attack Detected</b>]</span></div>
<div class="MsoNormal">
</div>
</div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>Screenshots ::  </b><a href="http://syworks.blogspot.in/2014/04/waidps-wireless-auditing-intrusion.html" target="_blank">Click Here</a><br />
<b>Text & Image Tutorial :: </b><a href="http://syworks.blogspot.in/2014/04/waidps-wireless-auditing-intrusion.html" target="_blank">Click Here</a><br />
<b>Installation Tutorial::</b><br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/aGTQAWoeujA?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<span id="goog_894600077"></span><span id="goog_894600078"></span>
</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>More Video Tutorials: </b> <a href="https://www.youtube.com/watch?v=s7kzQqOY3X0&index=2&list=PLrekpjW7JwW-T0CeXP8GwudtJmTJ6KZ8O" target="_blank">Click Here</a></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="https://github.com/SYWorks/waidps/archive/master.zip" target="_blank">WAIDPS</a><b> (.py)</b></div>
<div style="text-align: justify;">
<b>Source ::</b> <a href="https://github.com/SYWorks/waidps" target="_blank">https://github.com/SYWorks/waidps</a> </div>
<div style="text-align: justify;">
<b>Submitted By :: </b>SYChua</div>

WAIDPS (Wireless Auditing and IDS/IPS) :: Tools

WAIDPS (Wireless Auditing, Intrusion Detection and Prevention System) is an open source wireless swissknife written in Python and wo...

The Sleuth Kit (TSK - Forensics) :: Framework

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
 <img alt="the sleuth kit logo" border="0" height="166" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPBlwuWRltXOU2hEze6gjFS1OxwMM7HIYQuU4ElDgNsV8TmyWm9VYKauKsZbzStobxPbL4KSrUSqGxKXIYhNU4IluquGMQPe90Q6zRuGBMq_N92DQ2PK4G6lfCg8iLWGVDyVT8B8THFPHd/s1600/the+sleuth+kit+logo.gif" title="the sleuth kit logo" width="200" /></div>
<b>The Sleuth Kit</b> is a C++ library and collection of open source file 
system <a href="http://www.toolwar.com/search/label/Forensics" target="_blank"><b>forensics tools</b></a> that allow you to, among other things, view 
allocated and deleted data from NTFS, FAT, FFS, EXT2, Ext3, HFS+, and 
ISO9660 images. <br />
<b>The Sleuth Kit® (TSK)</b> is a library and collection of command line <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> that allow you to investigate disk images. The core functionality  of <b>TSK</b> allows you to <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analyze</a> volume and file system data. The plug-in  <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a> allows you to incorporate additional modules to analyze file  contents and build automated systems. The library can be incorporated into larger digital forensics tools and the <a href="http://www.toolwar.com/search/label/CLI" target="_blank">command  line</a> tools can be directly used to find evidence. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
There are three different packages for each <b>The Sleuth Kit® (TSK) </b>release.</div>
<ul style="text-align: justify;">
<li><b>sleuthkit-X.X.X.tar.gz</b>: This is the source code release of  TSK core and framework that you must compile on your computer. This is  most commonly used on non-<a href="http://www.toolwar.com/search/label/Windows" target="_blank">windows</a> systems.</li>
<li><b>sleuthkit-X.X.X-win32.zip</b>: This is the compiled windows release of TSK core. This has executables and libraries that allow you to run this on windows.</li>
<li><b>sleuthkit-X.X.X-framework-win32.zip</b>: This is the compiled  windows release of the framework. It has the tsk_analyzeimg program that  allows you to run the framework on a disk image.</li>
</ul>
<div style="text-align: justify;">
<br /></div>
<h3>
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/YybBQycLL9w?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/3ieolkMJxJk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3>
Download ::</h3>
<b>Windows (x86) :: </b><a class="name" href="http://sourceforge.net/projects/sleuthkit/files/sleuthkit/4.1.2/sleuthkit-4.1.2-win32.zip/download" title="Click to download sleuthkit-4.1.2-win32.zip">Sleuthkit-4.1.2-win32.zip</a> | <a class="name" href="http://sourceforge.net/projects/sleuthkit/files/sleuthkit/4.1.2/sleuthkit-4.1.2-framework-win32.zip/download" title="Click to download sleuthkit-4.1.2-framework-win32.zip">Sleuthkit-4.1.2-framework-win32.zip</a>
<b> </b><br />
<b>Linux :: </b><a class="name" href="http://sourceforge.net/projects/sleuthkit/files/sleuthkit/4.1.2/sleuthkit-4.1.2.tar.gz/download" title="Click to download sleuthkit-4.1.2.tar.gz">Sleuthkit-4.1.2.tar.gz</a> <br />
<b>Official Website :: </b> <a href="http://www.sleuthkit.org/sleuthkit/">http://www.sleuthkit.org/sleuthkit/</a>

The Sleuth Kit (TSK - Forensics) :: Framework

The Sleuth Kit is a C++ library and collection of open source file system forensics tools that allow you to, among other things, vie...

Crypto Implementations Analysis Toolkit :: Framework

<div class="separator" style="clear: both; text-align: center;">
<img alt="Crypto Implementation Analysis Toolkit (CIAT)" border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAZPIwVYWPyohkcKc1fGGaHZAcyEw0BoiIWqylgFCnmnY1VjNEgNvH1QOaOPUW0oKzjIUDWaaT-w2W0NnTovjr_7z_6iDQDsIk1zJ32bIxlmbcNT-H9milmKcnN3YE4dztJDAY7SjbM_Ll/s1600/Crypto+Implementation+Analysis+Toolkit+(CIAT).png" title="Crypto Implementation Analysis Toolkit (CIAT)" width="400" /></div>
<div style="text-align: justify;">
The <b>Cryptographic Implementations Analysis Toolkit (CIAT)</b> is 
compendium of command line and graphical tools whose aim is to help in 
the detection and analysis of encrypted byte sequences within files 
(executable and non-executable). </div>
<br />
<h3>
Download :: </h3>
<b>Linux & Windows :: </b><a href="http://sourceforge.net/projects/ciat/files/latest/download" target="_blank">Crypto Implementation Analysis Toolkit (CIAT) (.zip)</a><b> </b><br />
<b>Official Website :: </b><a href="http://ciat.sourceforge.net/">http://ciat.sourceforge.net/</a>

Crypto Implementations Analysis Toolkit :: Framework

The Cryptographic Implementations Analysis Toolkit (CIAT) is compendium of command line and graphical tools whose aim is to help in th...

NIELD (Network Forensics) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="Network Forensics" border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiv5UkdWZtYhJYA6juKwBWqbScPIAPAkUhoLvGVeVrnlB4umNPTnorlKGSInBzLSy5Faqe9YyG7bXA-bWiHYnBzqN5Tu9v9dATd-eeiHXBlHWrgZjE8-jsyhz7TnGf6q93Y-6Tm_4WPr1RJ/s400/Network+Forensics.jpg" title="Network Forensics" width="400" /></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b>NIELD (Network Interface Events Logging Daemon)</b> is a tool that 
receives notifications from the kernel through the netlink socket, and 
generates logs related to interfaces, neighbor cache(ARP,NDP), IP 
address(IPv4,IPv6), routing, FIB rules, traffic control.</div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>Installation :: </b><a href="http://nield.sourceforge.net/install.html" target="_blank">Click Here </a></div>
<div style="text-align: justify;">
<b>Help :: </b><a href="http://nield.sourceforge.net/man.html" target="_blank">Click Here</a> </div>
<h3 style="text-align: justify;">
Download :: </h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="http://sourceforge.net/projects/nield/files/nield-0.4.0/nield-0.4.0.tar.gz/download" target="_blank">NIELD 0.4.0 (.tar.gz)</a></div>
<div style="text-align: justify;">
<b>Source :: </b><a href="http://nield.sourceforge.net/index.html">http://nield.sourceforge.net/index.html</a></div>

NIELD (Network Forensics) :: Tools

NIELD (Network Interface Events Logging Daemon) is a tool that receives notifications from the kernel through the netlink socket, and...

Mandiant Memoryze (Live Memory Forensic) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="Memoryze Logo" border="0" height="233" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhP6Kiq6DL8HvQGQr0mM99tRZ4IPEArJ8MAgMScreZuK6ooQ73__V7_InhX_VZ_JTI3i6HMxlsvJ6HheaMaVEey7VHFt_4UHW_vW8sSMttY7brLEr-rMCOR-jWHctlRSlXt85RjFwYA_CZ2/s400/Memoryze+Logo.png" title="Memoryze Logo" width="400" /></div>
<div style="text-align: justify;">
<b>Mandiant’s Memoryze</b> is free<i> <b>memory forensic software</b></i> that helps 
incident responders <b><i>find evil in live memory.</i></b> <b>Memoryze</b> can acquire 
and/or analyze <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a> images, and on live systems, can include the 
paging file in its <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a>.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Mandiant’s Memoryze</b> features:</div>
<ul style="text-align: justify;">
<li>image the full range of <a href="http://www.toolwar.com/search/label/System" target="_blank">system</a> memory (not reliant on API calls).</li>
<li>image a process’ entire address space to disk. This includes a process’ loaded DLLs, EXEs, heaps and stacks.</li>
<li>image a specified driver or all drivers loaded in <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a> to disk.</li>
<li>enumerate all running processes (including those hidden by rootkits). For each process, Memoryze can:</li>
<ul>
<li>report all open handles in a process (for example, all files, registry keys, etc.).</li>
<li>list the virtual address space of a given process including:</li>
<ul>
<li>displaying all loaded DLLs.</li>
<li>displaying all allocated portions of the heap and execution stack.</li>
</ul>
<li>list all <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> sockets that the process has open, including any hidden by rootkits.</li>
<li>specify the functions imported by the EXE and DLLs.</li>
<li>specify the functions exported by the EXE and DLLs.</li>
<li>hash the EXE and DLLs in the process address space (MD5, SHA1, SHA256.  This is disk based.)</li>
<li>hash the EXE and DLLs in the process address space. (This is a MemD5 of the binary in memory).</li>
<li>verify the digital signatures of the EXE and DLLs. (This is disk based.)</li>
<li>output all strings in memory on a per process basis.</li>
</ul>
<li>identify all drivers loaded in memory, including those hidden by rootkits. For each driver, Memoryze can: </li>
<ul>
<li>specify the functions the driver imports.</li>
<li>specify the functions the driver exports.</li>
<li><a href="http://www.toolwar.com/search/label/Hash" target="_blank">hash</a> the driver. (MD5, SHA1, SHA256. this is disk based.)</li>
<li>verify the digital signature of the driver (This is disk based.)</li>
<li>output all strings in memory on a per driver base.</li>
</ul>
<li>report device and driver layering, which can be used to intercept network <a href="http://www.toolwar.com/search/label/Packet" target="_blank">packets</a>, keystrokes and file activity.</li>
<li>identify all loaded kernel modules by walking a linked list.</li>
<li>identify hooks (often used by rootkits) in the System Call Table, 
the Interrupt Descriptor Tables (IDTs) and driver function tables (IRP 
tables).</li>
</ul>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Mandiant’s Memoryze can perform all these functions on live 
system memory or memory image files – whether they were acquired by 
Memoryze or other memory acquisition tools. </b></div>
<div style="text-align: justify;">
Memoryze officially supports:</div>
<ul style="text-align: justify;">
<li><a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> 2000 Service Pack 4 (32-bit)</li>
<li>Windows XP Service Pack 2 and Service Pack 3 (32-bit)</li>
<li>Windows Vista Service Pack 1 and Service Pack 2 (32-bit)</li>
<li>*Windows Vista Service Pack 2 (64-bit)</li>
<li>Windows 2003 Service Pack 2 (32-bit and 64-bit)</li>
<li>Windows 7 Service Pack 0 (32-bit and 64-bit)</li>
<li>*Windows 2008 Service Pack 1 and Service Pack 2 (32-bit)</li>
<li>Windows 2008 R2 Service Pack 0 (64-bit)</li>
<li>*Windows 8 Service Pack 0 (32-bit and 64-bit)</li>
<li>*Windows Server 2012 Service Pack 0 (64-bit)</li>
</ul>
<div style="text-align: justify;">
* means support for a new operating system without experience on millions of host</div>
<div style="text-align: justify;">
In order to visualize Memoryze’s output, please download Redline™ or 
use an XML viewer.  Redline is Mandiant’s premier <a href="http://www.toolwar.com/search/label/Free" target="_blank">free</a> tool for 
investigating hosts for signs of malicious activity through memory and 
file <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a>, and the development of a threat assessment profile.</div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Tutorials :: </h3>
<b>Youtube ::</b><a href="http://www.youtube.com/watch?v=NskrZmwwV5s" target="_blank"><b> </b>Click Here</a><br />
<b>Forum :: </b><a href="https://forums.mandiant.com/" target="_blank">Mandiant Memoryze Forum</a> <br />
<b>User Guide ::  </b><a href="http://www.mandiant.com/library/MemoryzeUserGuide.pdf" target="_blank">Memoryze User Guide PDF</a><br />
<h3 style="text-align: justify;">
 </h3>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Windows :: </b><a href="https://www.mandiant.com/library/MemoryzeSetup3.0.msi" target="_blank">Mandiant Memoryze 3.0</a><b><br /></b></div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="https://www.mandiant.com/resources/download/memoryze">https://www.mandiant.com/resources/download/memoryze</a></div>
<div style="text-align: justify;">
<br /></div>

Mandiant Memoryze (Live Memory Forensic) :: Tools

Mandiant’s Memoryze is free memory forensic software that helps incident responders find evil in live memory. Memoryze can acquire ...

PeePDF (PDF Analysis, Forensics, Creation and Modification) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdfssXOHi8T0g4PNVG2niVEqC8bGVS2bQv8_wc0aLv8WDhBJ6Qf4HmwrkQoJlcQQtkcpLkUrvaJT9SEivG30mCR9_7y4Shf87TpVzinYYtGUbSzmXiSqszzlHsUI0d9T1VuVnq7P5KubfM/s1600/PeePDF.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="PeePDF Analysis" border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdfssXOHi8T0g4PNVG2niVEqC8bGVS2bQv8_wc0aLv8WDhBJ6Qf4HmwrkQoJlcQQtkcpLkUrvaJT9SEivG30mCR9_7y4Shf87TpVzinYYtGUbSzmXiSqszzlHsUI0d9T1VuVnq7P5KubfM/s1600/PeePDF.jpg" title="PeePDF Analysis" width="400" /></a></div>
<b>PeePDF</b> is a <b>Python tool to explore PDF files</b> in  order to find out if the file can be harmful or not. The aim of this <a href="http://www.toolwar.com/search/label/Tools" target="_blank"> tool</a> is to provide all the necessary components that a <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a>  researcher could need in a <a href="http://www.toolwar.com/search/label/PDF" target="_blank">PDF analysis</a> without using 3 or 4 tools to  make all the tasks. With peepdf it's possible to see all the objects in  the document showing the suspicious elements, supports all the most used  filters and encodings, it can parse different versions of a file,  object streams and encrypted files. With the installation of PyV8 and Pylibemu it provides <b>Javascript and shellcode <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a></b> wrappers too. Apart of this it's able to create new PDF files and to modify/obfuscate existent ones. </div>
<div style="text-align: justify;">
<br />
The main functionalities of peepdf are the following: </div>
<div style="text-align: justify;">
<h3>
<b> Analysis: </b></h3>
</div>
<ul style="text-align: justify;">
<li> Decodings: hexadecimal, octal, name objects </li>
<li> More used filters </li>
<li> References in objects and where an object is referenced </li>
<li> Strings search (including streams) </li>
<li> Physical structure (offsets) </li>
<li> Logical tree structure </li>
<li> Metadata </li>
<li> Modifications between versions (changelog) </li>
<li> Compressed objects (object streams) </li>
<li> Analysis and modification of Javascript (PyV8): unescape, replace, join </li>
<li> Shellcode analysis (Libemu python wrapper, pylibemu) </li>
<li> Variables (set command) </li>
<li> Extraction of old versions of the document </li>
<li> Easy extraction of objects, Javascript code, shellcodes (>, >>, $>, $>>) </li>
<li> Checking hashes on <a href="http://www.toolwar.com/2013/12/virustotal-analyze-files-and-urls-tools.html" target="_blank"><b>VirusTotal</b></a> </li>
</ul>
<div style="text-align: justify;">
<b> Creation/Modification: </b></div>
<ul style="text-align: justify;">
<li> Basic PDF creation </li>
<li> Creation of PDF with Javascript executed wen the document is opened </li>
<li> Creation of object streams to compress objects </li>
<li> Embedded PDFs </li>
<li> Strings and names obfuscation </li>
<li> Malformed PDF output: without endobj, garbage in the header, bad header... </li>
<li> Filters modification </li>
<li> Objects modification </li>
</ul>
<div style="text-align: justify;">
<b> Execution modes: </b></div>
<ul style="text-align: justify;">
<li> Simple command line execution </li>
<li> <b>Powerful interactive console</b> (colorized or not) </li>
<li> Batch mode </li>
</ul>
<div style="text-align: justify;">
<b> TODO: </b></div>
<ul style="text-align: justify;">
<li> Embedded PDFs analysis </li>
<li> Improving automatic Javascript analysis </li>
<li> GUI </li>
</ul>
<h3>
Tutorials :: </h3>
<b>PeePDF Installation :: </b><a href="http://code.google.com/p/peepdf/wiki/Installation" target="_blank">Click Here</a><b><a href="http://code.google.com/p/peepdf/wiki/Installation" target="_blank"> </a></b><br />
<b>PeePDF Execution :: </b><a href="http://code.google.com/p/peepdf/wiki/Execution" target="_blank">Click Here</a><br />
<b>PeePDF Commands ::  </b><a href="http://code.google.com/p/peepdf/wiki/Commands" target="_blank">Click Here</a><br />
<b>PDF Forensics and Analysis eBook</b> :: <a href="https://www.amazon.com/dp/B00LSF1TU6" target="_blank">Click Here</a> <br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/T1GcheLaY5M?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3>
Download ::</h3>
<b>Linux | Windows :: </b><a href="http://peepdf.googlecode.com/files/peepdf_0.2-BlackHatVegas.zip" target="_blank">peepdf v0.2</a> (.zip)<b> | </b><a href="http://peepdf.googlecode.com/files/peepdf_0.2-BlackHatVegas.tar.gz" target="_blank">peepdf v0.2</a> (.tar.gz)
<b> </b><br />
<b>Source Website ::</b> <a href="http://code.google.com/p/peepdf/">http://code.google.com/p/peepdf/</a>

PeePDF (PDF Analysis, Forensics, Creation and Modification) :: Tools

PeePDF is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to prov...

GoldenEye (DoS Testing) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="ddos icon" border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJOQnS__a36My3QgFrkkZZnKbMa2sQ5wymnzD-TYPn2-Hi3HzwaqF7hyphenhyphenimikRz5C7uJ3EQc2UHSYhjBNDc4TDogFEdp8zIL-ab7q41TBZPSowkU6qXuTkKbYPg3QOuCHEa5gb1WjXFL0js/s1600/ddos+logo.jpg" title="ddos icon" width="400" /></div>
<div style="text-align: justify;">
<b>GoldenEye</b> is a <b>HTTP DoS test tool</b>. This software is distributed under the <i>GNU General Public License</i> version 3 (GPLv3). <b>GoldenEye</b> is a <b><acronym title="HyperText Transfer Protocol">HTTP</acronym>/S
 Layer 7 <a href="http://www.toolwar.com/search/label/DDoS" target="_blank">Denial-of-Service</a> Testing Tool</b>. It uses KeepAlive (and 
Connection: keep-alive) paired with Cache-Control options to persist 
socket connection busting through caching (when possible) until it 
consumes all available sockets on the <acronym title="HyperText Transfer Protocol">HTTP</acronym>/S server.</div>
<div style="text-align: justify;">
This project started by the influence of Barry Shteiman who created HULK, a Proof-of-concept <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tool</a> that I decided to improve which later became <b>GoldenEye</b>. Kudos for you Barry! This software is written in purely<a href="http://www.toolwar.com/search/label/Python" target="_blank"> Python</a>.</div>
<h3 style="text-align: justify;">
Tutorial ::</h3>
<div style="text-align: justify;">
<b>Usages :: </b></div>
<pre><span style="font-family: "Courier New",Courier,monospace;"><code> USAGE: ./goldeneye.py <url> [OPTIONS]

OPTIONS:
     Flag           Description                     Default
     -t, --threads      Number of concurrent threads                (default: 500)
     -m, --method       HTTP Method to use 'get' or 'post'  or 'random'         (default: get)
     -d, --debug        Enable Debug Mode [more verbose output]         (default: False)
     -h, --help         Shows this help</code></span></pre>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b><span style="font-size: small;"><span style="font-weight: normal;">Python :: <a href="https://github.com/jseidl/GoldenEye/archive/master.zip" target="_blank">GoldenEye</a><b> (.py)</b></span></span></b></div>
<div style="text-align: justify;">
<b>Source Website ::</b>  <a href="https://github.com/jseidl/GoldenEye">https://github.com/jseidl/GoldenEye</a></div>

GoldenEye (DoS Testing) :: Tools

GoldenEye is a HTTP DoS test tool . This software is distributed under the GNU General Public License version 3 (GPLv3). GoldenEye is ...

KillerBee (Exploiting ZigBee and IEEE 802.15.4 Networks) :: Framework

<div class="separator" style="clear: both; text-align: center;">
<img alt="KillerBee Image" border="0" height="329" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7xn4xzkvBYoqeDLAxh3GYVmNcCIj8wfF43o7uU-YZX4qDFqdlP91terOVNJqb8Zo0hS94LsqWhLGHvoJXzHFJkVYwmnD8YzrW6f-H_ndMaXeF-7iquPRYHz01XL2GKY3V2yXWvycWpApy/s1600/KillerBee+Image.jpg" title="KillerBee Image" width="640" /></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b>KillerBee</b> is a Python based <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a> and tool set for <b>exploring and 
exploiting the security of ZigBee and IEEE 802.15.4 networks.</b>  Using 
<b>KillerBee</b> tools and a compatible IEEE 802.15.4 radio interface, you can 
eavesdrop on ZigBee networks, replay traffic, attack cryptosystems and 
much more.  Using the <b>KillerBee framework</b>, you can build your own <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a>,
 implement ZigBee fuzzing, emulate and attack end-devices, routers and 
coordinators and much more. </div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>Install on Linux :: </b><a href="https://code.google.com/p/killerbee/wiki/InstallLinuxBackTrack" target="_blank">Click Here</a></div>
<div style="text-align: justify;">
<b>Install on Mac :: </b><a href="https://code.google.com/p/killerbee/wiki/InstallOSX" target="_blank">Click Here</a></div>
<b>Wiki :: </b><a href="https://code.google.com/p/killerbee/w/list" target="_blank">Click Here</a><br />
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux | Mac :: </b><a href="https://killerbee.googlecode.com/files/killerbee_1_0.tar" target="_blank">KillerBee v1.0</a> (.tar.gz)</div>
<div style="text-align: justify;">
<b>Source Website :: </b><a href="https://code.google.com/p/killerbee/">https://code.google.com/p/killerbee/</a></div>

KillerBee (Exploiting ZigBee and IEEE 802.15.4 Networks) :: Framework

KillerBee is a Python based framework and tool set for exploring and exploiting the security of ZigBee and IEEE 802.15.4 networks. ...

Subscribe to: Posts ( Atom )