Volatility (Advanced Memory Forensics Framework) :: Framework

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Volatility Framework (Advance Memory Framework)" border="0" height="244" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwYsvSKFWGazVkY8HTm3e9MOP8FLgDHrNIEhfik5auQuUNypN7S2Vl_ZHpcAkdSMaAcULytu3T0GEW5lT53Towrr6YEo48gjALbDFYqIdwWgbH_SwnzwssHoTNoZWyDysqNDN1W5rFYL0S/s320/volatility+logo.png" title="Volatility Framework (Advance Memory Framework)" width="320" /></div> <b>Volatility Framework</b> is a <i>Advanced Memory Forensics Framework. </i>The <b>Volatility Framework</b> is a completely open collection of <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a>, implemented in <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> under the GNU General Public License, for the extraction of digital artifacts from volatile <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a> (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibilty into the runtime state of the system. The <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank"> framework</a> is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile <a href="http://www.toolwar.com/search/label/Memory" target="_blank"> memory</a> samples and provide a platform for further work into this exciting area of research. <br /> The <b>Volatility Framework</b> demonstrates our commitment to and belief in the importance of open source digital investigation <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> . Volatile Systems is committed to the belief that the technical procedures used to extract digital evidence should be open to peer analysis and review. We also believe this is in the best interest of the digital investigation community, as it helps increase the communal knowledge about systems we are forced to investigate. Similarly, we do not believe the availability of these tools should be restricted and therefore encourage people to modify, extend, and make derivative works, as permitted by the GPL. </div> <h3 style="text-align: left;"> <span style="font-size: small;">Capabilities :-</span></h3> <div style="text-align: justify;"> The <b>Volatility Framework</b> currently provides the following extraction capabilities for memory samples </div> <ul style="list-style-type: disc; text-align: justify;"> <li>Image information (date, time, CPU count)</li> <li>Running processes</li> <li>Process SIDs and environment variables</li> <li>Open network sockets</li> <li>Open network connections</li> <li>DLLs loaded for each process</li> <li>Open handles to all kernel/executive objects (files, keys, mutexes)</li> <li>OS kernel modules</li> <li>Dump any process, DLL, or module to disk</li> <li>Mapping physical offsets to virtual addresses</li> <li>Virtual Address Descriptor information</li> <li>Addressable memory for each process</li> <li>Memory maps for each process</li> <li>Extract executable samples</li> <li>Scanning examples: processes, threads, sockets, connections, modules</li> <li>Command histories (cmd.exe) and console input/output buffers</li> <li>Imported and exported API functions</li> <li>PE version information</li> <li>System call tables (IDT, GDT, SSDT)</li> <li>API hooks in user- and kernel-mode (inline, IAT, EAT, NT syscall, winsock)</li> <li>Explore cached registry hives</li> <li>Dump LM/NTLM hashes and LSA secrets</li> <li>User assist and shimcache exploration</li> <li>Scan for byte patterns, regular expressions, or strings in memory</li> <li>Analyze kernel timers and callback functions</li> <li>Report on windows services</li> </ul> <h3> Tutorial ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/zhQP07YKLL0?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> </h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/zXh-1mK5FyU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> </h3> <h3> Download ::</h3> <b>Windows :: </b><a href="https://volatility.googlecode.com/files/volatility-2.3.1.standalone.exe" target="_blank">Volatility 2.3.1 Standalone </a><b> </b> <b> </b><br /> <b>Linux :: </b><a href="https://volatility.googlecode.com/files/volatility-2.3.1.tar.gz" target="_blank">Volatility 2.3.1.tar.gz</a><b> </b> <b> </b><br /> <b>Mac :: </b><a href="https://volatility.googlecode.com/files/MacProfilesAll.zip" target="_blank">Volatility Framework </a><br /> <b></b><b>Source :: </b><a href="https://code.google.com/p/volatility/">https://code.google.com/p/volatility/</a><b> </b>

Volatility (Advanced Memory Forensics Framework) :: Framework

Volatility Framework is a Advanced Memory Forensics Framework. The Volatility Framework is a completely open collection of tools , imp...

Read more »

OWASP Androick (Forensic Analysis on Android) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Android Forensics" border="0" height="290" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZJ_1RDUELmZ8Hp8cgrssB5b0X5mgQR8j1Vwh1HV1yITtkSA9nd57u9Vod3tLTOgvRJRdActpiJ0szI73A-Y38mXv3e43879WHZ30qYNoak_X9fz6wcJjDDe8pYSZc4iYwuJFzZmPMKizj/s1600/Android+Forensics.jpg" title="Android Forensics" width="400" /></div> <div style="text-align: justify;"> <b>OWASP Androick</b> is a <a href="http://www.toolwar.com/search/label/Python" target="_blank">python tool</a> to help in <b>forensics analysis on android</b>. Put the package name, some options and the programm will download automatically apk, datas, files permissions, manifest, databases and logs. It is easy to use and avoid all repetitives tasks !</div> <h3 style="text-align: justify;"> Tutorials :: </h3> <div style="text-align: justify;"> <b>Usages :: </b></div> <pre><code><span style="font-family: "Courier New",Courier,monospace;">1) show help message ./androick.py -h </span> 2) show informations ./androick.py -a 3) select device to use ./androick.py -D serial_number PACKAGE_NAME_1 PACKAGE_NAME_2 ETC... ./androick.py --device serial_number PACKAGE_NAME_1 PACKAGE_NAME_2 ETC... 4) find package name ./androick.py [-v] -f <Part of package name> 5) download all related things of application ./androick.py [-v] -A PACKAGE_NAME_1 PACKAGE_NAME_2 ETC... 6) select only things you want extract ./androick.py [-v] [-d --datas] [-s --sql] [-m --manifest] [-p --permissions] </code></pre> <pre><code>[-m --memory-dump] [-l --logs] [--keyLogs="keywords"] PACKAGE_NAME_1 PACKAGE_NAME_2 ETC... 7) how to use option --keyLogs --keyLogs="key1,key2,key3" if more than one package --keyLogs="key1_P1,key2_P1|key1_P2|key1_P3,key2_P3,key3_P3" </code></pre> <pre><code> </code></pre> <pre><code>Example : ./androick.py -l --keyLogs="antivirus,protection|music,licence" com.package.antivirus com.music.player /!\ The memory dump option will mostly not works with production builds </code></pre> <h2> <a class="anchor" href="https://github.com/Flo354/Androick#author" name="user-content-author"></a><code> </code></h2> <h3 style="text-align: justify;"> Dependencies ::</h3> <div style="text-align: justify;"> Python - Python >=2.6 | Python Magic</div> <div style="text-align: justify;"> SDK - aapt | adb | hprof-conv</div> <div style="text-align: justify;"> Others - a rooted device | sqlite3</div> <h3 style="text-align: justify;"> Download :: </h3> <div style="text-align: justify;"> <b>Windows | Linux | Mac :: </b><a href="https://github.com/Flo354/Androick/archive/master.zip" target="_blank">OWASP Androick</a><b> </b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="https://www.owasp.org/index.php/OWASP_Androick_Project">https://www.owasp.org/index.php/OWASP_Androick_Project</a></div>

OWASP Androick (Forensic Analysis on Android) :: Tools

OWASP Androick is a python tool to help in forensics analysis on android . Put the package name, some options and the programm will dow...

Read more »

OWASP iOSForensics (Forensic Analysis on iOS) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="OWASP iOSForensics" border="0" height="376" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVLCKwgu3zOqgZkzDNIxnBt6nCpUZPd2gX3PNuOAtqysK41AnLv8Yicnn5Jgj86S9f4u3QXuw29oLRJLVkYa4JbGB_6UDqINyA0snRuKK-rGGhtp-8MZRzGoaJqm0heDkj6NmbBr9scPd_/s1600/iOSForensics.jpg" title="OWASP iOSForensics" width="640" /></div> <div style="text-align: justify;"> <b>OWASP iOSForensic</b> is a <a href="http://www.toolwar.com/search/label/Python" target="_blank">python tool</a> to help in <b>forensics analysis on iOS</b>. It get files, logs, extract sqlite3 databases and uncompress .plist files in xml. <b>OWASP iOSForensic</b> is free to use. It is licensed under the GNU GPL v3 License, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one. </div> <h3 style="text-align: justify;"> Features :: </h3> OWASP iOSForensic provides: <br /> <ul> <li> Application's files </li> <li> Conversion of .plist files in XML </li> <li> Extract all databases </li> <li> Conversion of binary cookies </li> <li> Application's logs </li> <li> A List of all packages </li> <li> Extraction multiple packages </li> </ul> <h3> Tutorials :: </h3> <b>Usages :: </b><br /> <ul class="task-list"> <li> -h --help : show help message</li> <li> -a --about : show informations</li> <li> -v --verbose : verbose mode</li> <li> -i --ip : local ip address of the iOS terminal</li> <li> -p --port : ssh port of the iOS terminal (default 22)</li> <li> -P --password : root password of the iOS terminal (default alpine)</li> </ul> <b>Examples :: </b> <br /> <br /> <pre><code>./iOSForensic.py -i 192.168.1.10 [OPTIONS] APP_NAME.app INCOMPLETE_APP_NAME APP_NAME2_WITHOUT_DOT_APP ./iOSForensic.py -i 192.168.1.10 -p 1337 -P pwd MyApp.app angry MyApp2</code></pre> <h3> Download ::</h3> <b>Linux :: </b><a href="https://github.com/Flo354/iOSForensic/archive/master.zip" target="_blank">OWASP iOSForensics</a><br /> <b>Official Website :: </b><a href="https://www.owasp.org/index.php/Projects/OWASP_iOSForensic">https://www.owasp.org/index.php/Projects/OWASP_iOSForensic</a><br /> <div style="text-align: justify;"> <br /></div>

OWASP iOSForensics (Forensic Analysis on iOS) :: Tools

OWASP iOSForensic is a python tool to help in forensics analysis on iOS . It get files, logs, extract sqlite3 databases and uncompress ...

Read more »

AIEngine (Artificial Intelligent Engine) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="AIEngine (Artificial Intelligent Engine)" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjygwBGjzyQv3FxAMBFEPi4jiHrZl-rqa1pCdx-9Ypc4ofp70ziOSWVZj2iWVv2sA9Dx5YI-3q4in1P1E4PBAX0AQABh8-VVaoynf29hQswZ8nNPEuJ9z-vrteUA8KGJFyshyVafOArLC7F/s1600/Artificial+Intelligent+Engine.jpg" title="AIEngine (Artificial Intelligent Engine)" /></div> <div style="text-align: justify;"> <b>AIEngine</b> is a next generation interactive/programmable packet inspection engine with capabilities of learning without any human intervention, NIDS functionality, DNS domain classification, network collector and many others.  <b><br /></b><br /> <b>AIEngine (Artificial Intelligent Engine)</b> is a <i><a href="http://www.toolwar.com/search/label/Packet" target="_blank">packet</a> inspection engine</i> with capabilities of learning without any human intervention. <b>AIEngine</b> helps <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a>/security profesionals to <b>identify traffic</b> and develop signatures for use them on<b> </b><i>NIDS, <a href="http://www.toolwar.com/search/label/Firewalls" target="_blank">Firewalls</a>, Traffic classifiers</i> and so on.</div> <div style="text-align: justify;"> <b>AIEngine</b> is written in c++11 and Python, so by using the flexibility of <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a>, AIEngine could be integrated easely with other functionalities and modules in a easy way.<br /> <h3> Features ::  </h3> </div> <ul> <li>- Counters for IP fragmentation packets.</li> <li>- Support for TLS1.2 on the SSLProtocol</li> <li>- Exposed the FrequencyGroup and the LearnerEngine on python.</li> <li>- Integrate with NetfilterPython or other packet systems.</li> <li>- Support for python 3.x versions (check INSTALL).</li> <li>- Sorts the outputs of the HTTP, SSL and DNS most used domains (aiengine binary).</li> <li>- Support for HTTP1.1 (URI Cache), all the flows will have all the paths taken by the user.</li> <li>- Shell support. The system have a interactive shell so the user can interact on realtime with the system.</li> </ul> <h3> Tutorial ::</h3> <b>Configuration :: </b><a href="https://bitbucket.org/camp0/aiengine/wiki/Configurations" target="_blank">Click Here</a><b> </b><br /> <b>Uses & Examples :: </b><a href="https://bitbucket.org/camp0/aiengine/wiki/Home" target="_blank">Click Here</a><br /> <b>Wiki :: </b><a href="https://bitbucket.org/camp0/aiengine/wiki/Home" target="_blank">Click Here</a><br /> <h3> Download :: </h3> <b>Linux :: </b><a href="https://bitbucket.org/camp0/aiengine/downloads/aiengine-1.5.tar.gz" rel="nofollow" target="_blank">AIEngine v1.5</a><b> (.tar.gz)</b><br /> <b>Source ::</b> <a href="https://bitbucket.org/camp0/aiengine/overview">https://bitbucket.org/camp0/aiengine/overview</a><br /> <b>Submitted By :: </b>Luis

AIEngine (Artificial Intelligent Engine) :: Tools

AIEngine is a next generation interactive/programmable packet inspection engine with capabilities of learning without any human interven...

Read more »

Shellter (Dynamic Shellcode Injection) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Shellter Tool Image" border="0" height="361" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoCFTJcSTQINV_sfK7AZLw_70-JcIoAkc47RndYmYREK6nCYviWJX0NHZWC8v57DqpRcode3mTmcXkovY1gp7aZNEH08v3-Wcd-bg13_CPfeQuMQt7Fq7GftMh4LemIyth1rYp_V2KlFPS/s1600/Shellter+Image.JPG" title="Shellter Tool Image" width="640" /></div> <div style="text-align: justify;"> <b>Shellter</b> is a <b>dynamic shellcode injection tool</b>, and probably the first dynamic PE infector ever created. It can be used in order to inject shellcode into native <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> applications (currently 32-bit apps only). The shellcode can be something yours or something generated through a <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a>, such as Metasploit.</div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>Shellter </b>takes advantage of the original structure of the PE file and doesn’t apply any modification such as changing <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a> access permissions in sections, adding an extra section with RWE access,and whatever would look dodgy under an AV scan.</div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>Shellter</b> uses a unique dynamic approach which is based on the execution flow of the target application.</div> <div style="text-align: justify;"> <b>Shellter</b> uses a unique dynamic approach which is based on the execution flow of the target application. This means that no static/predefined locations are used for shellcode injection. <b>Shellter </b>will launch and trace the target, while at the same time will log the execution flow of the application. </div> <div style="text-align: justify;"> <b>Shellter</b> traces the entire execution flow that occurs in userland. That means, code inside the target application itself (PE image), and code outside of it that might be in a system dll or on a heap, etc. This happens in order to ensure that functions actually belonging to the target executable, but are only used as callback functions for Windows APIs will not be missed. However, the tracing engine will not log any instructions that are not in the memory range of the PE image of the target application, since these cannot be used as a reference to permanently inject the shellcode.</div> <div style="text-align: justify;"> <b>Why Need :: </b>Executables created through <a href="http://www.toolwar.com/2013/09/metasploit-framework.html" target="_blank">Metasploit</a> are most likely detected by most AV vendors. By using Shellter, you automatically have an infinitely polymorphic executable template, since you can use any 32-bit 'standalone' native Windows executable to host your shellcode. By 'standalone' means an executable that doesn't need any proprietary DLLs, apart from the system DLLs to load and run. For example, notepad.exe, and many other applications you can find online, or create by yourself as your own custom templates. You can also use applications that make use of proprietary DLLs if those are not required to create the process in the first place, and are normally loaded later on if needed to execute code for a specific task. In case you select an application that needs one or more proprietary DLLs to create the process in the first place then you will have to include them in the same directory from where you load the main executable. However, this is not recommended since it is more convenient to have just a single executable to upload to the target. </div> <h3> Tutorials ::</h3> <b>System Requirement ::</b> Windows XP SP3 (x32/x64) or Higher <br /> <b>Full Description :: </b><a href="https://www.shellterproject.com/Downloads/Shellter/Readme.txt" target="_blank">Click Here</a><br /> <b>Video Tutorial :: </b><a href="https://www.youtube.com/watch?v=91QmSy-dUEA" target="_blank">Click Here</a><br /> <h3> Download ::</h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="https://www.shellterproject.com/Downloads/Shellter/Old/Shellter_v1.0.rar" target="_blank">Shellter v1.0 </a>(.rar)<b><br /></b></div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="https://www.shellterproject.com/introducing-shellter/">https://www.shellterproject.com/introducing-shellter/</a></div>

Shellter (Dynamic Shellcode Injection) :: Tools

Shellter is a dynamic shellcode injection tool , and probably the first dynamic PE infector ever created. It can be used in order to inj...

Read more »

Second Look (Linux Memory Forensics) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both;">  <img border="0" height="124" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhj3s-HN2dZGFNYEv4wk6IGLmblttBSVAhyiADK6Tcg_sE6ucHyhB_M1xINBz418Iy8K5vLizCBYB253oHqRxFsyyY8VZykHyveoJ2XteU5fG4hbI2gGuQ-r6z4iNVCrNR0thbZCaMasHa_/s1600/secondlook.jpg" width="640" /></div> The Incident Response edition of <b>Second Look®: Linux Memory Forensics</b> is designed for use by investigators who need quick, easy, and effective <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory acquisition</a> and analysis capabilities. Second Look® is a product of Raytheon Pikewerks Corporation. </div> <h3 style="text-align: justify;"> <span class="mw-headline" id="Memory_Acquisition"> Memory Acquisition::</span></h3> <div style="text-align: justify;"> <b>Second Look®</b> preserves the volatile system state, capturing evidence and information that does not exist on disk and may otherwise be lost as an investigation proceeds. A <a href="http://www.toolwar.com/search/label/CLI" target="_blank">command-line</a> script allows for acquisition of <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a> from running systems without introducing any additional software. A memory access driver is provided for use on systems without a native interface to physical memory. </div> <h3 style="text-align: justify;"> <span class="mw-headline" id="Memory_Analysis"> Memory Analysis ::</span></h3> <div style="text-align: justify;"> <b>Second Look® </b>interprets live system memory or captured memory images, detecting and <a href="http://www.toolwar.com/search/label/Reverse" target="_blank">reverse engineering</a> malware, including stealthy kernel <a href="http://www.toolwar.com/search/label/Rootkit" target="_blank"> rootkits</a> and backdoors. A kernel integrity verification approach is utilized to compare the Linux kernel in memory with a reference kernel. Pikewerks provides thousands of reference kernels derived from original distribution kernel packages, and a script for creating reference kernels for other systems, such as those running custom kernels. </div> <div style="text-align: justify;"> <b>Second Look®</b> also applies an integrity verification approach for the analysis of each process in memory. This enables it to detect unauthorized applications as well as stealthy user-level <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a>. </div> <h3 style="text-align: justify;"> <span class="mw-headline" id="Supported_Systems"> Supported Systems ::</span></h3> <div style="text-align: justify;"> Second Look® is regularly updated to support analysis of the latest kernels and the most commonly used <a href="http://www.toolwar.com/search/label/Distribution" target="_blank">Linux distributions</a>. The following are its capabilities as of April 2012: </div> <ul style="text-align: justify;"> <li> Supported target kernels: 2.6.x, 3.x up to 3.2 </li> <li> Supported target architectures: x86 32- and 64-bit </li> <li> Supported target distributions: Debian 4-6, RHEL/CentOS 4-6, Ubuntu 4.10-12.04, and more! </li> </ul> <h3 style="text-align: justify;"> Product features (Second Look Incident Response Edition) ::</h3> <ul style="text-align: justify;"> <li>Memory acquisition and analysis for all 32- and 64-bit x86 (i386/i486/i586/i686, amd64/x86_64) Linux systems running 2.6- and 3-series kernels. This includes: <ul> <li>Amazon Linux 2010.11 through 2014.03, and higher;</li> <li>Debian 4 through 7, and higher;</li> <li>Fedora 2 through 20, and higher;</li> <li>Red Hat Enterprise Linux (RHEL) and CentOS 4.x, 5.x, 6.x, and higher;</li> <li>Ubuntu 4.10 through 14.04, and higher;</li> <li>and other distributions.</li> </ul> </li> <li>Analysis via command line interface (CLI) or graphical user interface (GUI) applications which run on Ubuntu 12.04 (32- or 64-bit) or RHEL/CentOS 6.x (64-bit).</li> <li>Automatic kernel version identification — just select a memory image and go.</li> <li>Supported memory image formats: <ul> <li>raw physical memory images ("mem" format — as produced by secondlook-memdump, Inception, and other tools);</li> <li>SLM memory images ("slm" format — a high-performance compressed memory image format used by Second Look Enterprise Security Edition);</li> <li>LiME memory images ("lime", "padded", or LiME "raw" formats — "lime" and LiME "raw" formats require conversion with secondlook-lime2mem or secondlook-limeraw2mem, respectively ‐ LiME "padded" is the equivalent of a raw physical memory image);</li> <li>VMware virtual machine snapshots ("vmem", "vmsn", or "vmss" formats — "vmsn" and "vmss" formats, as well as "vmem" files from VMs with >4GB RAM, require conversion with VMware's vmss2core and secondlook-core2mem);</li> <li>VirtualBox snapshots ("vbc" format — via conversion with secondlook-vbc2mem); and</li> <li>KVM Libvirt-QEMU-Save or QEMU-savevm snapshots ("lqs" or "qsv" formats — via conversion with lqs2mem, originally secondlook-lqs2mem, now an open source project).</li> </ul> </li> <li>Support for analysis of memory images from systems running either distribution stock kernels or custom kernels.</li> <li>Support for analysis of memory images from Amazon EC2 instances (under both pv and hvm virtualization types).</li> <li>Access to a repository of over 9000 ZRKs (Zipped Reference Kernels) providing the metadata and baseline for analysis and verification of CentOS, Debian, Fedora, RHEL, and Ubuntu stock kernels.</li> <li>An easy-to-use tool for creation of ZRKs for other distributions or for custom kernels.</li> <li>Second Look ZRKs can also be used as Volatility profiles.</li> <li>Integrity verification of the kernel and processes in memory.</li> <li>Access to a pagehash database containing hashes of the executable code pages of the ELF executables and shared libraries from over 2 million software packages from the Amazon, CentOS, Debian, Fedora, RHEL, and Ubuntu distributions.</li> <li>An easy-to-use tool for the addition of pagehashes supporting verification of custom or third-party software.</li> <li>Detection of kernel rootkits, backdoors, and other kernel-mode malware (known and unknown varieties).</li> <li>Detection of shared library rootkits, keyloggers, spyware, injected libraries, injected threads, and other user-mode malware (known and unknown varieties).</li> <li>Detection of unknown or unauthorized processes.</li> <li>Recovery of device mapper crypto keys for LUKS, TrueCrypt, and other full disk encryption schemes.</li> <li>Extraction of system state from captured memory images, including loaded kernel modules, running processes, memory mappings, open files, active network connections, and more. Output is available in the GUI, in plain text from the CLI, and in JSON format for ingestion by other programs.</li> <li>Offline usage is supported via a subscription to our ZRK and pagehash reference data feeds.</li> </ul> <h3 style="text-align: justify;"> More Reasons to Choose Second Look</h3> <div style="text-align: justify;"> Beyond the unique and powerful Linux Incident Response feature set listed above, what sets Second Look apart is the team behind it and the quality of the software they deliver. </div> <ul style="text-align: justify;"> <li>The Second Look Team provides professional support via phone and email, with on-site consulting services available. You get direct access to experts in Linux system internals and security.</li> <li>Customer feedback often quickly leads to new features.</li> <li>Second Look ships with comprehensive documentation, including a User Guide with explanations of the techniques most commonly used by attackers to maintain stealthy persistence on Linux systems.</li> <li>Second Look is regression tested against a large suite of sample memory images to ensure maximum quality and compatibility.</li> <li>If you like the visibility that Second Look gives you during investigations, you can upgrade to the Enterprise Security edition to monitor your systems on an ongoing basis.</li> </ul> <ul style="text-align: justify;"> </ul> <h3 style="text-align: justify;"> Tutorial ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/wt326aXmDMA?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b>$1495 (USD) | <a href="http://secondlookforensics.com/contact/" target="_blank">Contact Here</a> for Purchase</div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://secondlookforensics.com/">http://secondlookforensics.com/</a></div>

Second Look (Linux Memory Forensics) :: Tools

  The Incident Response edition of Second Look®: Linux Memory Forensics is designed for use by investigators who need quick, easy, and e...

Read more »

BitPim (Manage and Forensics Data of CDMA Phones) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGX39dkjXOp48ppF7W5r8iXJLZS1jOmRfKmVlp9jLAZFgaU5PIGahTf_Iiw0eutIdq4-D27rsZynrg-L2XzUbJA1o-uUt_JhAsfHSND1q85iTITrSMONIlUygkv81G4mk_Ytn8npz2r84N/s1600/BitPim.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BitPim Screenshot" border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGX39dkjXOp48ppF7W5r8iXJLZS1jOmRfKmVlp9jLAZFgaU5PIGahTf_Iiw0eutIdq4-D27rsZynrg-L2XzUbJA1o-uUt_JhAsfHSND1q85iTITrSMONIlUygkv81G4mk_Ytn8npz2r84N/s1600/BitPim.jpg" title="BitPim Screenshot" width="400" /></a></div> <b>BitPim</b> is a program that allows you to <b>view and manipulate data on many CDMA phones</b> from LG, Samsung, Sanyo and other manufacturers. This includes the PhoneBook, Calendar, WallPapers, RingTones (functionality varies by phone) and the Filesystem for most Qualcomm CDMA chipset based <a href="http://www.toolwar.com/search/label/Phone" target="_blank">phones</a>.<br /> <b>BitPim</b> is a free, open source, cross-platform program for viewing and editing data on a CDMA cell phone. Roger Binns was the founder, project manager, and lead developer of the project, first releasing it on March 1st, 2003. Since then leadership has been handed over to another party and over two million users have downloaded it. The program has been developed in python and originally only supported the LG VX4400 but it now supports a variety of phone manufactures including Audiovox, Kyocera, LG, Motorola, Nokia, Palm, Samsung, Sanyo, and Toshiba.<br /><br />In order to use the program, a data cable and it's drivers, usually available from the supplier/manufacturer, are required. <b>BitPim</b> will try and automatically detect a phone but its recommended that settings are manually configured.<br /> <h3> <b>Features :: </b> </h3> The program can examine the phonebook, calendar, media (e.g. sounds, ringers, images), memos, todo lists, SMS messages, call history, play lists, and raw filesystem from devices.<br /><br />Features are dependent on the phone model. For a full list of each phones supported features see BitPim's supported phones list.<br /><br />The data can be manipulated through the software and changes can be uploaded to the phone. Calendar, Phonebook, Memo, Todo, and Playlist data can all be imported from an external file. For backup purposes all of the data can be exported to external files.<br /> <h3> Forensics :: </h3> If doing a <a href="http://www.toolwar.com/search/label/Investigation" target="_blank">forensic investigation</a> the application should always be in read only mode, which claims to block all write commands to the phone. The program will not recover deleted data nor does it always recover all undeleted data. The file system view is a very important feature forensically as it allows a raw view of data from the phone, possibly uncovering data that <b>BitPim</b> missed or found unimportant. An advanced feature that could also be vital to a <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">forensic</a> investigation is BitFling. This feature allows another computer to remotely access a phones data over the internet. A phone could be confiscated in California, connected to BitPim with BitFling configured, and be forensically analyzed in New York. Lastly exporting the data is very important so that copies of the data can be made, ensuring no data is lost or manipulated. <br /> <br /></div> <div style="text-align: justify;"> <b>All Supported model of Phones ::</b> <a href="http://www.bitpim.org/help/" target="_blank">Click Here</a> </div> <div style="text-align: justify;"> <b>FAQ ::</b> <a href="http://www.bitpim.org/help/faq.htm" target="_blank">Click Here</a></div> <div style="text-align: justify;"> <b>Help and Support :: </b><a href="http://www.bitpim.org/help/support.htm" target="_blank">Click Here</a></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/75tNvKLz0F8?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows | Linux | Mac :: </b><a href="http://prdownloads.sourceforge.net/bitpim/bitpim-1.0.7-setup.exe?download" target="_blank">BitPim</a> (.exe) | <a href="http://prdownloads.sourceforge.net/bitpim/bitpim-1.0.7-0.i386.rpm?download" target="_blank">BitPim</a> (.rpm) | <a href="http://prdownloads.sourceforge.net/bitpim/LEOPARD-bitpim-1.0.7.dmg?download" target="_blank">BitPim</a> (.dmg)</div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="http://www.bitpim.org/">http://www.bitpim.org/</a></div>

BitPim (Manage and Forensics Data of CDMA Phones) :: Tools

BitPim is a program that allows you to view and manipulate data on many CDMA phones from LG, Samsung, Sanyo and other manuf...

Read more »

Scalpel (Data Carving / Forensics) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Scalpel File Carving" border="0" height="401" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3VpA7fvHWtvtTu1En4hyKfrQQ-P789lCCdh2-IYD099ppsXp5Vhruf9DLfp_3pcxvEU9irpL6sjH0wpQQua8wSJVqplQItpzc4tlOPDG__ydIAUTBDybUKBMBHnVX60mxAi3pbZ0zZSJD/s1600/Scalpel+Forensics.jpg" title="Scalpel File Carving" width="640" /></div> <br /> <b>Scalpel</b> is a <b>file carving and indexing application</b> that runs on <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> and <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>.  The first version of <b>Scalpel</b>, released in 2005, was based on <a href="http://www.toolwar.com/2013/11/foremost-tools.html" target="_blank">Foremost</a> 0.69. There have been a number of internal releases since the last public release, 1.60, primarily to support our own research.  The newest public release v2.0, has a number of additional features, including:<br /> <ul> <li>Minimum carve sizes.</li> <li>Multithreading for quicker execution on multicore CPUs.</li> <li>Asynchronous I/O that allows disk operations to overlap with pattern matching--this results in a substantial performance improvement.</li> <li>Regular expression support for headers/footers.</li> <li>Embedded header/footer matching for better processing of structured file types that may contain embedded files.</li> <li>For advanced users, support for massively-threaded execution on Graphics Processing Units (GPUs).  This feature is available only on Linux and requires installation of the NVIDIA CUDA SDK, modification of scalpel.h to enable the GPU threading mode, and compilation with the CUDA toolchain.  Our implementation also requires an NVIDIA GPU with compute capability >= 1.2, so older CUDA-capable cards probably won't work.  The NVIDIA GTX 260 is relatively inexpensive and powerful and has the appropriate compute capability.  The GPU-enhanced version of Scalpel is able to do preview carving at rates that exceed the disk bandwidth of most file servers, so for big jobs, it may be worth the extra effort required to use this feature.  Note that regular expression-based headers and footers are NOT currently supported when GPU acceleration is in use!  We might address this in a future release.</li> </ul> <br /> <b>Scalpel</b> performs <a href="http://www.toolwar.com/search/label/Carving" target="_blank">file carving</a> operations based on patterns that describe particular file or data fragment "types".  These patterns may be based on either fixed binary strings or regular expressions. A number of default patterns are included in the configuration file included in the distribution, <b>"scalpel.conf"</b>.  The comments in the configuration file explain the format of the file carving patterns supported by <b>Scalpel</b>.<br /> <br /> Important note: The default configuration file, "scalpel.conf", has all supported file patterns commented out--you must edit this file before running Scalpel to activate some patterns.  Resist the urge to simply uncomment all file carving patterns; this wastes time and will generate a huge number of false positives.  Instead, uncomment only the patterns for the file types you need.<br /> <br /> <b>Scalpel </b>options are described in the <b>Scalpel</b> man page, "scalpel.1". You may also execute Scalpel w/o any <a href="http://www.toolwar.com/search/label/CLI" target="_blank">command line</a> arguments to see a list of options.<br /> <br /> NOTE: Compilation is necessary on Unix platforms and on <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X</a>.  For Windows platforms, a precompiled scalpel.exe is provided.  If you do wish to recompile <b>Scalpel</b> on Windows, you'll need a mingw (gcc) setup. Scalpel will not compile using Visual Studio C compilers.  Note that our compilation environment for <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> is currently 32-bit; we haven't tested on the 64-bit version of mingw, but will address this int the future.<br /> <br /> <b>Other Supportive Platforms :: </b></div> <div style="text-align: justify;"> <br /> We are not currently supporting <b>Scalpel</b> on <a href="http://www.toolwar.com/search/label/Unix" target="_blank">Unix</a> variants other than Linux. Go ahead and try a ./configure and make and see what happens, but be sure to do thorough testing before using <b>Scalpel</b> in production work.  If you are interested in supporting a version of <b>Scalpel </b>on an alternate platforms, please contact us.  If you are interested in supporting a GPU-enhanced version of Scalpel on Windows, we are also interesting in hearing from you.<br /> <br /> <b>Limitations ::</b> <br /> <br /> Carving Windows physical and logical device files (e.g., \\.\physicaldrive0 or \\.\c:) isn't currently supported because it requires us to rewrite some portions of <b>Scalpel </b>to use Windows file I/O functions rather than standard Unix calls.  This may be supported in a future release.<br /> <br /> Block map features are currently disabled, as we are rewriting this subsystem to enhance interoperability with the <a href="http://www.toolwar.com/2014/01/the-sleuth-kit-tsk-forensics-framework.html" target="_blank">Sleuthkit</a>.  An improved version of the block map features will return in a subsequent release. The -s command line option ("skip") has been removed and will be replaced with a more robust facility in the next major release.<br /> <br /> <br /> <b>Dependencies ::</b><br /> <br /> Scalpel uses the POSIX threads library.  On Win32, Scalpel is distributed with the Pthreads-win32 - POSIX Threads Library for Win32, which is Copyright(C) 1998 John E. Bossom and Copyright(C) 1999,2005 by Pthreads-win32 contributors.  This library is licensed under the LGPL.<br /> <br /> Scalpel for Win32 uses the tre regular expression library and is distributed with tre-0.7.5, which is licensed under the LGPL.</div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <h3> Tutorials :: </h3> <b>COMPILE INSTRUCTIONS ON SUPPORTED PLATFORMS :: </b><br /> <b>Linux/Mac OS X ::</b> <br /> <div style="text-align: justify;"> <span style="font-family: "Courier New",Courier,monospace;">./configure and then make</span><br /> <br /> <b>Windows :: </b> </div> cd to src directory and then:<br /> <span style="font-family: "Courier New",Courier,monospace;">mingw32-make -f Makefile.win</span><br /> <br /> and enjoy.  If you want to install the binary and man page in a more permanent place, just copy "scalpel" (or "scalpel.exe") and "scalpel.1" to appropriate locations, e.g., on Linux, "/usr/local/bin" and "/usr/local/man/man1", respectively.  On Windows, you'll also need to copy the pthreads and tre regular expression library dlls into the same directory as "scalpel.exe".<br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/5Z9JsBazOdw?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> Download ::</h3> </div> <div style="text-align: justify;"> <b>Linux | Windows | Mac :: </b><a href="https://github.com/sleuthkit/scalpel/archive/master.zip" target="_blank">Scalpel</a> (.zip)<b> </b></div> <div style="text-align: justify;"> <b>Official Website :: </b> <a href="https://github.com/sleuthkit/scalpel">https://github.com/sleuthkit/scalpel</a></div>

Scalpel (Data Carving / Forensics) :: Tools

Scalpel is a file carving and indexing application that runs on Linux and Windows .  The first version of Scalpel , released in 2005,...

Read more »

Bulk Extractor (Computer Forensics) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Bulk Extractor" border="0" height="267" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSwFRjzP4nYzs-ILiilqCBkm5oZiif74oCtqJU8AR5h2mTI_uHT4qyVykTzAKntroljTwfaPMVl2vcJLfpgcd6GaTRTidtiwi8dgXrG0Sp6F0pMD2_DCiaA94q7R02Bz4t8-nz_dhg07WE/s1600/computer-forensic-analysis.jpg" title="Bulk Extractor" width="400" /></div> <div style="text-align: justify;"> <b>Bulk Extractor</b> is a <b>computer forensics tool</b> that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. The results can be easily inspected, parsed, or processed with automated tools. <b>Bulk Extractor</b> also created a histograms of features that it finds, as features that are more common tend to be more important. The program can be used for law enforcement, defense, intelligence, and <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">cyber-investigation</a> applications. </div> <div style="text-align: justify;"> bulk_extractor is distinguished from other forensic tools by its speed and thoroughness. Because it ignores file system structure, <b>Bulk Extractor</b> can process different parts of the disk in parallel. In practice, the program splits the disk up into 16MiByte pages and processes one page on each available core. This means that 24-core machines process a disk roughly 24 times faster than a 1-core machine. <b>Bulk Extractor</b> is also thorough. That’s because <b>Bulk Extractor</b> automatically detects, decompresses, and recursively re-processes compressed data that is compressed with a variety of algorithms. Our <a href="http://www.toolwar.com/search/label/Testing" target="_blank">testing</a> has shown that there is a significant amount of compressed data in the unallocated regions of file systems that is missed by most <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">forensic tools</a> that are commonly in use today. </div> <div style="text-align: justify;"> Another advantage of ignoring file systems is that <b>Bulk Extractor</b> can be used to process any digital media. We have used the program to process hard drives, SSDs, optical media, camera cards, <a href="http://www.toolwar.com/search/label/Phone" target="_blank">cell phones</a>, network packet dumps, and other kinds of digital information. </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <span style="font-family: inherit;"><span style="font-size: small;"><b>Compiling for MacOS or Linux</b> :: </span></span></div> <div style="text-align: justify;"> <span style="font-family: inherit;"><span style="font-size: small;">From the downloaded source directory run bootstrap.sh, configure and make: </span></span> </div> <ul style="text-align: justify;"> <li><span style="font-family: "Courier New",Courier,monospace;">$ cd bulk_extractor </span></li> <li><span style="font-family: "Courier New",Courier,monospace;">$ sh bootstrap.sh </span></li> <li><span style="font-family: "Courier New",Courier,monospace;">$ sh configure </span></li> <li><span style="font-family: "Courier New",Courier,monospace;">$ make </span></li> <li><span style="font-family: "Courier New",Courier,monospace;">$ sudo make install </span></li> </ul> <div style="text-align: justify;"> <b>Compiling for Windows :: </b></div> <div style="text-align: justify;"> There are three ways to compile for Windows: </div> <div style="text-align: justify;"> 1. Cross-compiling from a Linux or Mac system with mingw. </div> <div style="text-align: justify;"> 2. Compiling natively on Windows using mingw. </div> <div style="text-align: justify;"> 3. Compiling natively on Windows using cygwin (untested)</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Cross-compiling for Windows using Debian Testing (wheezy) or Ubuntu 12.04 LTS (with mingw) :: </b></div> <div style="text-align: justify;"> You will need to install mingw-w64 and zlib-dev: </div> <ul style="text-align: justify;"> <li><span style="font-family: "Courier New",Courier,monospace;">$ sudo apt-get update </span></li> <li><span style="font-family: "Courier New",Courier,monospace;">$ sudo apt-get upgrade </span></li> <li><span style="font-family: "Courier New",Courier,monospace;">$ sudo apt-get -y install mingw-w64 </span></li> </ul> <div style="text-align: justify;"> Next, download zlib from zlib.net </div> <ul style="text-align: justify;"> <li><span style="font-family: "Courier New",Courier,monospace;">$ ./configure --host=i686-w64-mingw32 </span></li> </ul> <div style="text-align: justify;"> This allows the cross-compiling of the 64-bit and the 32-bit bulk_extractor.exe, although we do not recommend running the 32-bit version. </div> <div style="text-align: justify;"> Now you are ready to compile: </div> <ul style="text-align: justify;"> <li><span style="font-family: "Courier New",Courier,monospace;">$ git clone --recursive https://github.com/simsong/bulk_extractor.git </span></li> <li><span style="font-family: "Courier New",Courier,monospace;">$ cd bulk_extractor </span></li> <li><span style="font-family: "Courier New",Courier,monospace;">$ sh bootstrap.sh </span></li> <li><span style="font-family: "Courier New",Courier,monospace;">$ mingw64-configure</span></li> </ul> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Installing on a Linux/MacOS/Mingw system :: </b></div> <ul style="text-align: justify;"> <li><span style="font-family: "Courier New",Courier,monospace;">$ ./configure </span></li> <li><span style="font-family: "Courier New",Courier,monospace;">$ make </span></li> <li><span style="font-family: "Courier New",Courier,monospace;">$ sudo make install  </span></li> </ul> <div style="text-align: justify;"> <b>Usages :: </b> </div> <div style="text-align: justify;"> To get started and send an extract of image.raw to OUTPUT, use this command: </div> <ul style="text-align: justify;"> <li><span style="font-family: "Courier New",Courier,monospace;">$ /usr/local/bin/bulk_extractor -o OUTPUT image.raw </span> </li> </ul> <div style="text-align: justify;"> <b>For more & Troubleshooting :: </b><a href="https://github.com/simsong/bulk_extractor" target="_blank">Click Here</a><br /> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/wTBHM9DeLq4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux | Mac | Windows :: </b><a href="https://github.com/simsong/bulk_extractor/archive/master.zip" target="_blank">Bulk Extractor</a> (tarball)<b> | </b><a href="http://digitalcorpora.org/downloads/bulk_extractor/bulk_extractor-1.4.1-windowsinstaller.exe" target="_blank">Bulk Extractor</a> (.exe)<b> | </b><a href="http://digitalcorpora.org/downloads/bulk_extractor/bulk_extractor-1.4.4.tar.gz" target="_blank">Bulk Extractor</a> (.tar.gz)<b> </b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="https://github.com/simsong/bulk_extractor">https://github.com/simsong/bulk_extractor</a></div>

Bulk Extractor (Computer Forensics) :: Tools

Bulk Extractor is a computer forensics tool that scans a disk image, a file, or a directory of files and extracts useful information ...

Read more »

AndiParos (Web Application Security Assessments) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjH1vpXX0DjZZItydH0KB9zNnfXlCbRkY7UWHW5FiqbE4Hx-kZMJEJs4iZIKQXj74FOKOYKrBbA0ws0u1Dw5qCx02GfzGD3M8_BRJhHOetEmnneVAQP2WANvMYpwj_5WJdX8W1M8Ndcsq2S/s1600/Andiparos_Screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="AndiParos Screenshot" border="0" height="307" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjH1vpXX0DjZZItydH0KB9zNnfXlCbRkY7UWHW5FiqbE4Hx-kZMJEJs4iZIKQXj74FOKOYKrBbA0ws0u1Dw5qCx02GfzGD3M8_BRJhHOetEmnneVAQP2WANvMYpwj_5WJdX8W1M8Ndcsq2S/s1600/Andiparos_Screenshot.png" title="AndiParos Screenshot" width="400" /></a></div> <div style="text-align: justify;"> <b>Andiparos</b> is a fork of the famous <a href="http://www.toolwar.com/2013/09/paros-proxy-tools.html" rel="" target="_blank">Paros Proxy</a>. It is an open source <b>web application security assessment tool</b> that gives <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration</a> testers the ability to spider websites, analyze content, intercept and modify requests, etc. </div> <div style="text-align: justify;"> The advantage of <b>Andiparos</b> is mainly the support of Client Certificates on Smartcards. Moreover it has several small interface enhancements, making the life easier for penetration testers... </div> <div style="text-align: justify;"> Features: </div> <ul style="text-align: justify;"> <li>Smartcard support </li> <li>BeanShell support </li> <li>History Filter (URLs) </li> <li>Passive Scanner </li> <li>Advanced search functionality </li> <li>MultiTags for request/response </li> <li>Mark Request/Response </li> <li>Better<a href="http://www.toolwar.com/search/label/Mac" target="_blank"> Mac OS X</a> integration </li> <li>other nice enhancements... </li> </ul> <h3> Tutorials ::</h3> <b>Wiki ::</b> <a href="https://code.google.com/p/andiparos/w/list" target="_blank">Click Here</a>  <br /> <h3> Download ::</h3> <b>Linux | Windows | Mac :: </b><a href="https://code.google.com/p/andiparos/downloads/detail?name=Andiparos-1.0.6.zip" target="_blank">Andiparos v1.0.6</a> (.zip) | <a href="https://code.google.com/p/andiparos/downloads/detail?name=Andiparos-1.0.6-Installer.exe" target="_blank">Andiparos v1.0.6</a> (.exe) | <a href="https://code.google.com/p/andiparos/downloads/detail?name=Andiparos-v1.0.6.dmg" target="_blank">Andiparos v1.0.6</a> (.dmg) <br /> <b>Source Website :: </b><a href="https://code.google.com/p/andiparos/">https://code.google.com/p/andiparos/</a>

AndiParos (Web Application Security Assessments) :: Tools

Andiparos is a fork of the famous Paros Proxy . It is an open source web application security assessment tool that gives penetration ...

Read more »

KisMAC (Sniffer/Scanner for Mac OS X) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="KisMAC Logo" border="0" height="277" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT0hq_xqF0S3TgubdqI2kXMyQJdIa4Xw5tz6EqhN_X9lUnO1W1Dy4wjcwJ9tMbIWnyC8-GYuHFmw13erY5ILu7_KOBlGEksaYGYIK-_qu-pDLXXY2SdMuEAG8TXkP4qSN0eOa4tJo6OGPl/s1600/kisMAC+logo.png" title="KisMAC Logo" width="320" /></div> <div style="text-align: justify;"> <b>KisMAC</b> is a popular <b>wireless stumbler for Mac OS X</b> offers many of the features of its namesake <a class="local" href="http://www.toolwar.com/2013/09/kismet-tools.html" target="_blank">Kismet</a>, though the codebase is entirely different. Unlike console-based Kismet, <b>KisMAC</b> offers a pretty <a href="http://www.toolwar.com/search/label/GUI" target="_blank">GUI</a> and was around before Kismet was ported to OS X. It also offers mapping, Pcap-format import and logging, and even some decryption and deauthentication attacks.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>KisMAC</b> is an open-source and free <a href="http://www.toolwar.com/search/label/Sniffer" target="_blank">sniffer</a>/<a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanner</a> application for <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X</a>. It has an advantage over MacStumbler / iStumbler / <a href="http://www.toolwar.com/2013/09/netstumbler-tools.html" target="_blank">NetStumbler</a> in that it uses monitor mode and passive scanning. </div> <div style="text-align: justify;"> KisMAC supports many third party <a href="http://www.toolwar.com/search/label/USB" target="_blank">USB</a> devices: Intersil Prism2, Ralink rt2570, rt73, and Realtek rtl8187 chipsets. All of the internal AirPort hardware is supported for scanning. </div> <div style="text-align: justify;"> The rest of this wiki assumes you are prepared for advanced topics and know what you are doing with your system. </div> <h3 id="Features" style="text-align: justify;"> Features ::</h3> <ul style="text-align: justify;"> <li>Reveals hidden / cloaked / closed SSIDs </li> <li>Shows logged in clients (with MAC Addresses, IP addresses and signal strengths) </li> <li>Mapping and GPS support </li> <li>Can draw area maps of network coverage </li> <li>PCAP import and export </li> <li>Support for 802.11b/g </li> <li>Different attacks against encrypted networks </li> <li>Deauthentication attacks </li> <li>AppleScript-able </li> <li>Kismet drone support (capture from a Kismet drone) </li> </ul> <h3 id="Supportedhardwarechipsets" style="text-align: justify;"> Supported Hardware Chipsets :: </h3> <ul style="text-align: justify;"> <li>Apple AirPort and AirPort Extreme (dependent upon Apple's drivers) </li> <li>Intersil Prism 2, 2.5, 3 USB devices </li> <li>Ralink rt2570 and rt73 USB devices </li> <li>Realtek RTL8187L USB (such as the Alfa AWUS036H, which does not work on Mac OS 10.6.7 or later) </li> </ul> <h3 id="Cryptosupport" style="text-align: justify;"> Crypto Support :: </h3> <ul style="text-align: justify;"> <li>Bruteforce attacks against LEAP, WPA and WEP </li> <li>Weak scheduling attack against WEP </li> <li>Newsham 21-bit attack against WEP </li> </ul> <h3 style="text-align: justify;"> Tutorials :: </h3> <div style="text-align: justify;"> <b>Wiki ::</b> <a href="http://trac.kismac-ng.org/" target="_blank">Click Here</a></div> <div style="text-align: justify;"> <b>Forum ::</b> <a href="http://forum.kismac-ng.org/" target="_blank">Click Here </a></div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/lBGN5OGCPgI?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;"> Download :: </h3> <div style="text-align: justify;"> <b>Mac :: </b><a href="http://update.kismacmirror.com/binaries/KisMAC-0.3.3.dmg" target="_blank">KisMAC v0.3.3</a> (.dmg)<b> </b></div> <div style="text-align: justify;"> <b>Official Website ::  </b><a href="http://kismac-ng.org/">http://kismac-ng.org/</a></div>

KisMAC (Sniffer/Scanner for Mac OS X) :: Tools

KisMAC is a popular wireless stumbler for Mac OS X offers many of the features of its namesake Kismet , though the codebase is entirel...

Read more »

FS-NyarL (Pentesting and Forensics) :: Framework

<div class="separator" style="clear: both; text-align: center;"> <img alt="FS-NyarL Logo" border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyvqhfIV1vfEKDsDPoTq-IY5y6kdJuGAIfRzvtSPL90-6xtK2hDdppU1kPwgvztn_cudPZFcOqOalRYynOeDEflS5wufjqugLOyzJNrbZhqLjb34aHNnZuPJhRLZ_SInYW0BFppZeFQqDm/s1600/FS-NyarL+Logo.jpg" title="FS-NyarL Logo" width="248" /></div> <div style="text-align: justify;"> <b>NyarL</b> it's Nyarlathotep, a mitological chaotic deity of the writer HP. Lovecraft's cosmogony.  It's represent Crawling Chaos and <b>FS-NyarL</b> it's The <b>Crawling Chaos of Cyber Security</b>. A <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> takeover & <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">forensic analysis tool</a> - useful to advanced PenTest tasks & for fun and profit - but use it at your own risk! </div> <ul style="text-align: justify;"> <li>Interactive Console</li> <li>Real Time Passwords Found</li> <li>Real Time Hosts Enumeration</li> <li>Tuned Injections & Client Side Attacks</li> <li>ARP Poisoning & SSL Hijacking</li> <li>Automated HTTP Report Generator</li> </ul> <div style="text-align: justify;"> <b>ATTACKS IMPLEMENTED:</b> </div> <ul style="text-align: justify;"> <li>MITM (Arp Poisoning)</li> <li>Sniffing (With & Without Arp Poisoning)</li> <li>SSL Hijacking (Full SSL/TLS Control)</li> <li>HTTP Session Hijaking (Take & Use Session Cookies)</li> <li>Client Browser Takeover (with Filter Injection in data stream)</li> <li>Browser AutoPwn (with Filter Injection in data steam)</li> <li>Evil Java Applet (with Filter Injection in data stream)</li> <li>DNS Spoofing</li> <li>Port Scanning</li> </ul> <table class="notableborder" style="margin-left: 0px; margin-right: 0px; text-align: left;"><tbody> <tr><td colspan="2"><b>POST ATTACKS DATA OBTAINED:</b><br /> <ul> <li>Passwords extracted from data stream</li> <li>Pcap file with whole data stream for deep analysis</li> <li>Session flows extracted from data stream (Xplico & Chaosreader)</li> <li>Files extracted from data stream</li> <li>Hosts enumeration (IP,MAC,OS)</li> <li>URLs extracted from data stream</li> <li>Cookies extracted from data stream</li> <li>Images extracted from data stream</li> <li>List of HTTP files downloaded extracted from URLs</li> </ul> </td> </tr> <tr><td><b>DEPENDENCIES (aka USED TOOLS):</b><br /> <ul> <li>Chaosreader (already in bin folder)</li> <li><a href="http://www.toolwar.com/2013/11/xplico-tools.html" target="_blank">Xplico</a></li> <li><a href="http://www.toolwar.com/2013/09/ettercap-076-tools.html" target="_blank">Ettercap</a></li> <li>Arpspoof</li> <li>Arp-scan</li> <li>Mitmproxy</li> <li><a href="http://www.toolwar.com/2014/02/nmap-and-zenmap-network-discovery-and.html" target="_blank">Nmap</a></li> <li><a href="http://www.toolwar.com/2013/09/tcpdump-is-network-sniffer-we-all-used.html" target="_blank">Tcpdump</a></li> <li><a href="http://www.toolwar.com/2013/09/beef-browser-exploitation-framework.html" target="_blank">Beef</a></li> </ul> </td> <td><ul> <li><a href="http://www.toolwar.com/2013/10/social-engineering-toolkit-set-tools.html" target="_blank">SET</a></li> <li><a href="http://www.toolwar.com/2013/09/metasploit-framework.html" target="_blank">Metasploit</a></li> <li><a href="http://www.toolwar.com/2013/09/dsniff-tools.html" target="_blank">Dsniff</a></li> <li><a href="http://www.toolwar.com/2013/10/technitium-mac-address-changer-v6-tools.html" target="_blank">Macchanger</a></li> <li>Hamster</li> <li>Ferret</li> <li><a href="http://www.toolwar.com/2013/10/p0f-tools.html" target="_blank">P0f</a></li> <li><a href="http://www.toolwar.com/2013/11/foremost-tools.html" target="_blank">Foremost</a></li> <li>SSLStrip</li> <li><a href="http://www.toolwar.com/2014/02/sslsplit-mitm-attack-against-ssltls.html" target="_blank">SSLSplit</a></li> </ul> </td></tr> </tbody></table> <br /> <table class="notableborder" style="margin-left: 0px; margin-right: 0px; text-align: left;"><tbody> <tr><td><h3> Tutorials ::</h3> <b>Screenshots ::  </b><a href="http://www.fulgursecurity.com/en/content/fs-nyarl" target="_blank">Click Here</a> <br /> <h3> Download ::</h3> <b>Linux ::</b> <a href="http://www.fulgursecurity.com/tools/fs-nyarl/FS-NyarL_v1.0-kali.tar.gz" target="_blank">FS-NyarL v1.0</a> (.tar.gz)<br /> <b>Official Website :: </b><a href="http://www.fulgursecurity.com/en/content/fs-nyarl">http://www.fulgursecurity.com/en/content/fs-nyarl</a></td></tr> </tbody></table>

FS-NyarL (Pentesting and Forensics) :: Framework

NyarL it's Nyarlathotep, a mitological chaotic deity of the writer HP. Lovecraft's cosmogony.  It's represent Crawling Chaos...

Read more »

FARADAY (Integrated Penetration Testing IDE) :: Framework

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="FARADAY Logo" border="0" height="91" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj03zjrenjfh3-P90KLn_GSw8ONyaQLqXdR6otoyPAiIMj1ETcLzdJpofOdDKILtTGY6U_4FS4zlEyLZEVF0IEjyTWLMkZrm9wa3U-YS1L8K8A1NQO_j0muNmj9wiuSaqph9OyYKddiOc-f/s1600/Faraday-Logo.png" title="FARADAY Logo" width="400" /></div> <b>Faraday</b> introduces a new concept (IPE) <b>Integrated Penetration-Test Environment</b> a multiuser <b>Penetration test IDE</b>. Designed for distribution, indexation and analysis of the generated data during the process of a <a href="http://www.toolwar.com/search/label/Security" target="_blank"> security audit</a>.</div> <div style="text-align: justify;"> The main purpose of <b>Faraday</b> is to re-use the available tools in the community to take advantage of them in a multiuser way.</div> <div style="text-align: justify;"> Design for simplicity, users should feel no difference between their own terminal application and the one included in <b>Faraday</b>. Developed with a specialized set of functionalities that help users improve their own work. Do you remember yourself programming without an IDE? Well, <b>Faraday</b> does the same an IDE does for you when programming, but from the perspective of a <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration test</a>.</div> <div style="text-align: justify;"> <br /> <b>Requirement ::  </b></div> <div style="text-align: justify;"> <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Modern Linux</a> (Tested Debian / Ubuntu * / <a href="http://www.toolwar.com/2013/09/kali-linux-toolwar.html" target="_blank">Kali</a> / <a href="http://www.toolwar.com/2013/09/backtrack-5-r3-distribution.html" target="_blank">Backtrack</a>)</div> <ul style="text-align: justify;"> <li>Python 2.6.x and 2.7.x</li> <li>Qt3</li> <li>CouchDB >= 1.2.0<br /> </li> <li>The following python libs: <ul> <li>mockito </li> <li>couchdbkit </li> <li>whoosh </li> <li>argparse </li> <li>psycopg2</li> <li>IPy</li> <li>requests</li> </ul> <h3> </h3> </li> </ul> <h3 style="text-align: justify;"> Tutorials :: </h3> <div style="text-align: justify;"> <b>Installation :: </b> </div> <div style="text-align: justify;"> Preferably, you can download faraday by cloning the Git repository:</div> <div style="text-align: justify;"> <pre><code>$ git clone https://github.com/infobyte/faraday.git faraday-dev $ cd faraday-dev $ ./install </code></pre> </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Usage :: </b></div> <div style="text-align: justify;"> To get started, simply execute faraday and use the new console to start working in the pentest: </div> <div style="text-align: justify;"> <pre><code>$ ./faraday</code></pre> <pre><code> </code></pre> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/EBz0g6ya7Mg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> </div> <h3 style="text-align: justify;"> Download :: </h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="https://github.com/infobyte/faraday/archive/master.zip" target="_blank">Faraday</a> (tarball) <b> </b></div> <div style="text-align: justify;"> <b>Source Website :: </b><a href="https://github.com/infobyte/faraday">https://github.com/infobyte/faraday</a></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://www.faradaysec.com/">http://www.faradaysec.com/</a></div>

FARADAY (Integrated Penetration Testing IDE) :: Framework

Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment a multiuser Penetration test IDE . Designed for distrib...

Read more »

SIPVicious (Auditing SIP Based VoIP System) :: Tools

<div style="text-align: justify;"><div class="separator" style="clear: both; text-align: center;"><img alt="SIP VoIP " border="0" height="324" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgs5pKQQ6VdyR7URrQT6nS1VVL0igxhRv5L4g9jfkKRkBLjfBegI6eKZANJ63AqMiWYIf8m2YEb8azNj4j9bwx-gCWo_jYM66n1k2GggJOHg0mLwLS0hJ7h7UWskxn3gWk6PAqEtxcvgABJ/s1600/SIP+VoIP.png" title="SIP VoIP " width="640" /></div><b>SVMAP</b> is a part of a suite of tools called <b>SIPVicious</b> and it’s my favorite <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanner</a> of choice It can be used to scan identify and fingerprint a single IP or a range of IP addresses. <b>Svmap</b> allows specifying the request method which is being used for scanning, the default method is OPTIONS, it offers debug and verbosity options and even allows scanning the SRV records for SIP on the destination domain. You can use the <b>./svmap –h</b> in order to view all the available arguments </div><div style="text-align: justify;"><b>SIPVicious suite</b> is a set of <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> that can be used to audit SIP based <a href="http://www.toolwar.com/search/label/VOIP" target="_blank">VoIP systems</a>. It currently consists of four tools: </div><ul style="text-align: justify;"><li>svmap - this is a sip scanner. Lists SIP devices found on an IP range </li> <li>svwar - identifies active extensions on a PBX </li> <li>svcrack - an online password cracker for SIP PBX </li> <li>svreport - manages sessions and exports reports to various formats </li> <li>svcrash - attempts to stop unauthorized svwar and svcrack scans </li> </ul><div style="text-align: justify;">It was tested on the following systems: </div><ul style="text-align: justify;"><li><a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux </a></li> <li><a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X </a></li> <li><a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows </a></li> <li><a href="http://www.toolwar.com/search/label/FreeBSD" target="_blank">FreeBSD 6.2 </a></li> <li>Jailbroken iPhone with python installed </li> </ul><div style="text-align: justify;">If you use it on systems that are not mentioned here please let me know goes it goes. </div><h3 style="text-align: justify;">Tutorials ::</h3><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Zp_gzjV8l4c?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div><div style="text-align: justify;"></div><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/3a7xJeNQfOk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div><h3 style="text-align: justify;"> </h3><h3 style="text-align: justify;">Download ::</h3><div style="text-align: justify;"><b>Linux | Windows | Mac | FreeBSD :: </b><a href="http://sipvicious.googlecode.com/files/sipvicious-0.2.8.zip" target="_blank">SIPVicious v0.2.8</a> (.zip) | <a href="http://sipvicious.googlecode.com/files/sipvicious-0.2.8.tar.gz" target="_blank">SIPVicious v0.2.8</a> (.tar.gz)<b> </b></div><div style="text-align: justify;"><b>Official Website :: </b> <a href="http://code.google.com/p/sipvicious/">http://code.google.com/p/sipvicious/</a></div>

SIPVicious (Auditing SIP Based VoIP System) :: Tools

SVMAP is a part of a suite of tools called SIPVicious and it’s my favorite scanner of choice It can be used to scan identify and fingerp...

Read more »

VoIPong (VoIP Sniffer and Call Detector) :: Tools

<div class="separator" style="clear: both; text-align: center;"><img alt="VoIP Hacking " border="0" height="337" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBxH793kkyuODvT2YM2SvDUf4q_9lL0i3cTdtxNEAo0qVv-QShCchSo0Ehnp75muGHbqnHldC6K2_wNn69CsW7RtQY-YphAkIyGJe1_VtlepwwSyy73nzn1i4ezE1fZdcy-tCJ8QdLUlCp/s1600/VoIP+Hacking.jpg" title="VoIP Hacking " width="640" /></div><div class="style3" style="text-align: justify;"><b>VoIPong</b> is a utility which detects all <b><a href="http://www.toolwar.com/search/label/VOIP" target="_blank">Voice Over IP</a> calls on a pipeline</b>, and for those which are G711 encoded, dumps actual conversation to seperate wave files. It supports SIP, H323, Cisco's Skinny Client Protocol, RTP and RTCP. </div><div class="style3" style="text-align: justify;">It's been written in C language for performance reasons, proved to be running on Solaris, <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> and <a href="http://www.toolwar.com/search/label/FreeBSD" target="_blank">FreeBSD</a>; though it's thought to compile and run on other platforms as well. </div><div class="style3" style="text-align: justify;">On a 45 Mbit/sec network traffic, it's been verified that <b>VoIPong</b> successfully detected all <a href="http://www.toolwar.com/search/label/VOIP" target="_blank">VoIP </a>gateways and the VoIP calls. CPU utilization during the run has been found ranging between 66% - 80% on a 256MB RAM, Celeron 1700 Mhz Toshiba notebook. </div><span class="style1"><b>Features :: </b></span><br /> <ul><li class="style2">Produces real .Wav files for direct audio hearing. </li> <li class="style2">Simple, optimized, extandable fast code </li> <li class="style2">The algorithm doesn't depend on signalling but on RTP/RTCP </li> <li class="style2">Detailed logging. (Comfortable for 'cut' and 'cat' operations to produce statistics.) </li> <li class="style2">Powerful management console interface </li> <li class="style2">Easy installation and administration</li> <li class="style2">Easy debugging. </li> </ul><h3 class="style3" style="text-align: justify;">Tutorials ::</h3><b>Users Manual ::</b> <a href="http://www.enderunix.org/voipong/users-manual/" target="_blank">Click Here</a><br />   <br /> <div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/ow1bRp6E8og?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 class="style3" style="text-align: justify;">Download ::</h3><div class="style3" style="text-align: justify;"><b>Linux :: </b><a href="https://github.com/EnderUNIX/VoIPong/archive/master.zip" target="_blank">VoIPong v2.0</a></div><div class="style3" style="text-align: justify;"><b>Official Website :: </b><a href="http://www.enderunix.org/voipong/">http://www.enderunix.org/voipong/</a></div>

VoIPong (VoIP Sniffer and Call Detector) :: Tools

VoIPong is a utility which detects all Voice Over IP calls on a pipeline , and for those which are G711 encoded, dumps actual conversati...

Read more »

SNMPCheck (SNMP Enumeration) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="SNMPCheck" border="0" height="316" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNQCGr22VHfWJI20ydnqXWT0FpVBP1u6mdLTIESgT_IN6QGduciK1QWIlWG0O__y2nvACefsDE1DFwXrHO973XbWbfbepc3FXB2bD_TX7jy6oZwLrfRXAkd_PCKf9C_28TD-klFE3QJk_P/s1600/SNMPCheck.jpg" title="SNMPCheck" width="400" /></div> <b>SNMPCheck</b> allows you to <b>enumerate the SNMP</b> devices and places the output in a very human readable friendly format. It could be useful for <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration testing</a> or <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">systems monitoring</a>. Distributed under GPL license and based on "Athena-2k" script by jshaw.</div> <h3 style="text-align: justify;"> Features :: </h3> <div style="text-align: justify;"> SNMPCheck supports the following enumerations:</div> <ul style="text-align: justify;"> <li> contact</li> <li>description</li> <li> detect write access (separate action by enumeration)|</li> <li> devices</li> <li> domain</li> <li> hardware and storage informations</li> <li> hostname</li> <li> IIS statistics</li> <li> IP forwarding</li> <li> listening UDP ports</li> <li> location</li> <li> motd</li> <li> mountpoints</li> <li> network interfaces</li> <li> network services</li> <li> processes</li> <li> routing information</li> <li> software components</li> <li> system uptime</li> <li> TCP connections</li> <li> total memory</li> <li> uptime</li> <li> user accounts</li> </ul> <h3> Tutorials ::</h3> <b>Report Examples :: </b><a href="http://www.nothink.org/codes/snmpcheck/report_windows_xp.txt" target="_blank">Windows XP</a> | <a href="http://www.nothink.org/codes/snmpcheck/report_linux_ubuntu.txt" target="_blank">Linux Ubuntu</a><b><br /></b><br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/RIVV4--m4dU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> Download ::</h3> <b>Perl Script :: </b><a href="http://www.nothink.org/codes/snmpcheck/snmpcheck-1.8.pl" target="_blank">SNMPCheck</a> (.pl) <b> </b><br /> <b>Official Website ::</b> <a href="http://www.nothink.org/codes/snmpcheck/">http://www.nothink.org/codes/snmpcheck/</a> <br /> <div class="alert alert-success" style="text-align: justify;"> </div>

SNMPCheck (SNMP Enumeration) :: Tools

SNMPCheck allows you to enumerate the SNMP devices and places the output in a very human readable friendly format. It could be useful ...

Read more »

NBTScan (Scans for Open NETBIOS Name Servers) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdxS-BqEkVq8gRluzMKok1FYN4f43CO1Nnia5lF4ZTvXelpQ-Z0lC0lJaBxzhpiwFLZgrk16y7re7wk-pbt1ZcUl405HynotcqrIyBXTQdkdqkzndKFNmdELfpOXIW8jXlCv-B8F8Geaxp/s1600/nbtscan+screenshot.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="nbtscan screenshot windows" border="0" height="333" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdxS-BqEkVq8gRluzMKok1FYN4f43CO1Nnia5lF4ZTvXelpQ-Z0lC0lJaBxzhpiwFLZgrk16y7re7wk-pbt1ZcUl405HynotcqrIyBXTQdkdqkzndKFNmdELfpOXIW8jXlCv-B8F8Geaxp/s1600/nbtscan+screenshot.gif" title="nbtscan screenshot windows" width="400" /></a></div> <div style="text-align: justify;"> <b>nbtscan</b> is a <a href="http://www.toolwar.com/search/label/CLI" target="_blank">command-line tool</a> that scans for open <b>NETBIOS nameservers</b> on a local or remote TCP/IP <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a>, and this is a first step in finding of open shares. It is based on the functionality of the standard <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows tool</a> nbtstat, but it operates on a range of addresses instead of just one. I wrote this <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tool</a> because the existing tools either didn't do what I wanted or ran only on the Windows platforms: mine runs on just about everything.</div> <div style="text-align: justify;"> <b>Windows</b> - The Win32 version of the tool, which works well on Windows 9x, NT and 2000, is available below as nbtscan.exe. It's written in portable C and is less than 40 kbytes, requires no special libraries or DLLs, and is run in an MS-DOS command window. I promise that the tools have no viruses, backdoors, or any other kind of overt bad behavior. I don't promise that there are no bugs. </div> <div style="text-align: justify;"> <b>LINUX</b> - the code works fine on <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, and a version built on Red Hat Linux 6.2 is available as well. I have reports that this binary works on Red Hat Linux 6.0 - 8.0, Debian "woody", and Mandrake 8.1 (we don't think we've found a Red Hat, CentOS, or Fedora system that it didn't run on). </div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <pre class="codeblock">C:\> <b>nbtstat -A 192.168.1.99</b> NetBIOS Remote Machine Name Table Name Type Status --------------------------------------------- XPDEV <00> UNIQUE Registered UNIXWIX <00> GROUP Registered XPDEV <03> UNIQUE Registered XPDEV <20> UNIQUE Registered UNIXWIX <1E> GROUP Registered MAC Address = 00-50-04-6D-50-37</pre> <pre class="codeblock"> </pre> <pre class="codeblock">C:\> <b>nbtscan 192.168.1.0/24</b> 192.168.1.3 MTNDEW\WINDEV SHARING DC 192.168.1.5 MTNDEW\TESTING 192.168.1.9 MTNDEW\WIZ SHARING U=STEVE 192.168.1.99 MTNDEW\XPDEV SHARING </pre> <h3 style="text-align: justify;"> </h3> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows | Linux :: </b><a href="http://www.unixwiz.net/tools/nbtscan-1.0.35.exe" target="_blank">NBTScan</a> (.exe)<b> | </b><a href="http://www.unixwiz.net/tools/nbtscan-source-1.0.35.tgz" target="_blank">NBTScan</a> (.tgz)</div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://www.unixwiz.net/tools/nbtscan.html">http://www.unixwiz.net/tools/nbtscan.html</a></div>

NBTScan (Scans for Open NETBIOS Name Servers) :: Tools

nbtscan is a command-line tool that scans for open NETBIOS nameservers on a local or remote TCP/IP network , and this is a first step ...

Read more »

Maligno (Penetration Testing) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7dM_W5x1h5uszgk0spEosIclT4KmaGO2uPukBWl2ETl36hFooZ0Eb50A3PfpPjjzUqZ2HTI5NHF-L7q4sAxnRD14MGiXgvHkHLi_zCKB5hs8jd0TiUAyaYrsEJ5M4nq67pzu47VcLwRET/s1600/PenTest_Image.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="maligno image" border="0" height="307" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7dM_W5x1h5uszgk0spEosIclT4KmaGO2uPukBWl2ETl36hFooZ0Eb50A3PfpPjjzUqZ2HTI5NHF-L7q4sAxnRD14MGiXgvHkHLi_zCKB5hs8jd0TiUAyaYrsEJ5M4nq67pzu47VcLwRET/s1600/PenTest_Image.png" title="maligno image" width="400" /></a></div> <div style="text-align: justify;"> <b>Maligno</b> is an open source <b>penetration testing tool</b> written in python, that serves <a href="http://www.toolwar.com/2013/09/metasploit-framework.html" target="_blank">Metasploit</a> payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://www.encripto.no/tools/maligno-1.0.tar.gz" target="_blank">Maligno v1.0</a> (.tar.gz)</div> <div style="text-align: justify;"> <b>Official Website :: </b> <a href="http://www.encripto.no/tools/">http://www.encripto.no/tools/</a></div>

Maligno (Penetration Testing) :: Tools

Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with ms...

Read more »

URLCrazy (Check for Mistyped Domain Names) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyLyWDBoVsveQYb2dGL_PuWnsuRw1nokIuQKd_361RbcaREom6CLNFECgU-VoE2dThMoAADFfaWbckc79TaK68iLysT77s5PgM_l4a921ztqCrvKcHKXbTMWJbRjSlQJx2KE-BebY_gUjr/s1600/URLCrazy+Screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="URLCrazy Screenshot" border="0" height="339" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyLyWDBoVsveQYb2dGL_PuWnsuRw1nokIuQKd_361RbcaREom6CLNFECgU-VoE2dThMoAADFfaWbckc79TaK68iLysT77s5PgM_l4a921ztqCrvKcHKXbTMWJbRjSlQJx2KE-BebY_gUjr/s1600/URLCrazy+Screenshot.png" title="URLCrazy Screenshot" width="640" /></a></div> <div style="text-align: justify;"> <b>URLCrazy</b> checks for mistyped domain names of websites. It can detect typo domain squatters and help protect your domain <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> by identifying domain names to preemptively register. It generates 15 types of typos, including bitflipped domains, knows over 8,000 common misspellings and over 450 homophones, supports multiple keyboard layouts, checks whether a typo is a valid domain, and can test whether domain typos are in use and estimate the popularity of a typo. Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.</div> <h3 style="text-align: justify;"> Usage </h3> <div style="text-align: justify;"> * Detect typo squatters profiting from typos on your domain name<br /> * Protect your brand by registering popular typos<br /> * Identify typo domain names that will receive traffic intended for another domain<br /> * Conduct phishing attacks during a <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration test</a></div> <h3 style="text-align: justify;"> Features</h3> <div style="text-align: justify;"> * Generates 15 types of domain variants<br /> * Knows over 8000 common misspellings<br /> * Supports cosmic ray induced bit flipping<br /> * Multiple keyboard layouts (qwerty, azerty, qwertz, dvorak)<br /> * Checks if a domain variant is valid<br /> * Test if domain variants are in use<br /> * Estimate popularity of a domain variant<br /> * URLCrazy requires Linux and the Ruby interpreter.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <b>Installation :: </b><br /> <span style="font-family: "Courier New",Courier,monospace;">If you are using Ubuntu or Debian try:<br /> $ sudo apt-get install ruby-1.8</span><br />   <br /> <h3> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://www.morningstarsecurity.com/downloads/urlcrazy-0.5.tar.gz" target="_blank">URLCrazy v0.5</a> (.tar.gz)</div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://www.morningstarsecurity.com/research/urlcrazy">http://www.morningstarsecurity.com/research/urlcrazy</a></div>

URLCrazy (Check for Mistyped Domain Names) :: Tools

URLCrazy checks for mistyped domain names of websites. It can detect typo domain squatters and help protect your domain security by ...

Read more »

Vyatta (Vitrual Router, Firewall and VPN) :: Framework

<div class="block-content content" style="text-align: justify;"> <div style="text-align: justify;"> <br /> <article class="article article-type-page clearfix" id="article-6745" role="article"> <div class="article-content"> <div class="field field-name-body field-type-text-with-summary field-label-hidden"> <div class="field-items"> <div class="field-item even"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Vyatta Logo" border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjZ08VeGbo_xXjPTm80en0xpKtHVEsztocx4UkyNj8XcEOklwOsoLpOrOJ9RIi5nqp4y9IlAQ4uUUssHWFzDRGtuowfzaD9ujUFVSNWPnhTLhA8CJf3JethTM45UNfDaSOy-aplzk6SivT/s1600/vyatta+logo.png" title="Vyatta Logo" width="320" /></div> The free community <b>Vyatta Core software(VC)</b> is an award-winning open source <a href="http://www.toolwar.com/search/label/Network" target="_blank"> network</a> operating system providing advanced IPv4 and IPv6 routing, stateful <a href="http://www.toolwar.com/search/label/Firewalls" target="_blank">firewalling</a>, IPSec and SSL OpenVPN, and more. When you add <b>Vyatta</b> to a standard x86 hardware system, you can create an enterprise grade network appliance that easily scales from DSL to 10Gbps. <b>Vyatta</b> is also optimized to run in VMware, Citrix XenServer, Xen, KVM, and Hyper V, providing networking and <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> services to <a href="http://www.toolwar.com/search/label/Virutal" target="_blank">virtual machines</a> and cloud computing environments. <b>Vyatta</b> has been downloaded over 1,000,000 times, has a community of hundreds of thousands of registered users and counts dozens of fortune 500 businesses among its commercial customers.<br /> On this site, you'll find all the downloads, <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a>, documentation, and community resources to help you get up and running with your own <b>Vyatta-based</b> system. Ask questions in the Forums. Propose new features and vote on existing proposals. Participate and have fun. We have been working together with our community for over five years to continue to enhance the world's leading software-based network OS.<br /> A commercial version of the <b>Vyatta network OS</b> (Vyatta Subscription Edition) is also available with enterprise-ready management and security product extensions and complete engineering support including proactive notifications of security alerts and software releases as well as priority access to patches & bug fixes.<br /> <b>Vyatta's </b>open, software-based approach to networking has created a complete network OS that can connect and secure physical <a href="http://www.toolwar.com/search/label/Network" target="_blank">networks</a> as well as virtual and cloud computing infrastructures. <b>Vyatta</b> software and appliances offer users a flexible, affordable alternative to proprietary, hardware-based routers, firewalls, and VPN devices.<br /> Vyatta can help you: <br /> <ul> <li>Affordably scale large BGP implementations </li> <li>Keep your network safe with a stateful-inspection firewall </li> <li>Securely connect remote offices with <a href="http://www.toolwar.com/search/label/VPN" target="_blank">VPN </a></li> <li>Scale from DSL to 10-Gbps with a single software package</li> <li>Avoid costly proprietary networking upgrades </li> <li>Run virtualized networking environments in Xen, KVM and VMware </li> <li>Add networking and security to blade servers in your data center </li> <li>Offer cloud based managed security services </li> <li>Add network redundancy regardless of vendor equipment </li> <li>Build your own best-of-breed Branch office solution </li> </ul> <br /> The <b>Vyatta Core</b> is an integration of a number of components from a variety of different sources, much the same way as a standard Linux distribution. Many of the components are licensed under the GNU GPL. Others carry a BSD license. Still others carry less-popular licenses. All components of the <b>Vyatta Core</b> carry licenses defined as open source.<br /> License files are included with every package installed in the system and can be viewed in the /usr/share/doc/package/copyright file.<br /> <br /> <h3> Tutorials ::</h3> <b>Use Tips and Tricks :: </b><a href="http://www.vyatta.org/documentation/tips-tricks" target="_blank">Click Here</a><b><br /> </b><br /> <b>Documentations :: </b><a href="http://www.vyatta.org/documentation/translated-docs" target="_blank">Click Here</a><br /> <b>Vyatta Forum :: </b><a href="http://www.vyatta.org/forum" target="_blank">Click Here</a> <br /> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div style="text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/5JJOE5zeVbM?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <h3> Download ::</h3> <b>Live CD :: </b><a href="http://packages.vyatta.com/vyatta/iso/VC6.6/vyatta-livecd_VC6.6R1_i386.iso" target="_blank">Vyatta Live CD v6.6</a> (.iso)<b></b><br /> <b>Visualization ISO :: </b><a href="http://packages.vyatta.com/vyatta/iso/VC6.6/vyatta-livecd_VC6.6R1_i386.iso" target="_blank">Vyatta Visualization v6.6</a> (.iso)<b> </b> <b> </b><br /> <b>Official Website ::<a href="https://www.blogger.com/goog_2084089245"> </a></b><a href="http://www.vyatta.org/">http://www.vyatta.org/</a> </div> </div> </div> </div> </article></div> </div>

Vyatta (Vitrual Router, Firewall and VPN) :: Framework

The free community Vyatta Core software(VC) is an award-winning open source network operating system providing...

Read more »