ToolWar | Information Security (InfoSec) Tools: Detect

PatrowlHears (Vulnerability Intelligence Center) :: Tools

<p style="text-align: center;"> <a href="#" style="margin-left: 1em; margin-right: 1em;"><img alt="PatrowlHears - Vulnerability Intelligence Center" border="0" data-original-height="95" data-original-width="426" height="142" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg78Yi-fUn6UnelJNfinTL6GmFcle_rN2kJVvbZkCeqyMWPTE-1c0Uo0rhirqcu-htF2eTBr5F4EYy0qj6L6eKHXBSOd387DApVooZ6SjJo612jyJVpfoFrQ1IfveC9EfrYrc_MsYqZrVpm/w640-h142/logo-patrowl-light.png" title="PatrowlHears - Vulnerability Intelligence Center" width="640" /> </a></p><p style="text-align: justify;"><span style="font-size: medium;"><span style="font-family: arial;"><span>PatrowlHears provides a unified source of vulnerability, exploit and threat Intelligence feeds. Users accesses a comprehensive and continuously updated vulnerability database scored and enriched with exploit and threat news information. These metadata are collected from public OSINT and private feeds. As today, it’s one of the most extended database.</span></span></span></p><code></code><p style="text-align: justify;"><span style="font-size: medium;"><b>Tutorial: </b><a href="https://makyotox.medium.com/patrowlhears-open-source-vulnerability-intelligence-center-a8577c462257" rel="nofollow" target="_blank">Click Here</a></span></p><p style="text-align: justify;"><span style="font-size: medium;"></span></p><div class="separator" style="clear: both; text-align: center;"><span style="font-size: medium;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgESDSSt8WN9e9FE8jTgauibslgmGYU-gxlA2KUNFhYXA77F5I2MfmxBDStpGCL335dQ6qq1X5nkgMYcGg91nl3KL7F1-bI7rb4o9QUYieLnTPuGrttTYC1Dd5UiZuR_jFIOTJWyPrO0p25/s700/1+2BX5kinORfnh_Y0cJA5XFA.png" rel="nofollow" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img alt="PatrowlHears" border="0" data-original-height="313" data-original-width="700" height="179" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgESDSSt8WN9e9FE8jTgauibslgmGYU-gxlA2KUNFhYXA77F5I2MfmxBDStpGCL335dQ6qq1X5nkgMYcGg91nl3KL7F1-bI7rb4o9QUYieLnTPuGrttTYC1Dd5UiZuR_jFIOTJWyPrO0p25/w400-h179/1+2BX5kinORfnh_Y0cJA5XFA.png" title="PatrowlHears" width="400" /></a></span></div><p></p><p style="text-align: justify;"><span style="font-size: medium;"><b>Download</b>: </span></p><p style="text-align: justify;"><span style="font-size: medium;">Linux: </span></p><pre><code>git clone https://github.com/Patrowl/PatrowlHears
cd PatrowlHears
./install.sh </code></pre><pre><code><span style="font-size: small;"><code><span style="font-family: arial;"><b>For Detailed Installation Guide:</b> <a href="https://github.com/Patrowl/PatrowlHears/blob/master/INSTALL.md" rel="nofollow" target="_blank">Click Here</a></span> </code></span> </code></pre><p style="text-align: justify;"><span style="font-size: medium;"><b>Submitted By:</b> <a href="https://twitter.com/makyotox" rel="nofollow" target="_blank">makyotox</a></span><br /></p>

PatrowlHears (Vulnerability Intelligence Center) :: Tools

PatrowlHears provides a unified source of vulnerability, exploit and threat Intelligence feeds. Users accesses a comprehensive and conti...

Echo Mirage 3.1 :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifvB-lq7ocGqBXR7di9weB76khloj25f-AdTfIHjMhY1mlB5EDYxX5kz5DJnyRjhDaI2IfKRsb65SReUbaFQn-CqfpIec1dx1biJwetM3rFPQHtE5dLix-SIWXUaIbKm9jlayP2-4whOkm/s1600/Echo+Mirage.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Download Echo Mirage" border="0" height="219" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifvB-lq7ocGqBXR7di9weB76khloj25f-AdTfIHjMhY1mlB5EDYxX5kz5DJnyRjhDaI2IfKRsb65SReUbaFQn-CqfpIec1dx1biJwetM3rFPQHtE5dLix-SIWXUaIbKm9jlayP2-4whOkm/s320/Echo+Mirage.jpg" title="Echo Mirage 3.1 from ToolWar" width="320" /></a></div>
<div style="text-align: justify;">
<b>Echo Mirage</b> is a generic network proxy. It uses DLL injection and 
function hooking techniques to redirect network related function calls 
so that data transmitted and received by local applications can be 
observed and modified.<br /><br />Windows encryption and OpenSSL functions 
are also hooked so that plain text of data being sent and received over 
an encrypted session is also available.<br /><br />Traffic can be intercepted in real-time, or manipulated with regular expressions and action scripts.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Note: Echo Mirage is no longer available from author. Here is the archived copy of it. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>License: </b>Freeware<b> </b></div>
<div style="text-align: justify;">
<b>Download:: </b><a href="http://woodmann.com/collaborative/tools/images/Bin_Echo_Mirage_2014-1-11_17.28_EchoMirage-3.1.rar" rel="nofollow" target="_blank">Echo Mirage 3.1</a> (.exe) </div>
<div style="text-align: justify;">
<br /></div>

Echo Mirage 3.1 :: Tools

Echo Mirage is a generic network proxy. It uses DLL injection and function hooking techniques to redirect network related function call...

Mobile Security Framework (MobSF) : Framework

<div class="separator" style="clear: both; text-align: center;">
<img alt="Mobile Security Framework : ToolWar" border="0" height="232" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg92QuRFrhtVqI-D5Nzc-bu8_p0vvCirYl6qqK45JFNtlLSChwXklrMauZ_BLYvAZfq7H7ml0YTzaijl0GfbktnY_-sHW34h8B1tteqowCXjg_ELksZixDcb5Ff1B0JPxCVUTK9mYO9iNhL/s400/MobSF.png" title="Mobile Security Framework : ToolWar" width="400" /></div>
<div style="text-align: justify;">
<b>Mobile Security Framework (MobSF)</b> is an intelligent, all-in-one open 
source mobile application (Android/iOS) automated pen-testing framework 
capable of performing static and dynamic analysis. It can be used for 
effective and fast security analysis of Android and iOS Applications and
 supports both binaries (APK & IPA) and zipped source code.<b> MobSF</b> 
can also perform Web API Security testing with it's API Fuzzer that can 
do Information Gathering, analyze Security Headers, identify Mobile API 
specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other
 logical issues related to Session and API Rate Limiting.</div>
<div style="text-align: justify;">
<br /></div>
<h3>
Tutorial: </h3>
<ul>
<li><a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/wiki/1.-Documentation">https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/wiki/1.-Documentation</a></li>
</ul>
<h3>
Video Tutorial: </h3>
<h3>
Download: <strong> </strong></h3>
<strong>Windows</strong>: Extract the <a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/archive/master.zip" target="_blank">MobSF</a> compressed file to C:\MobSF<strong> </strong><br />
<strong>Mac</strong>: Extract <a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/archive/master.zip" target="_blank">MobSF</a> compressed file to /Users/[username]/MobSF<strong> </strong><br />
<strong>Linux</strong>: Extract <a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/archive/master.zip" target="_blank">MobSF</a> compressed file to /home/[username]/MobSF<br />
<br />
<div style="text-align: justify;">
<br /></div>

Mobile Security Framework (MobSF) : Framework

Mobile Security Framework (MobSF) is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing fram...

Suricata (IDS/IPS Engine) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="suricata logo" border="0" height="265" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBA8R1kVvwx8gIls0T9zJesWG83diVGoQDvpgQ64t30hKH72d_JYtyh6xI7vCSI20ZvkEvN3A3va6GdCt1J0dGvzTFshoa1K338lSeSq1we3BTEUrhBpV9mg7FY32RNfglod3Y94UbDU91/s1600/suricata.png" title="suricata logo" width="320" /></div>
<b>The Suricata Engine</b> is an <b>Open Source Next Generation Intrusion Detection and Prevention Engine.</b> This engine is not intended to just replace or emulate the existing <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> in the industry, but will bring new ideas and technologies to the field.<br />
<br />
<b>OISF</b> is part of and funded by the Department of Homeland Security's Directorate for Science and Technology HOST program (Homeland Open Security Technology), by the the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as through the very generous support of the members of the OISF Consortium. More information about the Consortium is available, as well as a list of our current Consortium Members.<br />
<br />
The <b>Suricata </b>Engine and the HTP Library are available to use under the GPLv2.<br />
<br />
The HTP Library is an HTTP normalizer and parser written by Ivan Ristic of Mod <a href="http://www.toolwar.com/search/label/Security" target="_blank">Security</a> fame for the OISF. This integrates and provides very advanced processing of HTTP streams for <b>Suricata</b>. The HTP library is required by the engine, but may also be used independently in a range of applications and tools.</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<h3>
Tutorial ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/A8e3y2DRiWg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
</div>
<div style="text-align: justify;">
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/-CDGwRm2ue8?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3>
Download ::</h3>
</div>
<div style="text-align: justify;">
<b>Unix, Linux & Mac :: </b><a href="https://redmine.openinfosecfoundation.org/attachments/download/971/Suricata-1.4.7-1-32bit.msi" target="_blank">Suricata v1.4.7</a> (.tar.gz)<b>
</b></div>
<div style="text-align: justify;">
<b>Windows :: </b><a href="https://redmine.openinfosecfoundation.org/attachments/download/971/Suricata-1.4.7-1-32bit.msi" target="_blank">Suricata v1.4.7.1</a> (.msi)</div>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://www.openinfosecfoundation.org/index.php/download-suricata">http://www.openinfosecfoundation.org/index.php/download-suricata</a></div>

Suricata (IDS/IPS Engine) :: Tools

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just re...

WAIDPS (Wireless Auditing and IDS/IPS) :: Tools

<div class="MsoNormal" style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP2brw15uNZM6cni3F7-EtWQHYhj-0aNTw7yRP5neqqvJNHGdMiVN1N_0W3-Viquk330eFmeUtUUvL8svfYNwbfTIeN9EHznj0wezjqVUp-xF_BlO8Gs1EjB_PoXg6gp8JdoTV0ztUiuyz/s1600/WAIDPS.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="281" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP2brw15uNZM6cni3F7-EtWQHYhj-0aNTw7yRP5neqqvJNHGdMiVN1N_0W3-Viquk330eFmeUtUUvL8svfYNwbfTIeN9EHznj0wezjqVUp-xF_BlO8Gs1EjB_PoXg6gp8JdoTV0ztUiuyz/s1600/WAIDPS.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: Arial;"><b>WAIDPS</b> (Wireless Auditing, Intrusion Detection and Prevention System) is an open source <b>wireless swissknife</b> written in <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> and work on <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> environment. This is a multipurpose tools designed for audit (<a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration testing</a>) networks, detect wireless intrusion (WEP/WPA/WPS attacks) and also intrusion prevention (stopping station from associating to access point). Apart from these, it will harvest all <a href="http://www.toolwar.com/search/label/WiFi" target="_blank">WiFi</a> information in the surrounding and store in databases. This will be useful when it comes to auditing a <a href="http://www.toolwar.com/search/label/Network" target="_blank">network </a>if the access point is ‘MAC filtered’ or ‘hidden SSID’ and there isn’t any existing client at that moment. </span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;"><b>WAIDPS</b> may be useful to penetration testers, <a href="http://www.toolwar.com/search/label/Wireless" target="_blank">wireless</a> trainers, law enforcement agencies and those who is interested to know more about wireless auditing and protection. The primarily purpose for this script is to detect intrusion. Once wireless detect is found, it display on screen and also log to file on the attack. Additional features are added to current script where previous WIDS does not have are :</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">automatically save the attack packets into a file</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">interactive mode where users are allow to perform many functions</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">allow user to analyse captured packets</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">load previously saved pcap file or any other pcap file to be examine</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">customizing filters</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">customize detection threshold (sensitivity of IDS in detection)</span></div>
<div class="MsoNormal" style="margin-left: 0.5in; text-align: justify;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">At present, <b>WAIDPS</b> is able to detect the following wireless attacks and will subsequently add other detection found in the previous WIDS.</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Association / Authentication flooding</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect mass deauthentication which may indicate a possible WPA attack for handshake </span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect possible WEP attack using the ARP request replay method</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect possible WEP attack using chopchop method</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect possible WPS pin bruteforce attack by Reaver, Bully, etc.</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detection of Evil-Twin</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detection of Rogue Access Point</span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">The whole structure of the <a href="http://www.toolwar.com/search/label/WiFi" target="_blank">Wireless Auditing</a>, <a href="http://www.toolwar.com/search/label/IDS" target="_blank">Intrusion Detection</a> & <a href="http://www.toolwar.com/search/label/IPS" target="_blank">Prevention System</a> will comprise of </span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">Harvesting WiFi Information         [Done]</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">Intrusion Detection                         [Done]</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">Intrusion Prevention                       [Done]</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">Auditing (Testing network)            [Done]</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">Other additional item include analyzing of packets, display of captured dump, display network barchart and much more.</span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<b><span style="font-family: Arial;">Requirements</span></b></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">No special equipment is required to use this script as long as you have the following :</span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   1. Root access (admin)</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">2. Wireless interface which is capable of monitoring and injection</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">3. Python 2.7 installed </span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">4. <a href="http://www.toolwar.com/2013/09/aircrack-ng-12-beta.html" target="_blank">Aircrack-NG suite</a>installed</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">5. TShark installed</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">6 TCPDump installed</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">7 Mergecap installed (for joining pcap files)</span></div>
<div style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">8 xterm  installed</span></div>
<div style="text-align: justify;">
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<b><span style="font-weight: normal;"><span style="font-family: Arial;"><b>Structure of WAIDS’ Display :: </b></span></span></b></div>
<div class="MsoNormal">
<span style="font-family: Arial;">Before starting with the detail description of the whole application, WAIDPS display structures are separated in several parts. For better understanding, the structures are as below.</span></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<b><span style="font-family: Arial;">WiFi-Harvesting Module</span></b></div>
<div class="MsoNormal">
<span style="font-family: Arial;">- Collecting/Storing of Access Points/Stations details and the relationship with each other. [<b>Access Points / Wireless Clients Listing</b>]</span></div>
<span style="font-family: Arial;">- Displaying of unassociated station information and its probe </span></div>
<div style="text-align: justify;">
<span style="font-family: Arial;">[<b>Unassociated Stations</b>]</span> <br />
<div class="MsoNormal">
<span style="font-family: Arial;">- Allowing user to enter MAC addresses / Names to be monitored </span></div>
<div class="MsoNormal">
<span style="font-family: Arial;">[<b>Monitoring Panel</b>]</span></div>
<span style="font-family: Arial;">- Association of stations to access point, station switch from one access point to another, station acting as both a wireless client and access point, etc </span></div>
<div style="text-align: justify;">
<span style="font-family: Arial;">[<b>Association/Connection Alert</b>]</span> <br />
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<b><span style="font-family: Arial;">Intrusion Detection</span></b></div>
<div class="MsoNormal">
<span style="font-family: Arial;">- Capture/Analyzing of packets </span></div>
<div class="MsoNormal">
<span style="font-family: Arial;">- Displaying of Station/Access Point MAC addresses and detected suspicious data count [<b>Suspicious Activity Listing</b>]</span></div>
<div class="MsoNormal">
<span style="font-family: Arial;">- Displaying of analysed WEP/WPA/WPS attack pattern and its detail [<b>Attack Detected</b>]</span></div>
<div class="MsoNormal">
</div>
</div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>Screenshots ::  </b><a href="http://syworks.blogspot.in/2014/04/waidps-wireless-auditing-intrusion.html" target="_blank">Click Here</a><br />
<b>Text & Image Tutorial :: </b><a href="http://syworks.blogspot.in/2014/04/waidps-wireless-auditing-intrusion.html" target="_blank">Click Here</a><br />
<b>Installation Tutorial::</b><br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/aGTQAWoeujA?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<span id="goog_894600077"></span><span id="goog_894600078"></span>
</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>More Video Tutorials: </b> <a href="https://www.youtube.com/watch?v=s7kzQqOY3X0&index=2&list=PLrekpjW7JwW-T0CeXP8GwudtJmTJ6KZ8O" target="_blank">Click Here</a></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="https://github.com/SYWorks/waidps/archive/master.zip" target="_blank">WAIDPS</a><b> (.py)</b></div>
<div style="text-align: justify;">
<b>Source ::</b> <a href="https://github.com/SYWorks/waidps" target="_blank">https://github.com/SYWorks/waidps</a> </div>
<div style="text-align: justify;">
<b>Submitted By :: </b>SYChua</div>

WAIDPS (Wireless Auditing and IDS/IPS) :: Tools

WAIDPS (Wireless Auditing, Intrusion Detection and Prevention System) is an open source wireless swissknife written in Python and wo...

Detekt :: Malware Detection Tool against Government Surveillance

<div class="separator" style="clear: both; text-align: justify;">
<img alt="detekt" border="0" height="280" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhev1ECdbJcOGLhQL5rphVoj1Ux8wBh3wGbWoySuzKDc4CdDPi5_A0kU4YBambTUqKZPghRdvmePb2aFihp_n_8vHEbCjhc9MbMcXYyPKs6gK7h0tUCeqyuiR8ONVh-AS7WUIAu_Kv_yhaD/s1600/detekt-1d.png" title="Detekt" width="640" /></div>
<div style="text-align: justify;">
<b>Detekt</b> is a <b>free tool</b> that scans your <b>Windows computer for traces of 
known surveillance spyware</b> used to target and monitor human rights 
defenders and journalists around the world. It is important to underline that if <b>Detekt </b>does not find trace of 
spyware on a computer, it does not necessarily mean that none is 
present. Some spyware will likely be updated in response to the release 
of <b>Detekt </b>in order to avoid detection. In addition, there may be 
existing versions of spyware, from these or other providers, which are 
not detected by this tool.</div>
<div style="text-align: justify;">
In recent years we have witnessed a huge growth in the adoption and 
trade in communication surveillance technologies. Such spyware provides 
the ability to read personal emails, listen-in skype conversations or 
even remotely turn on a computers camera and microphone without its 
owner knowing about it.</div>
<div style="text-align: justify;">
Some of this software is widely available on the 
Internet, while some more sophisticated alternatives are made and sold 
by private companies based in industrialized countries to state law 
enforcement and intelligence agencies in countries across the world.</div>
<div style="text-align: justify;">
There is little to no regulation currently in place to 
safeguard against these technologies being sold or used by repressive 
governments or others who are likely to use them for serious human 
rights violations and abuses.</div>
<div style="text-align: justify;">
<strong>How widely do governments use surveillance technology?</strong></div>
<div style="text-align: justify;">
Governments
 are increasingly using surveillance technology, and targeted 
surveillance in particular, to monitor the legitimate activities of 
human rights activists and journalists. <span>Powerful software 
developed by companies allows governments and intelligence agencies to 
read personal emails, listen-in on Skype conversations or even remotely 
turn on a computers camera and microphone without its owner knowing 
about it.</span></div>
<div style="text-align: justify;">
<span>In many cases, the information they gather 
through those means is used to detain, imprison and even torture 
activists into confessing to crimes. It's impossible,
 however, to give an accurate estimate of how many people are affected 
by this surveillance spyware. This is because the companies that build 
and sell such software market themselves on their ability to hide it 
from users. Recent research has shown that known spyware has been found present in dozens of countries, covering all regions of the world. <b>Detekt</b>
 is the first public tool that will assist activists, journalists and 
civil society groups to scan their computers for spyware.</span></div>
<h3 style="text-align: justify;">
<span>Download:  </span></h3>
<div style="text-align: justify;">
<b><span>Windows:: </span></b><span><a href="https://github.com/botherder/detekt/releases/download/v1.2/detekt.exe" target="_blank">Detekt v1.2</a> (.exe)</span></div>
<div style="text-align: justify;">
<span><b>Source Code:: </b>https://github.com/botherder/detekt/archive/v1.2.zip<b> </b></span></div>
<div style="text-align: justify;">
<span><b>Official Website::</b> https://resistsurveillance.org/</span></div>

Detekt :: Malware Detection Tool against Government Surveillance

Detekt is a free tool that scans your Windows computer for traces of known surveillance spyware used to target and monitor human righ...

Crypto Implementations Analysis Toolkit :: Framework

<div class="separator" style="clear: both; text-align: center;">
<img alt="Crypto Implementation Analysis Toolkit (CIAT)" border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAZPIwVYWPyohkcKc1fGGaHZAcyEw0BoiIWqylgFCnmnY1VjNEgNvH1QOaOPUW0oKzjIUDWaaT-w2W0NnTovjr_7z_6iDQDsIk1zJ32bIxlmbcNT-H9milmKcnN3YE4dztJDAY7SjbM_Ll/s1600/Crypto+Implementation+Analysis+Toolkit+(CIAT).png" title="Crypto Implementation Analysis Toolkit (CIAT)" width="400" /></div>
<div style="text-align: justify;">
The <b>Cryptographic Implementations Analysis Toolkit (CIAT)</b> is 
compendium of command line and graphical tools whose aim is to help in 
the detection and analysis of encrypted byte sequences within files 
(executable and non-executable). </div>
<br />
<h3>
Download :: </h3>
<b>Linux & Windows :: </b><a href="http://sourceforge.net/projects/ciat/files/latest/download" target="_blank">Crypto Implementation Analysis Toolkit (CIAT) (.zip)</a><b> </b><br />
<b>Official Website :: </b><a href="http://ciat.sourceforge.net/">http://ciat.sourceforge.net/</a>

Crypto Implementations Analysis Toolkit :: Framework

The Cryptographic Implementations Analysis Toolkit (CIAT) is compendium of command line and graphical tools whose aim is to help in th...

Nmap and Zenmap (Network Discovery and Security Auditing) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="nmap scanner logo" border="0" height="210" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPn1QPXq_tY_zK1uLIjY-6fyXimOMxgo3rq52s-03wGFIiM3FEUXb1R_uZpS2QvMEucVny6EK7w0eYYGJ5JKDgUtasnKL7WqkAIA5QMKqB05XXAv_va-hOLNd2wlIHxv1cUDpxCVa4kxbF/s1600/nmap.jpg" title="nmap scanner logo" width="400" /></div>
</div>
<div style="text-align: justify;">
<b>Nmap ("Network Mapper")</b> is a free and open source (license) utility for <b>network discovery and security auditing.</b> Many systems and network administrators also find it useful for tasks such as <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> inventory, managing service upgrade schedules, and <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">monitoring</a> host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of <a href="http://www.toolwar.com/search/label/Packet" target="_blank">packet</a> filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, and <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X</a>. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced <a href="http://www.toolwar.com/search/label/GUI" target="_blank">GUI</a> and results viewer <b>(Zenmap)</b>, a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis tool</a> (Nping).<br />
<br />
<b>Nmap</b> was named “<a href="http://www.toolwar.com/search/label/Security" target="_blank">Security</a> Product of the Year” by Linux Journal, Info World, LinuxQuestions.Org, and Codetalker Digest. It was even featured in twelve movies, including The Matrix Reloaded, Die Hard 4, Girl With the Dragon Tattoo, and The Bourne Ultimatum.<br />
<br />
<b>Nmap is::</b></div>
<ul style="text-align: justify;">
<li>    Flexible: Supports dozens of advanced techniques for mapping out networks filled with IP filters, <a href="http://www.toolwar.com/search/label/IDS" target="_blank">firewalls</a>, routers, and other obstacles. This includes many port scanning mechanisms (both TCP & UDP), <b>OS detection</b>, version detection, ping sweeps, and more. See the documentation page.</li>
<li>    Powerful: Nmap has been used to scan huge networks of literally hundreds of thousands of machines.</li>
<li>    Portable: Most operating systems are supported, including Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, Amiga, and more.</li>
<li>    Easy: While Nmap offers a rich set of advanced features for power users, you can start out as simply as "nmap -v -A targethost". Both traditional command line and graphical (GUI) versions are available to suit your preference. Binaries are available for those who do not wish to compile Nmap from source.</li>
<li>    Free: The primary goals of the Nmap Project is to help make the Internet a little more secure and to provide administrators/auditors/hackers with an advanced tool for exploring their networks. Nmap is available for free download, and also comes with full source code that you may modify and redistribute under the terms of the license.</li>
<li>    Well Documented: Significant effort has been put into comprehensive and up-to-date man pages, whitepapers, tutorials, and even a whole book! Find them in multiple languages here.</li>
<li>    Supported: While Nmap comes with no warranty, it is well supported by a vibrant community of developers and users. Most of this interaction occurs on the Nmap mailing lists. Most bug reports and questions should be sent to the nmap-dev list, but only after you read the guidelines. We recommend that all users subscribe to the low-traffic nmap-hackers announcement list. You can also find Nmap on Facebook and Twitter. For real-time chat, join the #nmap channel on Freenode or EFNet.</li>
<li>    Acclaimed: <b>Nmap</b> has won numerous awards, including "Information Security Product of the Year" by Linux Journal, Info World and Codetalker Digest. It has been featured in hundreds of magazine articles, several movies, dozens of books, and one comic book series. Visit the press page for further details.</li>
<li>    Popular: Thousands of people download <b>Nmap</b> every day, and it is included with many operating systems (Redhat Linux, Debian Linux, Gentoo, FreeBSD, OpenBSD, etc). It is among the top ten (out of 30,000) programs at the Freshmeat.Net repository. This is important because it lends Nmap its vibrant development and user support communities. </li>
</ul>
<h3>
Tutorials ::</h3>
<b>Tutorial (Max OS X) :: </b><a href="http://nmap.org/book/inst-macosx.html#inst-macosx-source">Click Here</a><br />
<b>Tutorial (Windows) :: </b><a href="http://nmap.org/book/inst-windows.html#inst-win-source">Click Here</a> <b><br />
</b><br />
<b>Tutorial (Linux) ::</b> <a href="http://nmap.org/book/inst-source.html">Click Here</a><br />
<b>Installation :: </b><a href="http://nmap.org/book/install.html" target="_blank">Click Here</a>   <br />
<b>Tutorials From Basics :: </b><a href="http://nmap.org/bennieston-tutorial/">Click Here </a><br />
<b>Video Tutorial :: </b><br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/RJxF7puQFXI?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<b> </b>
<br />
<h3>
Download ::</h3>
<h3>
</h3>
<b>Download ZenMap (GUI of Nmap) :: </b><a href="http://nmap.org/zenmap/">Click Here</a><b> </b><br />
<b>Windows :: </b><a href="http://nmap.org/dist/nmap-6.40-setup.exe">Nmap-Latest</a> (.exe)
<b> </b><br />
<b>Linux :: </b><a href="http://nmap.org/dist/nmap-6.40.tar.bz2">Nmap Latest</a> (.tar.bz2)<b> </b><br />
<b>Mac :: </b><a href="http://nmap.org/dist/nmap-6.40-2.dmg">Nmap Latest</a> (.dmg)<b> </b>
<b>  </b><br />
<b>Official Website ::</b> <a href="http://nmap.org/">http://nmap.org/</a>
<br />
<div style="text-align: justify;">
</div>

Nmap and Zenmap (Network Discovery and Security Auditing) :: Tools

Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many syste...

WormTrack (Network IDS) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="wormtrack " border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhS_UOobtkh2f05uE8fyvAf88MMYAlPr8YiidihA2xGZvHZMsYhmnbVhGG_lwY9beh6w82FX9GdK-B4yEJK56j-SYiyBfKseSVHH6hyc4cS5aWRJgwp1oGurg46HM1l9BIs7JRt2d_jPsWn/s1600/WormTrack.jpg" title="wormtrack " width="400" /></div>
<b>WormTrack</b> is a <b>Network based intrusion detection system (NIDS)</b> designed 
to identify scanning activity on the <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a>, in particular of <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanning</a> 
worms (horizontal scanning of the network). It attempts to do that 
WITHOUT having any type of privileged access to the network equipment, 
for example a MONITOR port on a switch. It also doesn't require a 
constant updating of its signature engine, as new threats are released, 
since it is based on <a href="http://www.toolwar.com/search/label/Detect" target="_blank">detection</a> of anomalous  activity - which all Worms,
 that propagate through the network, would exhibit in order to survive 
and spread efficiently. A <b>Network IDS </b>which allows detection of scanning worms on a Local Area 
Network by <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">monitoring</a> of anomalous ARP traffic. This allows detection of
 scanning threats on the network, without having a privileged access on a
 Switch to set up a dedicated Monitor PORT, nor does it require a 
constant updating of the rules engine to address new threats. </div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>General Info & Configuration :: </b><a href="http://code.google.com/p/wormtrack/wiki/GeneralInfo" target="_blank">Click Here</a> </div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="http://wormtrack.googlecode.com/files/wormtrack-0.1.tar.gz" target="_blank">WormTrackv0.1</a> (.tar.gz)<b><br /></b></div>
<div style="text-align: justify;">
<b>Source Website ::</b><a href="http://code.google.com/p/wormtrack/" target="_blank"> http://code.google.com/p/wormtrack/</a></div>

WormTrack (Network IDS) :: Tools

WormTrack is a Network based intrusion detection system (NIDS) designed to identify scanning activity on the network , in particular o...

Pytbull (IDS/IPS Testing) :: Framework

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
 <img alt="pytbull ids mode" border="0" height="291" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBUJPMHKujz46n6sRck2NZDM075hEsNEerHmckZ-25awz2AFXTsWET-KZg7ngqkBZi0hpKmBHgm9_EwaLliZYrhmFPjNhRYcjqM3beHBHH4szekg9xDZKMPb1parSaCEd4KfgunPEj-e4f/s1600/pytbull-ids-mode.png" title="pytbull ids mode" width="400" /></div>
<b>Pytbull</b> is an <b>Intrusion Detection/Prevention System (IDS/IPS) testing framework</b> for <i><a href="http://www.toolwar.com/2013/09/snort-tools_7.html" target="_blank">Snort</a> and Suricata.</i> We all know the greatness of these two projects. Even though it concentrates on Snort and Suricata, it can possibly be used to test the <a href="http://www.toolwar.com/search/label/Detect" target="_blank">detection</a> and blocking capabilities of other <b><a href="http://www.toolwar.com/search/label/IDS" target="_blank">IDS</a>/<a href="http://www.toolwar.com/search/label/IPS" target="_blank">IPS</a></b> also. You can also use it to compare IDS/IPS, or compare their configuration modifications or to simply check/validate configurations. The <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a> is well equipped with about 300 tests grouped in 8 testing modules, such as:You've just set up your Intrusion Detection/Prevention System  (IDS/IPS) and feel "Now I'm secure". But how can you be so sure? And how  much do you trust your IDS/IPS?</div>
<div style="text-align: justify;">
The only way to ensure your <b>IDS/IPS</b> detects and blocks unwanted  traffic is to test it with specific payloads and <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a>, but this job can  take hours or even days...</div>
<div style="text-align: justify;">
Why all this pain? Here is where pytbull comes in!</div>
<div style="text-align: justify;">
<b>Pytbull</b> is a <a href="http://www.toolwar.com/search/label/Python" target="_blank">python</a> based flexible IDS/IPS <a href="http://www.toolwar.com/search/label/Testing" target="_blank">testing</a> framework  shipped with more than 300 tests, grouped in 9 modules, covering a large  scope of attacks (clientSideAttacks, testRules, badTraffic,  fragmentedPackets, multipleFailedLogins, evasionTechniques, shellCodes,  denialOfService, pcapReplay)</div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/_zS1f-F9niw?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux ::</b> <a href="https://downloads.sourceforge.net/project/pytbull/pytbull-2.0.tar.bz2" target="_blank">Pytbull v2.0</a> (.tar.bz2)</div>
<div style="text-align: justify;">
<b>Official Website :: </b>http://pytbull.sourceforge.net/ </div>

Pytbull (IDS/IPS Testing) :: Framework

Pytbull is an Intrusion Detection/Prevention System (IDS/IPS) testing framework for Snort and Suricata. We all know the greatness o...

Hook Analyzer (Malware Analysis and Cyber Intelligence) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="Hook Analyser 3.0" border="0" height="324" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0OmIirqGeQmdgB2nH4Gn-Cqwf17KXdZUVLYFVDBGbtK70u1NfT5MPvoVYbSj89mfPHKKK9qJbxCL4tIc_vpxb7syDkjmX59Dk7oizgHoIhfCoQ6GvkGLEhf5EwK0_GI4yov3373V6Ljyz/s640/Hook+Analyser+3.0.png" title="Hook Analyser 3.0" width="640" /></div>
<div style="text-align: justify;">
<b>Hook Analyser</b> is a <i>malware analysis</i> and <i>cyber intelligence</i> (gathering and analysis) utility. As well as <b>Hook Analyzer</b> performs spawn and hook to application, hook to a specific running application process, perform static <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a> analysis, application crash <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a>, EXE extractor from process, and cyber threat intelligence.<br />
<b><br />
The project/utility has six (6) key functionalities -</b><br />
<b>1.         Spawn and Hook to Application</b> - This feature allows analyst to  spawn an application, and hook into it. The module performs the  following -<br />
a.        PE validation<br />
b.        Static <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a> analysis.<br />
c.        Other options (such as pattern search or dump all)<br />
d.        Type of hooking (Automatic, Smart or manual)<br />
e.        Spawn and hook<br />
<br />
With the ‘hook’ module, there are three types of hooking being supported –<br />
<br />
a)        Automatic – The tool will parse the application import tables, and based upon that will hook into specified APIs<br />
b)        Manual – On this, the tool will ask end-user for each API, if it needs to be hooked.<br />
c)        Smart – This is essentially a subset of automatic hooking however, excludes uninteresting APIs.<br />
<br />
<b>2.         Hook to a specific running process</b>- The option allows analyst to  hook to a running (active) process. The module performs the following  operations –<br />
<br />
a.        List all running process<br />
b.        Identify the running process executable path.<br />
c.        Perform static malware analysis on executable (fetched from process executable path)<br />
d.        Other options (such as pattern search or dump all)<br />
e.        Type of hooking (Automatic, Smart or manual)<br />
f.         Hook to a specific running process<br />
g.        Hook and continue the process<br />
<br />
<b>3.         Static Malware Analysis -</b> This module is one of the most  interesting and useful module of <b>Hook Analyzer</b>, which performs scanning  on PE or <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> executable (and DLLs) to identify potential malware  traces. <br />
<br />
a.        PE file validation<br />
b.        CRC and timestamps validation<br />
c.        PE properties such as Image Base, Entry point, sections, subsystem<br />
d.        TLS entry <a href="http://www.toolwar.com/search/label/Detect" target="_blank">detection</a>.<br />
e.        Entry point verification (if falls in suspicious section)<br />
f.        Suspicious entry point detection<br />
g.        Packer detection<br />
h.         Signature trace (extended from malware analyzer project), such  as Anti VM aware, debug aware, keyboard hook aware etc. This particular  function searches for more than 20 unique malware behaviors (using  100’s of signature).<br />
i.        Import Intel scanning.<br />
j.        Deep search (module) <br />
k.        Online search of MD5 (of executable) on Threat Expert.<br />
l.        String dump (ASCII)<br />
m.        Executable file information<br />
n.        Hexdump<br />
o.        PEfile info dumping<br />
p.        ...and more.<br />
<br />
<b>4.         Application crash analysis</b> - This module enables <a href="http://www.toolwar.com/search/label/Exploitation" target="_blank">exploit</a>  researcher and/or application developer to analyse memory content when  an application crashes. This module essentially displays data in  different <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a> register (such as EIP).<br />
<br />
<br />
<b>5.         Exe extractor</b> - This module essentially extracts executables  from running process/s, which could then be further analyzed using Hook Analyzer, Malware Analyzer or other solutions. This module is  potentially useful for incident responders<br />
<br />
<br />
<b>6.        Cyber  Threat Intelligence </b>- This module is being created to gather and analyze  information related to Cyber Threats and <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerabilities</a>. The module  can be run using HookAnalyser.exe (via Option 6), or can be run  directly.<br />
<br />
The module present information on a web browser (with dashboard alike representation). It has three (3) presentations - <br />
•        Threat Vectors - by Country (through url.txt - provided)<br />
•        Threat Vectors - by Geography (through url.txt - provided)<br />
•        Vulnerability / Threat Feed (through rss.txt)</div>
<div style="text-align: justify;">
<b><br />
</b></div>
<h3 style="text-align: justify;">
<b>Tutorials :: </b></h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/msYo7pPsu6A?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
<b>
</b></div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/sdnRP90weT4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3 style="text-align: justify;">
<b>Download ::</b></h3>
<div style="text-align: justify;">
<b>Windows :: </b><a href="https://docs.google.com/file/d/0B4eYJx0xZdQAcDlvS3JhcmxmMjQ/edit" target="_blank">Hook Analyzer v3.0</a><b>
</b></div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://hookanalyser.com/">http://hookanalyser.com/</a></div>
<div style="text-align: justify;">
<b>Submitted By :: </b>Beenu Arora </div>

Hook Analyzer (Malware Analysis and Cyber Intelligence) :: Tools

Hook Analyser is a malware analysis and cyber intelligence (gathering and analysis) utility. As well as Hook Analyzer performs spawn ...

dotDefender (Web Application Firewall) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="dotdefender logo" border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNgB-QvtDSLba1_oj3raWHinKyPHlXi03q3ECtSO3gJ48vp-5nB4zTE6VeGXuf2zMoyT4qML8f8UFcVw3vF3eTqukbzuWA2BuOh0SMj7nVWNE42TjUn1Ljvis_vmEN16ihNYTUeLwR-dwx/s640/dotDefender+logo.jpg" title="dotdefender logo" width="640" /></div>
<br />
<b>dotDefender</b> is the market-leading software <b>Web Application Firewall  (WAF)</b>. <b>dotDefender</b> boasts enterprise-class <a href="http://www.toolwar.com/search/label/Security" target="_blank">security,</a> advanced  integration capabilities, easy maintenance and low total cost of  ownership (TCO). <b>dotDefender</b> is the perfect choice for protecting your  website and <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> applications today. </div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
<b>Tutorials :: </b></h3>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/DKlTdoIiaSU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<h3 style="text-align: justify;">
<b>Download ::</b> </h3>
<div style="text-align: justify;">
<b>Windows :: </b><a href="http://www.applicure.com/downloads/5.12%20no%20SP/DotDefender%20Install%2032Bit%20v5.12.13275%20msi.exe" target="_blank">dotDefender V5.12</a></div>
<div style="text-align: justify;">
<b>Debian :: </b><a href="http://www.applicure.com/downloads/5.12/Linux/i386/dotDefender-5.12.Linux.i386.deb.bin.gz" target="_blank">dotDefender V5.12</a></div>
<div style="text-align: justify;">
<b>Linux :: </b><a href="http://www.applicure.com/downloads/5.12/Linux/i386/dotDefender-5.12.Linux.i386.gen.bin.gz" target="_blank">dotDefender V5.12</a></div>
<b>RPM :: </b><a href="http://www.applicure.com/downloads/5.12/Linux/i386/dotDefender-5.12.Linux.i386.rpm.bin.gz" target="_blank">dotDefender V5.12</a>
<b> </b><br />
<b>Official Website :: </b><a href="http://www.applicure.com/">http://www.applicure.com/</a>

dotDefender (Web Application Firewall) :: Tools

dotDefender is the market-leading software Web Application Firewall (WAF) . dotDefender boasts enterprise-class security, advanced ...

Malware Classifier (Malware Analysis) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="adobe malware classifier " border="0" height="266" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJFSWBvBrB6iEW5mUe0RLgLd4aTklWqEcrJku4K5HoKfHloY6DDXgTMVL4g8funQXw0_Yaxw2LuVUfUe3WqD_yvQoVBSUtp-dpw3XWg7kkmWbJlum9If5NsE1Kifvf0LFPi1Gryz7sq1ot/s400/adobe+malware+classifier.png" title="adobe malware classifier " width="400" /></div>
<div style="text-align: justify;">
<b>Adobe Malware Classifier</b> is a command-line tool that lets antivirus 
analysts, IT administrators, and security researchers quickly and easily
 determine if a <b><i>binary file contains malware</i></b>, so they can develop <b>
<a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a> detection</b> signatures faster, reducing the time in which users' 
systems are vulnerable.
Malware Classifier uses machine learning algorithms to classify Win32 
binaries – EXEs and DLLs – into three classes: 0 for “clean,” 1 for 
“malicious,” or “UNKNOWN.”<br /><br />
The tool was developed using models resultant from running the J48, J48 
Graft, PART, and Ridor machine-learning algorithms on a dataset of 
approximately 100,000 malicious programs and 16,000 clean programs. <br />
The tool extracts seven key features from an unknown binary, feeds them 
to one of the four classifiers or all of them, and presents its 
classification of the unknown binary.</div>
<div style="text-align: justify;">
<h3>
Download :: </h3>
<b>Python :: </b><a href="http://sourceforge.net/projects/malclassifier.adobe/files/AdobeMalwareClassifier.py/download" target="_blank">AdobeMalwareClassifier.py</a><br />
<b>Source :: </b><a href="http://sourceforge.net/projects/malclassifier.adobe/?source=navbar">http://sourceforge.net/projects/malclassifier.adobe/?source=navbar</a></div>

Malware Classifier (Malware Analysis) :: Tools

Adobe Malware Classifier is a command-line tool that lets antivirus analysts, IT administrators, and security researchers quickly and e...

Subscribe to: Posts ( Atom )