PatrowlHears (Vulnerability Intelligence Center) :: Tools

<p style="text-align: center;"> <a href="#" style="margin-left: 1em; margin-right: 1em;"><img alt="PatrowlHears - Vulnerability Intelligence Center" border="0" data-original-height="95" data-original-width="426" height="142" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg78Yi-fUn6UnelJNfinTL6GmFcle_rN2kJVvbZkCeqyMWPTE-1c0Uo0rhirqcu-htF2eTBr5F4EYy0qj6L6eKHXBSOd387DApVooZ6SjJo612jyJVpfoFrQ1IfveC9EfrYrc_MsYqZrVpm/w640-h142-rw/logo-patrowl-light.png" title="PatrowlHears - Vulnerability Intelligence Center" width="640" /> </a></p><p style="text-align: justify;"><span style="font-size: medium;"><span style="font-family: arial;"><span>PatrowlHears provides a unified source of vulnerability, exploit and threat Intelligence feeds. Users accesses a comprehensive and continuously updated vulnerability database scored and enriched with exploit and threat news information. These metadata are collected from public OSINT and private feeds. As today, it’s one of the most extended database.</span></span></span></p><code></code><p style="text-align: justify;"><span style="font-size: medium;"><b>Tutorial: </b><a href="https://makyotox.medium.com/patrowlhears-open-source-vulnerability-intelligence-center-a8577c462257" rel="nofollow" target="_blank">Click Here</a></span></p><p style="text-align: justify;"><span style="font-size: medium;"></span></p><div class="separator" style="clear: both; text-align: center;"><span style="font-size: medium;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgESDSSt8WN9e9FE8jTgauibslgmGYU-gxlA2KUNFhYXA77F5I2MfmxBDStpGCL335dQ6qq1X5nkgMYcGg91nl3KL7F1-bI7rb4o9QUYieLnTPuGrttTYC1Dd5UiZuR_jFIOTJWyPrO0p25/s700/1+2BX5kinORfnh_Y0cJA5XFA.png" rel="nofollow" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img alt="PatrowlHears" border="0" data-original-height="313" data-original-width="700" height="179" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgESDSSt8WN9e9FE8jTgauibslgmGYU-gxlA2KUNFhYXA77F5I2MfmxBDStpGCL335dQ6qq1X5nkgMYcGg91nl3KL7F1-bI7rb4o9QUYieLnTPuGrttTYC1Dd5UiZuR_jFIOTJWyPrO0p25/w400-h179-rw/1+2BX5kinORfnh_Y0cJA5XFA.png" title="PatrowlHears" width="400" /></a></span></div><p></p><p style="text-align: justify;"><span style="font-size: medium;"><b>Download</b>: </span></p><p style="text-align: justify;"><span style="font-size: medium;">Linux: </span></p><pre><code>git clone https://github.com/Patrowl/PatrowlHears cd PatrowlHears ./install.sh </code></pre><pre><code><span style="font-size: small;"><code><span style="font-family: arial;"><b>For Detailed Installation Guide:</b> <a href="https://github.com/Patrowl/PatrowlHears/blob/master/INSTALL.md" rel="nofollow" target="_blank">Click Here</a></span> </code></span> </code></pre><p style="text-align: justify;"><span style="font-size: medium;"><b>Submitted By:</b> <a href="https://twitter.com/makyotox" rel="nofollow" target="_blank">makyotox</a></span><br /></p>

PatrowlHears (Vulnerability Intelligence Center) :: Tools

    PatrowlHears provides a unified source of vulnerability, exploit and threat Intelligence feeds. Users accesses a comprehensive and conti...

Read more »

WebReaver (Advanced Web Security Scanner) :: Framework

<p style="text-align: center;"><img alt="WebReaver (Advanced Web Security Scanner)" border="0" data-original-height="1180" data-original-width="2048" height="230" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3ne2Pm852WocBoS6pz22kpKIauMIwx-ZeFPTcJO-aGtAj8oSokpLjpSwuepPZHfMMuzME0wJa_nx8KJc62uNIUMKOuGHy9Pdf_-zlKrlYFmpW3gVbABfveI7jWvWSWUKFOEyyiUGrtMQ/w400-h230-rw/01.png" title="WebReaver (Advanced Web Security Scanner)" width="400" />  </p><p>WebReaver is an elegant, easy to use and fully-automated, web application security security testing tool for Mac, Windows and Linux, suitable for novice as well as advanced users.</p> <p>WebReaver allows you easily test any web application for a large variety of web vulnerabilities from the sever kinds such as SQL Injection, Local and Remote File Includes, Command Injection, Cross-site Scripting and Expression Injection to the less severe ones such as variety of session and headers problems, information leakage and many more.</p><p><b>Tutorial</b>:</p><p> </p><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="" class="BLOG_video_class" height="266" src="https://www.youtube.com/embed/4w5QbNTED8I" width="320" youtube-src-id="4w5QbNTED8I"></iframe></div><br /><br /><p></p><p><b>Download :</b></p><p><a href="https://s3-eu-west-1.amazonaws.com/data-desktop.secapps.com/webreaver/WebReaver+Setup+0.1.0.exe" rel="nofollow" target="_blank">Windows</a><b> |</b> <a href="https://s3-eu-west-1.amazonaws.com/data-desktop.secapps.com/webreaver/WebReaver-0.1.0.dmg" rel="nofollow" target="_blank">macOS</a><b> | </b><a href="https://s3-eu-west-1.amazonaws.com/data-desktop.secapps.com/webreaver/WebReaver-0.1.0-x86_64.AppImage" rel="nofollow" target="_blank">Linux</a><b><br /></b></p><p><a href="https://webreaver.com/" rel="nofollow" target="_blank"><b>Official Website</b> <br /></a></p>

WebReaver (Advanced Web Security Scanner) :: Framework

  WebReaver is an elegant, easy to use and fully-automated, web application security security testing tool for Mac, Windows and Linux, sui...

Read more »

SubBrute (Subdomain Bruteforcer) :: Tools

<p style="text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEir8Vkrnp22NNcwJ4TRgPi1YAm_XJvNmKenaVQ0w98RW2yv5rqslLJflOiKfr0HEHmjopBvu_-nmjjxc3eYsn0w8kMP6PHuX9xMhvRigmyxoBDd-bwTEbnjX-H_haEpL0DfBWjSX9-CfDA/s1600/SubBrute.jpg" style="margin-left: 1em; margin-right: 1em;"><img alt="subbrute subdomain bruteforce" border="0" data-original-height="900" data-original-width="1600" height="225" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEir8Vkrnp22NNcwJ4TRgPi1YAm_XJvNmKenaVQ0w98RW2yv5rqslLJflOiKfr0HEHmjopBvu_-nmjjxc3eYsn0w8kMP6PHuX9xMhvRigmyxoBDd-bwTEbnjX-H_haEpL0DfBWjSX9-CfDA/w400-h225-rw/SubBrute.jpg" title="subbrute subdomain bruteforce" width="400" /> </a></p><p style="text-align: justify;">SubBrute is a community driven project with the goal of creating the fastest, and most accurate subdomain enumeration tool. Some of the magic behind SubBrute is that it uses open resolvers as a kind of proxy to circumvent DNS rate-limiting. This design also provides a layer of anonymity, as SubBrute does not send traffic directly to the target's name servers.</p><p><span style="font-size: medium;"><b>I<span>nstallation & Use:</span></b> </span></p><p>No install required for Windows, just cd into the 'windows' folder:</p> <ul><li>subbrute.exe google.com</li></ul> <p>Easy to install: You just need and python2.7 or python3. This tool should work under any operating system: bsd, osx, windows, linux...</p> <p>(On a side note giving a makefile root always bothers me, it would be a great way to install a backdoor...)</p> <p>Under Ubuntu/Debian all you need is:</p> <ul><li>sudo apt-get install python-dnspython</li></ul> <p>On other operating systems you may have to install dnspython manually:</p> <p>Easy to use:</p> <ul><li>./subbrute.py google.com</li></ul> <p>Tests multiple domains:</p> <ul><li>./subbrute.py google.com gmail.com blogger.com</li></ul> <p>or a newline delimited list of domains:</p> <ul><li>./subbrute.py -t list.txt</li></ul> <p>Also keep in mind that subdomains can have subdomains (example: _xmpp-server._tcp.gmail.com):</p> <ul><li> <p>./subbrute.py gmail.com > gmail.out</p> </li><li> <p>./subbrute.py -t gmail.out</p> </li></ul><p style="text-align: justify;"><b><span style="font-size: small;">Download: <a href="https://github.com/TheRook/subbrute" target="_blank">Subbrute v1.2.1</a><br /></span></b></p>

SubBrute (Subdomain Bruteforcer) :: Tools

    SubBrute is a community driven project with the goal of creating the fastest, and most accurate subdomain enumeration tool. Some of th...

Read more »

OWASP Amass - Subdomain Enumeration/Scanner : Tool

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMkkEOynUt7XrCQ08ZO7DXwHrtiOnQ6KzkLBUGr1ORjHVElgEpZ9YVI12g5k_1CWCHXdVc6OtERaG_LVt1zaJauILNLAlL8-xYEHP_XzhiMuaTTQvj24MNCzzlTviXcpeJyIidAxA-V08e/s1600/Amass.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="OWASP Amass Subdomain Scanner" border="0" data-original-height="327" data-original-width="647" height="202" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMkkEOynUt7XrCQ08ZO7DXwHrtiOnQ6KzkLBUGr1ORjHVElgEpZ9YVI12g5k_1CWCHXdVc6OtERaG_LVt1zaJauILNLAlL8-xYEHP_XzhiMuaTTQvj24MNCzzlTviXcpeJyIidAxA-V08e/s400-rw/Amass.JPG" title="OWASP Amass Subdomain Scanner" width="400" /></a></div> <br /> <div style="text-align: justify;"> The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques.</div> <b><br /> </b> <b>Information Gathering Techniques Used:</b><br /> <br /> <div style="text-align: justify;"> 1] DNS: Basic enumeration, Brute forcing (upon request), Reverse DNS sweeping, Subdomain name alterations/permutations, Zone transfers (upon request)</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> 2] Scraping: Ask, Baidu, Bing, CommonCrawl, DNSDumpster, DNSTable, Dogpile, Exalead, FindSubdomains, Google, HackerOne, IPv4Info, Netcraft, PTRArchive, Riddler, SiteDossier, ViewDNS, Yahoo</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> 3] Certificates: Active pulls (upon request), Censys, CertDB, CertSpotter, Crtsh, Entrust</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> 4] APIs: AlienVault, BinaryEdge, BufferOver, CIRCL, DNSDB, HackerTarget, Mnemonic, NetworksDB, PassiveTotal, RADb, Robtex, SecurityTrails, ShadowServer, Shodan, Sublist3rAPI, TeamCymru, ThreatCrowd, Twitter, Umbrella, URLScan, VirusTotal</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> 5] Web Archives: ArchiveIt, ArchiveToday, Arquivo, LoCArchive, OpenUKArchive, UKGovArchive, Wayback</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Video Tutorial:</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/mEQnVkSG19M/0.jpg" frameborder="0" height="330" src="https://www.youtube.com/embed/mEQnVkSG19M?feature=player_embedded" width="100%"></iframe></div> <h3 style="text-align: justify;">  </h3> <h3 style="text-align: justify;"> Documentation:  </h3> <div style="text-align: justify;"> 1] <a href="https://github.com/OWASP/Amass/blob/master/doc/install.md" target="_blank">Installation Guide </a></div> <div style="text-align: justify;"> 2] <a href="https://github.com/OWASP/Amass/blob/master/doc/user_guide.md" target="_blank">User's Manual/How to Use</a></div> <h3 style="text-align: justify;"> Download:</h3> <div style="text-align: justify;"> Amass is available for various platforms like Linux, Windows, MacOS etc.</div> <div style="text-align: justify;"> 1] <a href="https://github.com/OWASP/Amass" target="_blank">Download Link</a></div> <div style="text-align: justify;"> 2] <a href="https://github.com/OWASP/Amass/releases" target="_blank">Precompiled Binary</a> (Windows, MacOS, Linux)</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Official Page:</b> <a href="https://github.com/OWASP/Amass" target="_blank">OWASP Amass</a></div>

OWASP Amass - Subdomain Enumeration/Scanner : Tool

The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and p...

Read more »

SpiderFoot (Open Source Footprinting) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="spiderfoot logo" border="0" height="97" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3OsA6C6TqkPGzSteLe5Il6DIbd5vJ2R2ygYKxmMpztIbUkSadC9dsHcwl_7QR802M4qPoJJisrwSlI8DMAEUell4jeIyK4qx3jReRPGdrFQmb11OzHZZF0LqZ5PMxpn_9YKKrUSujN-Vq/s1600-rw/spiderfoot-logo-named.jpg" title="spiderfoot logo" width="320" /></div> <div style="text-align: justify;"> <b>SpiderFoot</b> is a free, <b>open-source footprinting tool</b>, enabling you to perform various scans against a given domain name in order to <i>obtain information</i> such as <i>sub-domains, e-mail addresses, owned netblocks, <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> server versions</i> and so on. The main objective of <b>SpiderFoot</b> is to automate the <b>footprinting</b> process to the greatest extent possible, freeing up a penetration tester’s time to focus their efforts on the <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> <a href="http://www.toolwar.com/search/label/Testing" target="_blank">testing</a> itself. <br /> <br /> <h3> Features ::</h3> </div> <ul style="text-align: justify;"> <li><b>SpiderFoot's</b> simple web-based interface enables you to kick off a scan immediately after install - just give your scan a name, the domain name of your target and select which modules to enable. </li> <li>You will quickly obtain information such as: URLs handling <a href="http://www.toolwar.com/search/label/Password" target="_blank">passwords</a>, <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> ranges (netblocks), web servers, open ports, information about SSL certificates, and much more.</li> <li>All <b>SpiderFoot</b> scan results are stored within an internal SQLite database, meaning that during a running scan and after a scan has completed, you can easily browse results, export to CSV and soon also be able to search scan results.</li> <li><b>SpiderFoot</b> is designed from the ground-up to be modular. This means you can easily add your own modules that consume data from other modules to perform whatever task you desire. As a simple example, you could create a module that automatically attempts to <a href="http://www.toolwar.com/search/label/Bruteforce" target="_blank">brute-force </a>usernames and passwords any time a password-handling webpage is identified by the spidering module.</li> </ul> <h3> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/jD2rgooP2T0?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3>  </h3> <b>Installing ::</b> <a href="https://github.com/smicallef/spiderfoot/wiki/Installing" target="_blank">Click Here</a>  <b> </b><br /> <b>Release Notes ::</b> <a href="https://github.com/smicallef/spiderfoot/wiki/Release-Notes" target="_blank">Click Here</a> <br /> <br /> <h3> Download ::</h3> <b>Windows ::</b> <a href="http://sourceforge.net/projects/spiderfoot/files/SpiderFoot-2.1.0-w32.zip/download" target="_blank">SpiderFoot v2.1.0x86</a> (.zip)<br /> <b>Linux/Solaris/BSD ::</b> <a href="http://sourceforge.net/projects/spiderfoot/files/spiderfoot-2.1.0-src.tar.gz/download" target="_blank">SpiderFoot v2.10</a> (.tar.gz) <b> </b><br /> <b>Official Website :: </b><a href="http://www.spiderfoot.net/">http://www.spiderfoot.net/</a>

SpiderFoot (Open Source Footprinting) :: Tools

SpiderFoot is a free, open-source footprinting tool , enabling you to perform various scans against a given domain name in order to obta...

Read more »

Suricata (IDS/IPS Engine) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="suricata logo" border="0" height="265" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBA8R1kVvwx8gIls0T9zJesWG83diVGoQDvpgQ64t30hKH72d_JYtyh6xI7vCSI20ZvkEvN3A3va6GdCt1J0dGvzTFshoa1K338lSeSq1we3BTEUrhBpV9mg7FY32RNfglod3Y94UbDU91/s1600-rw/suricata.png" title="suricata logo" width="320" /></div> <b>The Suricata Engine</b> is an <b>Open Source Next Generation Intrusion Detection and Prevention Engine.</b> This engine is not intended to just replace or emulate the existing <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> in the industry, but will bring new ideas and technologies to the field.<br /> <br /> <b>OISF</b> is part of and funded by the Department of Homeland Security's Directorate for Science and Technology HOST program (Homeland Open Security Technology), by the the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as through the very generous support of the members of the OISF Consortium. More information about the Consortium is available, as well as a list of our current Consortium Members.<br /> <br /> The <b>Suricata </b>Engine and the HTP Library are available to use under the GPLv2.<br /> <br /> The HTP Library is an HTTP normalizer and parser written by Ivan Ristic of Mod <a href="http://www.toolwar.com/search/label/Security" target="_blank">Security</a> fame for the OISF. This integrates and provides very advanced processing of HTTP streams for <b>Suricata</b>. The HTP library is required by the engine, but may also be used independently in a range of applications and tools.</div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <h3> Tutorial ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/A8e3y2DRiWg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div class="separator" style="clear: both; text-align: center;"> </div> </div> <div style="text-align: justify;"> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/-CDGwRm2ue8?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> Download ::</h3> </div> <div style="text-align: justify;"> <b>Unix, Linux & Mac :: </b><a href="https://redmine.openinfosecfoundation.org/attachments/download/971/Suricata-1.4.7-1-32bit.msi" target="_blank">Suricata v1.4.7</a> (.tar.gz)<b> </b></div> <div style="text-align: justify;"> <b>Windows :: </b><a href="https://redmine.openinfosecfoundation.org/attachments/download/971/Suricata-1.4.7-1-32bit.msi" target="_blank">Suricata v1.4.7.1</a> (.msi)</div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="http://www.openinfosecfoundation.org/index.php/download-suricata">http://www.openinfosecfoundation.org/index.php/download-suricata</a></div>

Suricata (IDS/IPS Engine) :: Tools

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just re...

Read more »

EtherApe (Graphical Network Monitor) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9-e6IMfm4L4BPvg8xBw_1z3S4tjBYqsZ0F40EyiJ_0oUmUbu8GJcn7a0xXie8ubZmErEnq-syvMbFgasiJG8trgldY0-0DMZs6LaVP-hTmlN6qvezeaFjLZzXZnbZt-F_d9hXYuUH-VN-/s1600/etherape_intro2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="etherape screenshot" border="0" height="246" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9-e6IMfm4L4BPvg8xBw_1z3S4tjBYqsZ0F40EyiJ_0oUmUbu8GJcn7a0xXie8ubZmErEnq-syvMbFgasiJG8trgldY0-0DMZs6LaVP-hTmlN6qvezeaFjLZzXZnbZt-F_d9hXYuUH-VN-/s1600-rw/etherape_intro2.png" title="etherape screenshot" width="400" /></a></div> <b>EtherApe</b> is a <b>graphical network monitor for Unix</b> modeled after <i>etherman</i>. Featuring link layer, IP and TCP modes, it displays <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> activity graphically. Hosts and links change in size with traffic. Color coded <a href="http://www.toolwar.com/search/label/Protocol" target="_blank">protocols</a> display.<br /> It supports Ethernet, FDDI, Token Ring, ISDN, PPP, SLIP and WLAN devices, plus several encapsulation formats. It can filter traffic to be shown, and can read <a href="http://www.toolwar.com/search/label/Packet" target="_blank">packets</a> from a file as well as live from the network. Node statistics can be exported.</div> <div style="text-align: justify;"> <b>As of version 0.9.13, EtherApe as these features, in no particular order: </b><br /> <ul> <li><span style="background-color: white;">Network traffic is displayed graphically. The more "talkative" a node is, the bigger its representation. </span></li> <li><span style="background-color: white;">Node and link color shows the most used protocol. </span></li> <li><span style="background-color: white;">User may select what level of the protocol stack to concentrate on. </span></li> <li><span style="background-color: white;">You may either look at traffic within your network, end to end IP, or even port to port TCP. </span></li> <li><span style="background-color: white;">Data can be captured "off the wire" from a live network connection, or read from a tcpdump capture file. </span></li> <li><span style="background-color: white;">Live data can be read from ethernet, FDDI, PPP, SLIP and WLAN interfaces, plus several other incapsulated formats (e.g. Linux cooked, PPI).</span></li> <li><span style="background-color: white;">The following frame and packet types are currently supported: ETH_II, 802.2, 803.3, IP, IPv6, ARP, X25L3, REVARP, ATALK, AARP, IPX, VINES, TRAIN, LOOP, VLAN, ICMP, IGMP, GGP, IPIP, TCP, EGP, PUP, UDP, IDP, TP, ROUTING, RSVP, GRE, ESP, AH, EON, VINES, EIGRP, OSPF, ENCAP, PIM, IPCOMP, VRRP; and most TCP and UDP services, like TELNET, FTP, HTTP, POP3, NNTP, NETBIOS, IRC, DOMAIN, SNMP, etc. </span></li> <li><span style="background-color: white;">Data display can be refined using a network filter using pcap syntax.</span></li> <li><span style="background-color: white;">Display averaging and node persistence times are fully configurable. </span></li> <li><span style="background-color: white;">Name resolution is done using standard libc functions, thus supporting DNS, hosts file, etc. </span></li> <li><span style="background-color: white;">Clicking on a node/link opens a detail dialog showing protocol breakdown and other traffic statistics. </span></li> <li><span style="background-color: white;">Protocol summary dialog shows global traffic statistics by protocol.</span></li> <li><span style="background-color: white;">Node summary dialog shows traffic statistics by node.</span></li> <li><span style="background-color: white;">Node statistics export to XML file.</span></li> <li><span style="background-color: white;">A single node can be centered on the display.</span></li> <li><span style="background-color: white;">Scrollkeeper/rarian-compatible manual integrated with yelp.</span></li> </ul> </div> <h3 style="text-align: justify;"> Tutorial ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/3S95lWky9CU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://sourceforge.net/projects/etherape/files/latest/download?source=files" target="_blank">Etherape v0.9.11</a> (.tar.gz)</div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="http://etherape.sourceforge.net/">http://etherape.sourceforge.net/</a></div>

EtherApe (Graphical Network Monitor) :: Tools

EtherApe is a graphical network monitor for Unix modeled after etherman . Featuring link layer, IP and TCP modes, it displays network ...

Read more »

XSSYA v2.0 (Cross Site Scripting Vulnerability Confirmation) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="XSSYA" border="0" height="331" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNyLNtuNpGkSYVXv-zl0SWTmpu-N6hsMjZKUMWHY9Yr3-POS5ttLGClLCyeE9UKcizHkGBuH-983P6_jdBjo6CSewy_F_t5UcNwzj63_46CmPuWVQDysRaMutNYvz6cp9a2otmjHFyIcjA/s1600-rw/XSSYA+Screenshot.png" title="XSSYA Screenshot" width="640" /></div> <br /> <div style="text-align: justify;"> <b>XSSYA (Cross Site Scripting Scanner & Vulnerability Confirmation)</b> written in <a href="http://www.toolwar.com/search/label/Python" target="_blank">python</a> scripting language confirm the <a href="http://www.toolwar.com/search/label/XSS" target="_blank">XSS Vulnerability</a> in two method first work by execute the payload encoded to bypass <a href="http://www.toolwar.com/search/label/Web" target="_blank">Web</a> Application Firewall which is the first method  request and response if it respond 200 it turn to Method 2 which search that payload decoded in web page HTML code if it confirmed get the last step which is execute document.cookie to get the cookie. </div> <br /> <h3> Key Features:</h3> <ul> <li>Support HTTPS</li> <li>After Confirmation (execute payload to get cookies)</li> <li>Can be run in (Windows - Linux)</li> <li>Identify 3 types of WAF (Mod_Security - WebKnight - F5 BIG IP)</li> <li>XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall)</li> <li>Support Saving The Web HTML Code Before Executing</li> <li>the Payload Viewing the Web HTML Code into the Screen or Terminal</li> </ul> <h3> What's New: </h3> (XSSYA v 2.0 has more payloads; library contains 41 payloads to enhance detection level XSS scanner is now removed from XSSYA to reduce false positive. URLs to be tested used to not allow any character at the end of the URL except (/ - = -?) but now this limitation has been removed.<br /> <br /> <div style="text-align: justify;"> Custom Payload 1 – You have the ability to Choose your Custom Payload Ex: and you can encode your custom payload with different types of encodings like (B64 – HEX – URL_Encode –- HEX with Semi Columns). (HTML Entities à Single & Double Quote only - brackets – And – or Encode all payload with HTML Entities) This feature will support also XSS vulnerability confirmation method which is you choose you custom payload and custom Encoding execute if response 200 check for same payload decoded in HTM code page. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> HTML5 Payloads XSYSA V2.0 contains a library of 44 HTLM5 payloads XSSYA have a Library for the most vulnerable application with XSS – Cross site scripting and this library counting (Apache – WordPress – PHPmy Admin) If you choose application it give the CVE Number version of Apache which is affected and the link for CVE for more details so it will be easy to search for certain version that is affected with XSS. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> XSSYA has the feature to convert the IP address of the attacker to (Hex, Dword, Octal) to bypass any security mechanism or IPS that will be exist on the target Domain. XSSYA check is the target is Vulnerable to XST (Cross Site Trace) which it sends custom Trace Request and check if the target domain is Vulnerable the request will be like this: </div> <br />TRACE / HTTP/1.0 <br />Host: demo.testfire.net <br />Header1: < script >alert(document.cookie);<br /> <h3> Tutorials:</h3> <b>User Guide:</b> <a href="http://labs.dts-solution.com/xssya-forget-the-browser-for-xss-by-yehia-mamdouh/" target="_blank">Click Here</a><br /> <h3> Download:</h3> <b>Python: </b><a href="https://github.com/yehia-mamdouh/XSSYA-V-2.0/archive/master.zip" target="_blank">XSSYA v2.0</a>

XSSYA v2.0 (Cross Site Scripting Vulnerability Confirmation) :: Tools

XSSYA (Cross Site Scripting Scanner & Vulnerability Confirmation) written in python scripting language confirm the XSS Vulnerabili...

Read more »

Juli (MITM) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="MITM Attack Security" border="0" height="305" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO8ISFmjA0ekD7MPO8ICWGwpqxp0xB5sjipk9sIvcZyXydEZ4YA3TdPy0DID6206FpnsQF94cYahJVQlvRI8mFhifxNHnoqQe8lRrQSzD1Nb0FulPIAmHltwTkMP-pCvxsLo32-8Gk8M3K/s1600-rw/Parasite-Attack-MITM.jpg" title="MITM Attack Security" width="640" /></div> <br /> A simple automated perl script for MiTM ( man-in-the-middle ) attacks. <br /> <h4> </h4> <h4> Requirements:</h4> <ul class="task-list"> <li>Linux ( I tested it on Ubuntu 14.04 LTS )</li> <li>Perl</li> <li>sslstrip <a href="https://github.com/moxie0/sslstrip">https://github.com/moxie0/sslstrip</a> </li> <li>arpsoof ( from dsniff can be found here <a href="http://www.monkey.org/%7Edugsong/dsniff/">http://www.monkey.org/~dugsong/dsniff/</a> )</li> </ul> <h4> Usage:</h4> Script must be runned as a root user<br /> <ul class="task-list"> <li> sudo juli.pl interface targetip</li> </ul> <b>Download:</b><br /> <b>Linux: <a href="https://github.com/em616/Juli" target="_blank">Juli.pl</a></b>

Juli (MITM) :: Tools

A simple automated perl script for MiTM ( man-in-the-middle ) attacks. Requirements: Linux ( I tested it on Ubuntu 14.04 LTS ) Per...

Read more »

Capstone (Disassembly Framework) :: Framework

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="capstone disassembler" border="0" height="320" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWQQc6jFFxBdew0SfkMRlTH0TSgVUzxWMCN6bSY2mxV-tcDnKFolrpjaOf0Dka2oqp6Dqs2WxUlRC3bh3ktMzdkyxqvc8ahRHCzUCVN4KF4Oz0IbzNy4CjtjcOnIZ_MH9cDNFmxMXRprqN/s320-rw/Capstone+Disassembler.png" title="capstone disassembler" width="320" /></div> <b>Capstone </b>is a lightweight multi-platform, multi-architecture <a href="http://www.toolwar.com/search/label/Assembler/Disassembler" target="_blank">disassembly</a> <a href="http://www.toolwar.com/search/label/Framework" target="_blank">framework</a>. Our target is to make <b>Capstone</b> the ultimate disassembly engine for binary analysis and <a href="http://www.toolwar.com/search/label/Reverse" target="_blank">reversing</a> in the <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> community.<br /> <h3> Features</h3> </div> <ul style="text-align: justify;"> <li>Support hardware architectures: ARM, ARM64 (aka ARMv8), Mips & X86.</li> <li>Clean/simple/lightweight/intuitive architecture-neutral API. </li> <li>Provide details on disassembled instruction (called “decomposer” by others).</li> <li>Provide some semantics of the disassembled instruction, such as list of implicit registers read & written.</li> <li>Implemented in pure C language, with bindings for Python, Ruby, OCaml, C#, Java and GO available.</li> <li>Native support for Windows & *nix (including MacOSX, Linux, *BSD platforms).</li> <li>Thread-safe by design.</li> <li>Distributed under the open source BSD license</li> </ul> <h3>  </h3> <h3> Tutorials ::</h3> <b>Text Tutorials :: </b><a href="http://www.capstone-engine.org/documentation.html" target="_blank">Click Here </a><br /> <h3> Download ::</h3> <b>Windows ::</b> <a href="http://www.capstone-engine.org/download/1.0/capstone-1.0-win32.zip" target="_blank">Capstone v1 (Win32)</a><br /> <b>Linux :: <a href="http://www.blogger.com/goog_1808671360">C</a></b><a href="http://www.capstone-engine.org/download/1.0/capstone-1.0_i386.deb" target="_blank">apstone-1.0_i386.deb</a><br /> <b>Official Website :: </b><a href="http://www.capstone-engine.org/">http://www.capstone-engine.org/</a><br /> <div class="separator" style="clear: both; text-align: left;"> <a href="http://www.capstone-engine.org/download/1.0/capstone-1.0-win32.zip" target="_blank"></a></div>

Capstone (Disassembly Framework) :: Framework

Capstone is a lightweight multi-platform, multi-architecture disassembly framework . Our target is to make Capstone the ultimate disass...

Read more »

WAIDPS (Wireless Auditing and IDS/IPS) :: Tools

<div class="MsoNormal" style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP2brw15uNZM6cni3F7-EtWQHYhj-0aNTw7yRP5neqqvJNHGdMiVN1N_0W3-Viquk330eFmeUtUUvL8svfYNwbfTIeN9EHznj0wezjqVUp-xF_BlO8Gs1EjB_PoXg6gp8JdoTV0ztUiuyz/s1600/WAIDPS.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="281" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP2brw15uNZM6cni3F7-EtWQHYhj-0aNTw7yRP5neqqvJNHGdMiVN1N_0W3-Viquk330eFmeUtUUvL8svfYNwbfTIeN9EHznj0wezjqVUp-xF_BlO8Gs1EjB_PoXg6gp8JdoTV0ztUiuyz/s1600-rw/WAIDPS.png" width="400" /></a></div> <div class="separator" style="clear: both; text-align: center;"> </div> <span style="font-family: Arial;"><b>WAIDPS</b> (Wireless Auditing, Intrusion Detection and Prevention System) is an open source <b>wireless swissknife</b> written in <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> and work on <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> environment. This is a multipurpose tools designed for audit (<a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration testing</a>) networks, detect wireless intrusion (WEP/WPA/WPS attacks) and also intrusion prevention (stopping station from associating to access point). Apart from these, it will harvest all <a href="http://www.toolwar.com/search/label/WiFi" target="_blank">WiFi</a> information in the surrounding and store in databases. This will be useful when it comes to auditing a <a href="http://www.toolwar.com/search/label/Network" target="_blank">network </a>if the access point is ‘MAC filtered’ or ‘hidden SSID’ and there isn’t any existing client at that moment. </span></div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;"><b>WAIDPS</b> may be useful to penetration testers, <a href="http://www.toolwar.com/search/label/Wireless" target="_blank">wireless</a> trainers, law enforcement agencies and those who is interested to know more about wireless auditing and protection. The primarily purpose for this script is to detect intrusion. Once wireless detect is found, it display on screen and also log to file on the attack. Additional features are added to current script where previous WIDS does not have are :</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">automatically save the attack packets into a file</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">interactive mode where users are allow to perform many functions</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">allow user to analyse captured packets</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">load previously saved pcap file or any other pcap file to be examine</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">customizing filters</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">customize detection threshold (sensitivity of IDS in detection)</span></div> <div class="MsoNormal" style="margin-left: 0.5in; text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">At present, <b>WAIDPS</b> is able to detect the following wireless attacks and will subsequently add other detection found in the previous WIDS.</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Association / Authentication flooding</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect mass deauthentication which may indicate a possible WPA attack for handshake </span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect possible WEP attack using the ARP request replay method</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect possible WEP attack using chopchop method</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect possible WPS pin bruteforce attack by Reaver, Bully, etc.</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detection of Evil-Twin</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detection of Rogue Access Point</span></div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">The whole structure of the <a href="http://www.toolwar.com/search/label/WiFi" target="_blank">Wireless Auditing</a>, <a href="http://www.toolwar.com/search/label/IDS" target="_blank">Intrusion Detection</a> & <a href="http://www.toolwar.com/search/label/IPS" target="_blank">Prevention System</a> will comprise of </span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">Harvesting WiFi Information         [Done]</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">Intrusion Detection                         [Done]</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">Intrusion Prevention                       [Done]</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">Auditing (Testing network)            [Done]</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">Other additional item include analyzing of packets, display of captured dump, display network barchart and much more.</span></div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> <b><span style="font-family: Arial;">Requirements</span></b></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">No special equipment is required to use this script as long as you have the following :</span></div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">   1. Root access (admin)</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">   </span><span style="font-family: Arial;">2. Wireless interface which is capable of monitoring and injection</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">   </span><span style="font-family: Arial;">3. Python 2.7 installed </span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">   </span><span style="font-family: Arial;">4. <a href="http://www.toolwar.com/2013/09/aircrack-ng-12-beta.html" target="_blank">Aircrack-NG suite</a>installed</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">   </span><span style="font-family: Arial;">5. TShark installed</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">   </span><span style="font-family: Arial;">6 TCPDump installed</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">   </span><span style="font-family: Arial;">7 Mergecap installed (for joining pcap files)</span></div> <div style="text-align: justify;"> <span style="font-family: Arial;">   </span><span style="font-family: Arial;">8 xterm  installed</span></div> <div style="text-align: justify;"> <div style="text-align: left;"> <br /></div> <div style="text-align: left;"> <b><span style="font-weight: normal;"><span style="font-family: Arial;"><b>Structure of WAIDS’ Display :: </b></span></span></b></div> <div class="MsoNormal"> <span style="font-family: Arial;">Before starting with the detail description of the whole application, WAIDPS display structures are separated in several parts. For better understanding, the structures are as below.</span></div> <div class="MsoNormal"> </div> <div class="MsoNormal"> <b><span style="font-family: Arial;">WiFi-Harvesting Module</span></b></div> <div class="MsoNormal"> <span style="font-family: Arial;">- Collecting/Storing of Access Points/Stations details and the relationship with each other. [<b>Access Points / Wireless Clients Listing</b>]</span></div> <span style="font-family: Arial;">- Displaying of unassociated station information and its probe </span></div> <div style="text-align: justify;"> <span style="font-family: Arial;">[<b>Unassociated Stations</b>]</span> <br /> <div class="MsoNormal"> <span style="font-family: Arial;">- Allowing user to enter MAC addresses / Names to be monitored </span></div> <div class="MsoNormal"> <span style="font-family: Arial;">[<b>Monitoring Panel</b>]</span></div> <span style="font-family: Arial;">- Association of stations to access point, station switch from one access point to another, station acting as both a wireless client and access point, etc </span></div> <div style="text-align: justify;"> <span style="font-family: Arial;">[<b>Association/Connection Alert</b>]</span> <br /> <div class="MsoNormal"> </div> <div class="MsoNormal"> <b><span style="font-family: Arial;">Intrusion Detection</span></b></div> <div class="MsoNormal"> <span style="font-family: Arial;">- Capture/Analyzing of packets </span></div> <div class="MsoNormal"> <span style="font-family: Arial;">- Displaying of Station/Access Point MAC addresses and detected suspicious data count [<b>Suspicious Activity Listing</b>]</span></div> <div class="MsoNormal"> <span style="font-family: Arial;">- Displaying of analysed WEP/WPA/WPS attack pattern and its detail [<b>Attack Detected</b>]</span></div> <div class="MsoNormal"> </div> </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Screenshots ::  </b><a href="http://syworks.blogspot.in/2014/04/waidps-wireless-auditing-intrusion.html" target="_blank">Click Here</a><br /> <b>Text & Image Tutorial :: </b><a href="http://syworks.blogspot.in/2014/04/waidps-wireless-auditing-intrusion.html" target="_blank">Click Here</a><br /> <b>Installation Tutorial::</b><br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/aGTQAWoeujA?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <span id="goog_894600077"></span><span id="goog_894600078"></span> </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>More Video Tutorials: </b> <a href="https://www.youtube.com/watch?v=s7kzQqOY3X0&index=2&list=PLrekpjW7JwW-T0CeXP8GwudtJmTJ6KZ8O" target="_blank">Click Here</a></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="https://github.com/SYWorks/waidps/archive/master.zip" target="_blank">WAIDPS</a><b> (.py)</b></div> <div style="text-align: justify;"> <b>Source ::</b> <a href="https://github.com/SYWorks/waidps" target="_blank">https://github.com/SYWorks/waidps</a> </div> <div style="text-align: justify;"> <b>Submitted By :: </b>SYChua</div>

WAIDPS (Wireless Auditing and IDS/IPS) :: Tools

WAIDPS (Wireless Auditing, Intrusion Detection and Prevention System) is an open source wireless swissknife written in Python and wo...

Read more »

Detekt :: Malware Detection Tool against Government Surveillance

<div class="separator" style="clear: both; text-align: justify;"> <img alt="detekt" border="0" height="280" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhev1ECdbJcOGLhQL5rphVoj1Ux8wBh3wGbWoySuzKDc4CdDPi5_A0kU4YBambTUqKZPghRdvmePb2aFihp_n_8vHEbCjhc9MbMcXYyPKs6gK7h0tUCeqyuiR8ONVh-AS7WUIAu_Kv_yhaD/s1600-rw/detekt-1d.png" title="Detekt" width="640" /></div> <div style="text-align: justify;"> <b>Detekt</b> is a <b>free tool</b> that scans your <b>Windows computer for traces of known surveillance spyware</b> used to target and monitor human rights defenders and journalists around the world. It is important to underline that if <b>Detekt </b>does not find trace of spyware on a computer, it does not necessarily mean that none is present. Some spyware will likely be updated in response to the release of <b>Detekt </b>in order to avoid detection. In addition, there may be existing versions of spyware, from these or other providers, which are not detected by this tool.</div> <div style="text-align: justify;"> In recent years we have witnessed a huge growth in the adoption and trade in communication surveillance technologies. Such spyware provides the ability to read personal emails, listen-in skype conversations or even remotely turn on a computers camera and microphone without its owner knowing about it.</div> <div style="text-align: justify;"> Some of this software is widely available on the Internet, while some more sophisticated alternatives are made and sold by private companies based in industrialized countries to state law enforcement and intelligence agencies in countries across the world.</div> <div style="text-align: justify;"> There is little to no regulation currently in place to safeguard against these technologies being sold or used by repressive governments or others who are likely to use them for serious human rights violations and abuses.</div> <div style="text-align: justify;"> <strong>How widely do governments use surveillance technology?</strong></div> <div style="text-align: justify;"> Governments are increasingly using surveillance technology, and targeted surveillance in particular, to monitor the legitimate activities of human rights activists and journalists. <span>Powerful software developed by companies allows governments and intelligence agencies to read personal emails, listen-in on Skype conversations or even remotely turn on a computers camera and microphone without its owner knowing about it.</span></div> <div style="text-align: justify;"> <span>In many cases, the information they gather through those means is used to detain, imprison and even torture activists into confessing to crimes. It's impossible, however, to give an accurate estimate of how many people are affected by this surveillance spyware. This is because the companies that build and sell such software market themselves on their ability to hide it from users. Recent research has shown that known spyware has been found present in dozens of countries, covering all regions of the world. <b>Detekt</b> is the first public tool that will assist activists, journalists and civil society groups to scan their computers for spyware.</span></div> <h3 style="text-align: justify;"> <span>Download:  </span></h3> <div style="text-align: justify;"> <b><span>Windows:: </span></b><span><a href="https://github.com/botherder/detekt/releases/download/v1.2/detekt.exe" target="_blank">Detekt v1.2</a> (.exe)</span></div> <div style="text-align: justify;"> <span><b>Source Code:: </b>https://github.com/botherder/detekt/archive/v1.2.zip<b> </b></span></div> <div style="text-align: justify;"> <span><b>Official Website::</b> https://resistsurveillance.org/</span></div>

Detekt :: Malware Detection Tool against Government Surveillance

Detekt is a free tool that scans your Windows computer for traces of known surveillance spyware used to target and monitor human righ...

Read more »

The Sleuth Kit (TSK - Forensics) :: Framework

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;">  <img alt="the sleuth kit logo" border="0" height="166" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPBlwuWRltXOU2hEze6gjFS1OxwMM7HIYQuU4ElDgNsV8TmyWm9VYKauKsZbzStobxPbL4KSrUSqGxKXIYhNU4IluquGMQPe90Q6zRuGBMq_N92DQ2PK4G6lfCg8iLWGVDyVT8B8THFPHd/s1600-rw/the+sleuth+kit+logo.gif" title="the sleuth kit logo" width="200" /></div> <b>The Sleuth Kit</b> is a C++ library and collection of open source file system <a href="http://www.toolwar.com/search/label/Forensics" target="_blank"><b>forensics tools</b></a> that allow you to, among other things, view allocated and deleted data from NTFS, FAT, FFS, EXT2, Ext3, HFS+, and ISO9660 images. <br /> <b>The Sleuth Kit® (TSK)</b> is a library and collection of command line <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> that allow you to investigate disk images. The core functionality of <b>TSK</b> allows you to <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analyze</a> volume and file system data. The plug-in <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a> allows you to incorporate additional modules to analyze file contents and build automated systems. The library can be incorporated into larger digital forensics tools and the <a href="http://www.toolwar.com/search/label/CLI" target="_blank">command line</a> tools can be directly used to find evidence. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> There are three different packages for each <b>The Sleuth Kit® (TSK) </b>release.</div> <ul style="text-align: justify;"> <li><b>sleuthkit-X.X.X.tar.gz</b>: This is the source code release of TSK core and framework that you must compile on your computer. This is most commonly used on non-<a href="http://www.toolwar.com/search/label/Windows" target="_blank">windows</a> systems.</li> <li><b>sleuthkit-X.X.X-win32.zip</b>: This is the compiled windows release of TSK core. This has executables and libraries that allow you to run this on windows.</li> <li><b>sleuthkit-X.X.X-framework-win32.zip</b>: This is the compiled windows release of the framework. It has the tsk_analyzeimg program that allows you to run the framework on a disk image.</li> </ul> <div style="text-align: justify;"> <br /></div> <h3> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/YybBQycLL9w?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/3ieolkMJxJk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> Download ::</h3> <b>Windows (x86) :: </b><a class="name" href="http://sourceforge.net/projects/sleuthkit/files/sleuthkit/4.1.2/sleuthkit-4.1.2-win32.zip/download" title="Click to download sleuthkit-4.1.2-win32.zip">Sleuthkit-4.1.2-win32.zip</a> | <a class="name" href="http://sourceforge.net/projects/sleuthkit/files/sleuthkit/4.1.2/sleuthkit-4.1.2-framework-win32.zip/download" title="Click to download sleuthkit-4.1.2-framework-win32.zip">Sleuthkit-4.1.2-framework-win32.zip</a> <b> </b><br /> <b>Linux :: </b><a class="name" href="http://sourceforge.net/projects/sleuthkit/files/sleuthkit/4.1.2/sleuthkit-4.1.2.tar.gz/download" title="Click to download sleuthkit-4.1.2.tar.gz">Sleuthkit-4.1.2.tar.gz</a> <br /> <b>Official Website :: </b> <a href="http://www.sleuthkit.org/sleuthkit/">http://www.sleuthkit.org/sleuthkit/</a>

The Sleuth Kit (TSK - Forensics) :: Framework

  The Sleuth Kit is a C++ library and collection of open source file system forensics tools that allow you to, among other things, vie...

Read more »

NIELD (Network Forensics) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Network Forensics" border="0" height="300" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiv5UkdWZtYhJYA6juKwBWqbScPIAPAkUhoLvGVeVrnlB4umNPTnorlKGSInBzLSy5Faqe9YyG7bXA-bWiHYnBzqN5Tu9v9dATd-eeiHXBlHWrgZjE8-jsyhz7TnGf6q93Y-6Tm_4WPr1RJ/s400-rw/Network+Forensics.jpg" title="Network Forensics" width="400" /></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>NIELD (Network Interface Events Logging Daemon)</b> is a tool that receives notifications from the kernel through the netlink socket, and generates logs related to interfaces, neighbor cache(ARP,NDP), IP address(IPv4,IPv6), routing, FIB rules, traffic control.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Installation :: </b><a href="http://nield.sourceforge.net/install.html" target="_blank">Click Here </a></div> <div style="text-align: justify;"> <b>Help :: </b><a href="http://nield.sourceforge.net/man.html" target="_blank">Click Here</a> </div> <h3 style="text-align: justify;"> Download :: </h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://sourceforge.net/projects/nield/files/nield-0.4.0/nield-0.4.0.tar.gz/download" target="_blank">NIELD 0.4.0 (.tar.gz)</a></div> <div style="text-align: justify;"> <b>Source :: </b><a href="http://nield.sourceforge.net/index.html">http://nield.sourceforge.net/index.html</a></div>

NIELD (Network Forensics) :: Tools

NIELD (Network Interface Events Logging Daemon) is a tool that receives notifications from the kernel through the netlink socket, and...

Read more »

PeePDF (PDF Analysis, Forensics, Creation and Modification) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdfssXOHi8T0g4PNVG2niVEqC8bGVS2bQv8_wc0aLv8WDhBJ6Qf4HmwrkQoJlcQQtkcpLkUrvaJT9SEivG30mCR9_7y4Shf87TpVzinYYtGUbSzmXiSqszzlHsUI0d9T1VuVnq7P5KubfM/s1600/PeePDF.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="PeePDF Analysis" border="0" height="400" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdfssXOHi8T0g4PNVG2niVEqC8bGVS2bQv8_wc0aLv8WDhBJ6Qf4HmwrkQoJlcQQtkcpLkUrvaJT9SEivG30mCR9_7y4Shf87TpVzinYYtGUbSzmXiSqszzlHsUI0d9T1VuVnq7P5KubfM/s1600-rw/PeePDF.jpg" title="PeePDF Analysis" width="400" /></a></div> <b>PeePDF</b> is a <b>Python tool to explore PDF files</b> in order to find out if the file can be harmful or not. The aim of this <a href="http://www.toolwar.com/search/label/Tools" target="_blank"> tool</a> is to provide all the necessary components that a <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> researcher could need in a <a href="http://www.toolwar.com/search/label/PDF" target="_blank">PDF analysis</a> without using 3 or 4 tools to make all the tasks. With peepdf it's possible to see all the objects in the document showing the suspicious elements, supports all the most used filters and encodings, it can parse different versions of a file, object streams and encrypted files. With the installation of PyV8 and Pylibemu it provides <b>Javascript and shellcode <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a></b> wrappers too. Apart of this it's able to create new PDF files and to modify/obfuscate existent ones. </div> <div style="text-align: justify;"> <br /> The main functionalities of peepdf are the following: </div> <div style="text-align: justify;"> <h3> <b> Analysis: </b></h3> </div> <ul style="text-align: justify;"> <li> Decodings: hexadecimal, octal, name objects </li> <li> More used filters </li> <li> References in objects and where an object is referenced </li> <li> Strings search (including streams) </li> <li> Physical structure (offsets) </li> <li> Logical tree structure </li> <li> Metadata </li> <li> Modifications between versions (changelog) </li> <li> Compressed objects (object streams) </li> <li> Analysis and modification of Javascript (PyV8): unescape, replace, join </li> <li> Shellcode analysis (Libemu python wrapper, pylibemu) </li> <li> Variables (set command) </li> <li> Extraction of old versions of the document </li> <li> Easy extraction of objects, Javascript code, shellcodes (>, >>, $>, $>>) </li> <li> Checking hashes on <a href="http://www.toolwar.com/2013/12/virustotal-analyze-files-and-urls-tools.html" target="_blank"><b>VirusTotal</b></a> </li> </ul> <div style="text-align: justify;"> <b> Creation/Modification: </b></div> <ul style="text-align: justify;"> <li> Basic PDF creation </li> <li> Creation of PDF with Javascript executed wen the document is opened </li> <li> Creation of object streams to compress objects </li> <li> Embedded PDFs </li> <li> Strings and names obfuscation </li> <li> Malformed PDF output: without endobj, garbage in the header, bad header... </li> <li> Filters modification </li> <li> Objects modification </li> </ul> <div style="text-align: justify;"> <b> Execution modes: </b></div> <ul style="text-align: justify;"> <li> Simple command line execution </li> <li> <b>Powerful interactive console</b> (colorized or not) </li> <li> Batch mode </li> </ul> <div style="text-align: justify;"> <b> TODO: </b></div> <ul style="text-align: justify;"> <li> Embedded PDFs analysis </li> <li> Improving automatic Javascript analysis </li> <li> GUI </li> </ul> <h3> Tutorials :: </h3> <b>PeePDF Installation :: </b><a href="http://code.google.com/p/peepdf/wiki/Installation" target="_blank">Click Here</a><b><a href="http://code.google.com/p/peepdf/wiki/Installation" target="_blank"> </a></b><br /> <b>PeePDF Execution :: </b><a href="http://code.google.com/p/peepdf/wiki/Execution" target="_blank">Click Here</a><br /> <b>PeePDF Commands ::  </b><a href="http://code.google.com/p/peepdf/wiki/Commands" target="_blank">Click Here</a><br /> <b>PDF Forensics and Analysis eBook</b> :: <a href="https://www.amazon.com/dp/B00LSF1TU6" target="_blank">Click Here</a> <br /> <br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/T1GcheLaY5M?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> Download ::</h3> <b>Linux | Windows :: </b><a href="http://peepdf.googlecode.com/files/peepdf_0.2-BlackHatVegas.zip" target="_blank">peepdf v0.2</a> (.zip)<b> | </b><a href="http://peepdf.googlecode.com/files/peepdf_0.2-BlackHatVegas.tar.gz" target="_blank">peepdf v0.2</a> (.tar.gz) <b> </b><br /> <b>Source Website ::</b> <a href="http://code.google.com/p/peepdf/">http://code.google.com/p/peepdf/</a>

PeePDF (PDF Analysis, Forensics, Creation and Modification) :: Tools

PeePDF is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to prov...

Read more »

GoldenEye (DoS Testing) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="ddos icon" border="0" height="240" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJOQnS__a36My3QgFrkkZZnKbMa2sQ5wymnzD-TYPn2-Hi3HzwaqF7hyphenhyphenimikRz5C7uJ3EQc2UHSYhjBNDc4TDogFEdp8zIL-ab7q41TBZPSowkU6qXuTkKbYPg3QOuCHEa5gb1WjXFL0js/s1600-rw/ddos+logo.jpg" title="ddos icon" width="400" /></div> <div style="text-align: justify;"> <b>GoldenEye</b> is a <b>HTTP DoS test tool</b>. This software is distributed under the <i>GNU General Public License</i> version 3 (GPLv3). <b>GoldenEye</b> is a <b><acronym title="HyperText Transfer Protocol">HTTP</acronym>/S Layer 7 <a href="http://www.toolwar.com/search/label/DDoS" target="_blank">Denial-of-Service</a> Testing Tool</b>. It uses KeepAlive (and Connection: keep-alive) paired with Cache-Control options to persist socket connection busting through caching (when possible) until it consumes all available sockets on the <acronym title="HyperText Transfer Protocol">HTTP</acronym>/S server.</div> <div style="text-align: justify;"> This project started by the influence of Barry Shteiman who created HULK, a Proof-of-concept <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tool</a> that I decided to improve which later became <b>GoldenEye</b>. Kudos for you Barry! This software is written in purely<a href="http://www.toolwar.com/search/label/Python" target="_blank"> Python</a>.</div> <h3 style="text-align: justify;"> Tutorial ::</h3> <div style="text-align: justify;"> <b>Usages :: </b></div> <pre><span style="font-family: "Courier New",Courier,monospace;"><code> USAGE: ./goldeneye.py <url> [OPTIONS] OPTIONS: Flag Description Default -t, --threads Number of concurrent threads (default: 500) -m, --method HTTP Method to use 'get' or 'post' or 'random' (default: get) -d, --debug Enable Debug Mode [more verbose output] (default: False) -h, --help Shows this help</code></span></pre> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b><span style="font-size: small;"><span style="font-weight: normal;">Python :: <a href="https://github.com/jseidl/GoldenEye/archive/master.zip" target="_blank">GoldenEye</a><b> (.py)</b></span></span></b></div> <div style="text-align: justify;"> <b>Source Website ::</b>  <a href="https://github.com/jseidl/GoldenEye">https://github.com/jseidl/GoldenEye</a></div>

GoldenEye (DoS Testing) :: Tools

GoldenEye is a HTTP DoS test tool . This software is distributed under the GNU General Public License version 3 (GPLv3). GoldenEye is ...

Read more »

KillerBee (Exploiting ZigBee and IEEE 802.15.4 Networks) :: Framework

<div class="separator" style="clear: both; text-align: center;"> <img alt="KillerBee Image" border="0" height="329" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7xn4xzkvBYoqeDLAxh3GYVmNcCIj8wfF43o7uU-YZX4qDFqdlP91terOVNJqb8Zo0hS94LsqWhLGHvoJXzHFJkVYwmnD8YzrW6f-H_ndMaXeF-7iquPRYHz01XL2GKY3V2yXWvycWpApy/s1600-rw/KillerBee+Image.jpg" title="KillerBee Image" width="640" /></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>KillerBee</b> is a Python based <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a> and tool set for <b>exploring and exploiting the security of ZigBee and IEEE 802.15.4 networks.</b> Using <b>KillerBee</b> tools and a compatible IEEE 802.15.4 radio interface, you can eavesdrop on ZigBee networks, replay traffic, attack cryptosystems and much more. Using the <b>KillerBee framework</b>, you can build your own <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a>, implement ZigBee fuzzing, emulate and attack end-devices, routers and coordinators and much more. </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Install on Linux :: </b><a href="https://code.google.com/p/killerbee/wiki/InstallLinuxBackTrack" target="_blank">Click Here</a></div> <div style="text-align: justify;"> <b>Install on Mac :: </b><a href="https://code.google.com/p/killerbee/wiki/InstallOSX" target="_blank">Click Here</a></div> <b>Wiki :: </b><a href="https://code.google.com/p/killerbee/w/list" target="_blank">Click Here</a><br /> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux | Mac :: </b><a href="https://killerbee.googlecode.com/files/killerbee_1_0.tar" target="_blank">KillerBee v1.0</a> (.tar.gz)</div> <div style="text-align: justify;"> <b>Source Website :: </b><a href="https://code.google.com/p/killerbee/">https://code.google.com/p/killerbee/</a></div>

KillerBee (Exploiting ZigBee and IEEE 802.15.4 Networks) :: Framework

KillerBee is a Python based framework and tool set for exploring and exploiting the security of ZigBee and IEEE 802.15.4 networks. ...

Read more »

Volatility (Advanced Memory Forensics Framework) :: Framework

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Volatility Framework (Advance Memory Framework)" border="0" height="244" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwYsvSKFWGazVkY8HTm3e9MOP8FLgDHrNIEhfik5auQuUNypN7S2Vl_ZHpcAkdSMaAcULytu3T0GEW5lT53Towrr6YEo48gjALbDFYqIdwWgbH_SwnzwssHoTNoZWyDysqNDN1W5rFYL0S/s320-rw/volatility+logo.png" title="Volatility Framework (Advance Memory Framework)" width="320" /></div> <b>Volatility Framework</b> is a <i>Advanced Memory Forensics Framework. </i>The <b>Volatility Framework</b> is a completely open collection of <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a>, implemented in <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> under the GNU General Public License, for the extraction of digital artifacts from volatile <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a> (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibilty into the runtime state of the system. The <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank"> framework</a> is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile <a href="http://www.toolwar.com/search/label/Memory" target="_blank"> memory</a> samples and provide a platform for further work into this exciting area of research. <br /> The <b>Volatility Framework</b> demonstrates our commitment to and belief in the importance of open source digital investigation <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> . Volatile Systems is committed to the belief that the technical procedures used to extract digital evidence should be open to peer analysis and review. We also believe this is in the best interest of the digital investigation community, as it helps increase the communal knowledge about systems we are forced to investigate. Similarly, we do not believe the availability of these tools should be restricted and therefore encourage people to modify, extend, and make derivative works, as permitted by the GPL. </div> <h3 style="text-align: left;"> <span style="font-size: small;">Capabilities :-</span></h3> <div style="text-align: justify;"> The <b>Volatility Framework</b> currently provides the following extraction capabilities for memory samples </div> <ul style="list-style-type: disc; text-align: justify;"> <li>Image information (date, time, CPU count)</li> <li>Running processes</li> <li>Process SIDs and environment variables</li> <li>Open network sockets</li> <li>Open network connections</li> <li>DLLs loaded for each process</li> <li>Open handles to all kernel/executive objects (files, keys, mutexes)</li> <li>OS kernel modules</li> <li>Dump any process, DLL, or module to disk</li> <li>Mapping physical offsets to virtual addresses</li> <li>Virtual Address Descriptor information</li> <li>Addressable memory for each process</li> <li>Memory maps for each process</li> <li>Extract executable samples</li> <li>Scanning examples: processes, threads, sockets, connections, modules</li> <li>Command histories (cmd.exe) and console input/output buffers</li> <li>Imported and exported API functions</li> <li>PE version information</li> <li>System call tables (IDT, GDT, SSDT)</li> <li>API hooks in user- and kernel-mode (inline, IAT, EAT, NT syscall, winsock)</li> <li>Explore cached registry hives</li> <li>Dump LM/NTLM hashes and LSA secrets</li> <li>User assist and shimcache exploration</li> <li>Scan for byte patterns, regular expressions, or strings in memory</li> <li>Analyze kernel timers and callback functions</li> <li>Report on windows services</li> </ul> <h3> Tutorial ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/zhQP07YKLL0?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> </h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/zXh-1mK5FyU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> </h3> <h3> Download ::</h3> <b>Windows :: </b><a href="https://volatility.googlecode.com/files/volatility-2.3.1.standalone.exe" target="_blank">Volatility 2.3.1 Standalone </a><b> </b> <b> </b><br /> <b>Linux :: </b><a href="https://volatility.googlecode.com/files/volatility-2.3.1.tar.gz" target="_blank">Volatility 2.3.1.tar.gz</a><b> </b> <b> </b><br /> <b>Mac :: </b><a href="https://volatility.googlecode.com/files/MacProfilesAll.zip" target="_blank">Volatility Framework </a><br /> <b></b><b>Source :: </b><a href="https://code.google.com/p/volatility/">https://code.google.com/p/volatility/</a><b> </b>

Volatility (Advanced Memory Forensics Framework) :: Framework

Volatility Framework is a Advanced Memory Forensics Framework. The Volatility Framework is a completely open collection of tools , imp...

Read more »

AIEngine (Artificial Intelligent Engine) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="AIEngine (Artificial Intelligent Engine)" border="0" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjygwBGjzyQv3FxAMBFEPi4jiHrZl-rqa1pCdx-9Ypc4ofp70ziOSWVZj2iWVv2sA9Dx5YI-3q4in1P1E4PBAX0AQABh8-VVaoynf29hQswZ8nNPEuJ9z-vrteUA8KGJFyshyVafOArLC7F/s1600-rw/Artificial+Intelligent+Engine.jpg" title="AIEngine (Artificial Intelligent Engine)" /></div> <div style="text-align: justify;"> <b>AIEngine</b> is a next generation interactive/programmable packet inspection engine with capabilities of learning without any human intervention, NIDS functionality, DNS domain classification, network collector and many others.  <b><br /></b><br /> <b>AIEngine (Artificial Intelligent Engine)</b> is a <i><a href="http://www.toolwar.com/search/label/Packet" target="_blank">packet</a> inspection engine</i> with capabilities of learning without any human intervention. <b>AIEngine</b> helps <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a>/security profesionals to <b>identify traffic</b> and develop signatures for use them on<b> </b><i>NIDS, <a href="http://www.toolwar.com/search/label/Firewalls" target="_blank">Firewalls</a>, Traffic classifiers</i> and so on.</div> <div style="text-align: justify;"> <b>AIEngine</b> is written in c++11 and Python, so by using the flexibility of <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a>, AIEngine could be integrated easely with other functionalities and modules in a easy way.<br /> <h3> Features ::  </h3> </div> <ul> <li>- Counters for IP fragmentation packets.</li> <li>- Support for TLS1.2 on the SSLProtocol</li> <li>- Exposed the FrequencyGroup and the LearnerEngine on python.</li> <li>- Integrate with NetfilterPython or other packet systems.</li> <li>- Support for python 3.x versions (check INSTALL).</li> <li>- Sorts the outputs of the HTTP, SSL and DNS most used domains (aiengine binary).</li> <li>- Support for HTTP1.1 (URI Cache), all the flows will have all the paths taken by the user.</li> <li>- Shell support. The system have a interactive shell so the user can interact on realtime with the system.</li> </ul> <h3> Tutorial ::</h3> <b>Configuration :: </b><a href="https://bitbucket.org/camp0/aiengine/wiki/Configurations" target="_blank">Click Here</a><b> </b><br /> <b>Uses & Examples :: </b><a href="https://bitbucket.org/camp0/aiengine/wiki/Home" target="_blank">Click Here</a><br /> <b>Wiki :: </b><a href="https://bitbucket.org/camp0/aiengine/wiki/Home" target="_blank">Click Here</a><br /> <h3> Download :: </h3> <b>Linux :: </b><a href="https://bitbucket.org/camp0/aiengine/downloads/aiengine-1.5.tar.gz" rel="nofollow" target="_blank">AIEngine v1.5</a><b> (.tar.gz)</b><br /> <b>Source ::</b> <a href="https://bitbucket.org/camp0/aiengine/overview">https://bitbucket.org/camp0/aiengine/overview</a><br /> <b>Submitted By :: </b>Luis

AIEngine (Artificial Intelligent Engine) :: Tools

AIEngine is a next generation interactive/programmable packet inspection engine with capabilities of learning without any human interven...

Read more »

OCFA (Open Computer Forensics Architecture) :: Framework

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="OCFA Tools" border="0" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFBvdLhCyjycLRfN5dNkY5dJ8DhTpyO1-LAAjtlqcZoz2odPBUVyhs1KU3f-t8QDFAa_LJxuuVAVJRfE1niARh9DzFRqu_wZnESr3NRQFqR6wF8YVJceurWGKd0469rTy_vUIhApL46dEN/s1600-rw/Computer-Forensics.jpg" title="OCFA TOols" /></div> </div> <div style="text-align: justify;"> The <b>Open Computer Forensics Architecture (OCFA)</b> is a modular computer <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">forensics</a> framework built by the Dutch National Police Agency [KLPD/Dutch]. The main goal is to automate the digital forensic process to speed up the <a href="http://www.toolwar.com/search/label/Investigation" target="_blank">investigation</a> and give tactical investigators direct access to the seized data through an easy to use search and browse interface.<br /> <br /> The architecture forms an environment where existing <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">forensic tools</a> and libraries can be easily plugged into the architecture and can thus be made part of the recursive extraction of data and metadata from digital evidence. The <b>Open Computer Forensics Architecture</b> aims to be highly modular, robust, fault tolerant, recursive and scalable in order to be usable in large investigations that spawn numerous terabytes of evidence data and covers hundreds of evidence items.<br /> <br /> Modules in <b>OCFA</b> for reasons of fault tolerance are processes. The basic OcfaLib API makes it possible and relatively easy to build an <b>OCFA</b> module out of any data processing library or tool. OCFA comes with numerous such modules that are mostly wrappers around libraries like libmagic or tools such as those found in the <a href="http://www.toolwar.com/2014/01/the-sleuth-kit-tsk-forensics-framework.html" target="_blank">Sleuthkit</a>.<br /> <br /> The 2.2 version of OCFA (released April 2009) makes the previously internal OCFA treegraph API available for OCFA module development. The OCFA treegraph API allows more advanced dissectors that produce data and meta-data for a treegraph representation of an input file. The OCFA treegraph API also allows dissectors that are programed to be CarvFs aware to use zero storage <a href="http://www.toolwar.com/search/label/Carving" target="_blank">carving</a>.<br /> <br /> Communication between modules within OCFA is governed by a two layered communication infrastructure as provided by <b>OCFA</b>. At the lowest layer is a messaging system with at is center the OCFA Anycast Relay. The Anycast Relay provides the facilities of module crash resistance, distributed processing load balancing and flow control. At a higher level of communication, the OCFA XML Router provides for the routing of individual pieces of evidence through the most appropriate tool chain for its particular type of content.<br /> <br /> Although <b>OCFA</b> contains a rudimentary user interface, most of its power is in the backend architecture. The last and final module in the tool chain of any evidence will be the OCFA Data Store Module. This module processes the evidence XML (that contains all of the evidence data its meta data) and stores relevant parts into a postgesql database. Extending the apache based user interface with interfaces for your own case bound queries is something that should proof very useful in most investigations. </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Wiki :: </b> <a href="http://ocfa.wiki.sourceforge.net/" target="_blank">Click Here</a></div> <div style="text-align: justify;"> <b>Installation ::</b> <a href="http://ocfa.sourceforge.net/files/InstallingOcfaOnUbuntu.pdf" target="_blank">Click Here</a></div> <div style="text-align: justify;"> <b>Practical Usages :: </b><a href="http://ocfa.sourceforge.net/files/PracticalUseOCFA.pdf" target="_blank">Click Here</a></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://sourceforge.net/projects/ocfa/files/latest/download" target="_blank">OCFA</a> (.tar.bz2)<br /> <b>Official Website ::</b> <a href="http://ocfa.sourceforge.net/">http://ocfa.sourceforge.net/</a></div>

OCFA (Open Computer Forensics Architecture) :: Framework

The Open Computer Forensics Architecture (OCFA) is a modular computer forensics framework built by the Dutch National Police Agency [...

Read more »