SSLsplit (MITM Attack against SSL/TLS) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="sslsplit" border="0" height="220" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiKnDa1SmFAz2I_uUyfY8OE-KawIYa9Rk7T3wbyfUM42-zCwgo1Hs18FThDil200FpKE2OdkcCO9Uvk0_lHGNieQuDLgJxQVuvj7VN0Yhxbtky5w-AyzRHrrqWZB4Qrf8q5dafKyblfRnO/s1600/SSLsplit.jpg" title="sslsplit" width="400" /></div> <div style="text-align: justify;"> <span style="font-family: inherit;"><b>SSLsplit</b> is a tool for <b><a href="http://www.toolwar.com/search/label/MITM" target="_blank">man-in-the-middle attacks</a> against SSL/TLS</b> encrypted <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. <b>SSLsplit</b> terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">forensics</a> and <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration testing</a>.</span></div> <br /> <div style="text-align: justify;"> <span style="font-family: inherit;"><b>SSLsplit </b>supports plain TCP, plain SSL, HTTP and HTTPS connections over both IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit generates and signs forged X509v3 certificates on-the-fly, based on the original server certificate subject DN and subjectAltName extension. <b>SSLsplit</b> fully supports Server Name Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE cipher suites. <b>SSLsplit </b>can also use existing certificates of which the private key is available, instead of generating forged ones. <b>SSLsplit</b> supports NULL-prefix CN certificates and can deny OCSP requests in a generic way. SSLsplit removes HPKP response headers in order to prevent public key pinning.</span></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Installation ::</b></div> <div style="text-align: justify;"> SSLsplit is or will be available as a package or port on the following systems:</div> <ul style="text-align: justify;"> <li>OpenBSD: security/sslsplit</li> <li>Arch Linux AUR: sslsplit</li> <li>Fedora: sslsplit</li> <li>Kali: sslsplit</li> <li>Backtrack: sslsplit</li> </ul> <div style="text-align: justify;"> <b>To install from source:</b></div> <div style="text-align: justify;"> <pre><code class=" ruby">make make <span class="keymethods">test</span> <span class="comment"># optional unit tests</span> make install <span class="comment"># optional install</span> </code></pre> </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Usage ::</b></div> <div style="text-align: justify;"> <pre><code class=" sql">% sslsplit -h <span class="keyword">Usage</span>: sslsplit [options...] [proxyspecs...] -c pemfile use CA cert (<span class="keyword">and</span> <span class="keyword">key</span>) <span class="keyword">from</span> pemfile <span class="keyword">to</span> sign forged certs -k pemfile use CA <span class="keyword">key</span> (<span class="keyword">and</span> cert) <span class="keyword">from</span> pemfile <span class="keyword">to</span> sign forged certs -C pemfile use CA chain <span class="keyword">from</span> pemfile (intermediate <span class="keyword">and</span> root CA certs) -K pemfile use <span class="keyword">key</span> <span class="keyword">from</span> pemfile <span class="keyword">for</span> leaf certs (<span class="keyword">default</span>: generate) -t certdir use cert+chain+<span class="keyword">key</span> PEM files <span class="keyword">from</span> certdir <span class="keyword">to</span> target <span class="keyword">all</span> sites matching the common <span class="keyword">names</span> (non-matching: generate if CA) -O deny <span class="keyword">all</span> OCSP requests <span class="keyword">on</span> <span class="keyword">all</span> proxyspecs -P passthrough SSL connections if they cannot be split because <span class="keyword">of</span> client cert auth <span class="keyword">or</span> <span class="keyword">no</span> matching cert <span class="keyword">and</span> <span class="keyword">no</span> CA (<span class="keyword">default</span>: <span class="keyword">drop</span>) -g pemfile use DH <span class="keyword">group</span> params <span class="keyword">from</span> pemfile (<span class="keyword">default</span>: keyfiles <span class="keyword">or</span> auto) -G curve use ECDH named curve (<span class="keyword">default</span>: secp160r2 <span class="keyword">for</span> non-RSA leafkey) -Z disable SSL/TLS compression <span class="keyword">on</span> <span class="keyword">all</span> connections -s ciphers use the given OpenSSL cipher suite spec (<span class="keyword">default</span>: <span class="keyword">ALL</span>:-aNULL) -e engine specify <span class="keyword">default</span> NAT engine <span class="keyword">to</span> use (<span class="keyword">default</span>: ipfw) -E list available NAT engines <span class="keyword">and</span> exit -u <span class="keyword">user</span> <span class="keyword">drop</span> <span class="keyword">privileges</span> <span class="keyword">to</span> <span class="keyword">user</span> (<span class="keyword">default</span> if run <span class="keyword">as</span> root: nobody) -j jaildir chroot() <span class="keyword">to</span> jaildir (<span class="keyword">default</span> if run <span class="keyword">as</span> root: /var/empty) -p pidfile <span class="keyword">write</span> pid <span class="keyword">to</span> pidfile (<span class="keyword">default</span>: <span class="keyword">no</span> pid file) -l logfile <span class="keyword">connect</span> log: log one line summary per <span class="keyword">connection</span> <span class="keyword">to</span> logfile -L logfile content log: <span class="keyword">full</span> data <span class="keyword">to</span> file <span class="keyword">or</span> named pipe (excludes -S) -S logdir content log: <span class="keyword">full</span> data <span class="keyword">to</span> separate files <span class="keyword">in</span> dir (excludes -L) -d daemon mode: run <span class="keyword">in</span> background, log error messages <span class="keyword">to</span> syslog -D debug mode: run <span class="keyword">in</span> foreground, log debug messages <span class="keyword">on</span> stderr -V print version information <span class="keyword">and</span> exit -h print <span class="keyword">usage</span> information <span class="keyword">and</span> exit proxyspec = type listenaddr+port [natengine|targetaddr+port|<span class="string">"sni"</span>+port] e.g. http <span class="number">0.0</span>.<span class="number">0.0</span> <span class="number">8080</span> www.roe.ch <span class="number">80</span> # http/<span class="number">4</span>; static hostname dst https ::<span class="number">1</span> <span class="number">8443</span> <span class="number">2001</span>:db8::<span class="number">1</span> <span class="number">443</span> # https/<span class="number">6</span>; static address dst https <span class="number">127.0</span>.<span class="number">0.1</span> <span class="number">9443</span> sni <span class="number">443</span> # https/<span class="number">4</span>; SNI DNS lookups tcp <span class="number">127.0</span>.<span class="number">0.1</span> <span class="number">10025</span> # tcp/<span class="number">4</span>; <span class="keyword">default</span> NAT engine ssl <span class="number">2001</span>:db8::<span class="number">2</span> <span class="number">9999</span> pf # ssl/<span class="number">6</span>; NAT engine <span class="string">'pf'</span> Example: sslsplit -k ca.<span class="keyword">key</span> -c ca.pem -P https <span class="number">127.0</span>.<span class="number">0.1</span> <span class="number">8443</span> https ::<span class="number">1</span> <span class="number">8443</span></code></pre> </div> <div style="text-align: justify;"> <code class=" sql"><span style="font-family: "Courier New",Courier,monospace;"><b><span style="font-weight: normal;"><span class="number"><br /></span></span></b></span> </code></div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Requirements ::</h3> <div style="text-align: justify;"> SSLsplit depends on the OpenSSL and libevent 2.x libraries. The build depends on GNU make and a POSIX.2 environment in <code>PATH</code>. The (optional) unit tests depend on the check library.</div> <div style="text-align: justify;"> SSLsplit currently supports the following operating systems and NAT engines:</div> <ul style="text-align: justify;"> <li>FreeBSD: pf rdr and divert-to, ipfw fwd, ipfilter rdr</li> <li>OpenBSD: pf rdr-to and divert-to</li> <li>Linux: netfilter REDIRECT and TPROXY</li> <li>Mac OS X: ipfw fwd and pf rdr (experimental)</li> </ul> <h3> Download ::</h3> <b>Linux :: </b><a href="http://mirror.roe.ch/rel/sslsplit/sslsplit-0.4.8.tar.bz2" target="_blank">SSLsplit v0.4.8</a> (.tar.bz2)<b><br /></b><br /> <b>Official Website ::</b> <a href="http://www.roe.ch/SSLsplit">http://www.roe.ch/SSLsplit</a><br /><code class=" ruby"><span class="comment"></span> </code>

SSLsplit (MITM Attack against SSL/TLS) :: Tools

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently interc...

Read more »

Lynis (Security and System Auditing) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPJSrg2v61K-1SHIewex9MB7DLBAqrgKTy2REJhuc1jyKxL99Tia_vx44VmSeUWWxbHdgZtEVAjWn5GUbxWD9dLfe1o2Suta4Ww_ZgfvwIITFiR8JkMpR5A-ZkTq17LVggAJlfumpTReoW/s1600/lynis-screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="lynis screenshot" border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPJSrg2v61K-1SHIewex9MB7DLBAqrgKTy2REJhuc1jyKxL99Tia_vx44VmSeUWWxbHdgZtEVAjWn5GUbxWD9dLfe1o2Suta4Ww_ZgfvwIITFiR8JkMpR5A-ZkTq17LVggAJlfumpTReoW/s320/lynis-screenshot.png" title="lynis screenshot" width="400" /></a></div> <div style="text-align: justify;"> <b>Lynis</b> is a <b><i>Security and system auditing tool</i> </b>to harden <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> systems. <b>Lynis</b> is an <b>auditing tool </b>for Unix/Linux (specialists). It scans the <a href="http://www.toolwar.com/search/label/System" target="_blank">system</a> and available software and performs many individual <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> checks. It determines the hardening state of the machine and <a href="http://www.toolwar.com/search/label/Detect" target="_blank">detects</a> security issues. Beside security related information it will also scan for general system information, installed packages and possible configuration errors. <b>Lynis</b> is a <a href="http://www.toolwar.com/search/label/Security" target="_blank">security tool</a> to audit and harden Unix and Linux based systems. It scans the system by performing many security control checks, looks for installed software and determines compliance to standards. Also will it detects security issues and errors in configuration. At the end of the scan it will provide the warnings and suggestions to help you improving the security defense of your systems.<br /> <br /> This software aims in assisting automated auditing, hardening, software patch management, <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> and <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a> scanning of Unix/Linux based systems. It can be run without prior installation, so inclusion on read only storage is possible (<a href="http://www.toolwar.com/search/label/USB" target="_blank">USB</a> stick, cd/dvd).<br /> <br /> <b>Lynis </b>assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOx (Sarbanes-Oxley) compliance audits.<br /> <br /> <b>Intended audience:</b><br /> Security specialists, penetration testers, system auditors, system/network managers.<br /> <br /> <b>Examples of audit tests:</b><br /> - Available authentication methods<br /> - Expired SSL certificates<br /> - Outdated software<br /> - User accounts without password<br /> - Incorrect file permissions<br /> - Configuration errors<br /> - Firewall auditing<br /> <br /> <b>Current state:</b><br /> Stable releases are available, development is active.<br /> <h3> Tutorials :: </h3> <b>Documentation :: </b><a href="http://www.rootkit.nl/files/lynis-documentation.html" target="_blank">Click Here</a> </div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/FgkC4k1kJaE?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <h3> <b>Download </b></h3> <b>Linux ::</b> <a href="http://cisofy.com/files/lynis-1.4.0.tar.gz" target="_blank">Llynis-1.4.0</a> (.tar.gz)</div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://www.rootkit.nl/projects/lynis.html" target="_blank">http://www.rootkit.nl/projects/lynis.html </a></div> </div>

Lynis (Security and System Auditing) :: Tools

Lynis is a Security and system auditing tool to harden Linux systems. Lynis is an auditing tool for Unix/Linux (specialists). It sca...

Read more »

FruityWiFi (Wireless Auditing) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="FruityWiFi Screenshot" border="0" height="311" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1JHrHssrXvjVxrIiXhQ2a_6Nw0cQ6Io_oxLac-3nYxXA0ztQBVccfe8XxahD3MDwUa0nN_AyCnTwyNYqRew1esXzke6jIE0oEZJ9-UqWX7VbnNqecm1eywx_ksuFf4SRuUs0ISrTb68ij/s320/FruityWiFi+Screenshot.JPG" title="FruityWiFi Screenshot" width="320" /></div> <div style="text-align: justify;"> <b>FruityWifi</b> is a <i>wireless network auditing tool</i> based in the <a href="http://www.toolwar.com/search/label/WiFi" target="_blank">wifi</a> Pineapple. The application can be installed in any Debian based system adding the extra packages. Tested in Debian, <a href="http://www.toolwar.com/2013/09/kali-linux-toolwar.html" target="_blank">Kali Linux</a>, Kali Linux ARM (Raspberry Pi), Raspbian (Raspberry Pi), Pwnpi (Raspberry Pi).</div> <h3 style="text-align: justify;"> Tutorial ::</h3> <div style="text-align: justify;"> <b> Wiki :: </b><a href="https://github.com/xtr4nge/FruityWifi/wiki" target="_blank">Click Here</a></div> <h3 style="text-align: justify;"> Download :: </h3> <div style="text-align: justify;"> <b>Linux ::</b> <a href="https://github.com/xtr4nge/FruityWifi/archive/master.zip" target="_blank">FruityWiFi</a></div>

FruityWiFi (Wireless Auditing) :: Tools

FruityWifi is a wireless network auditing tool based in the wifi Pineapple. The application can be installed in any Debian based syst...

Read more »

Autopsy (Digital Investigation Analysis) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Autopsy logo" border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjf21td83eNESL_QTE9NjV-ZSQnqexy4JbWFatUW-4KkqydKjwnSYKqQmPFBy6cnZG7rQZEG7X211P1v_klRTAzd3_Ee5pDqpYn3sfpupP4ff-ao6WwTUaeq8fqKi0PgJQiwb-loD4CvqrI/s1600/autopsy+logo.jpg" title="Autopsy logo" width="200" /></div> <div style="text-align: justify;"> <b>Autopsy</b> is a graphical interface to the <a href="http://www.toolwar.com/search/label/CLI" target="_blank"><i>command line</i></a> <b>digital investigation analysis tools</b> in <a href="http://www.toolwar.com/2014/01/the-sleuth-kit-tsk-forensics-framework.html" target="_blank"> The Sleuth Kit</a>. Together, they can analyze <i>Windows and UNIX</i> disks and file systems (NTFS, FAT, UFS1/2, Ext2/3).</div> <div style="text-align: justify;"> <b>The Sleuth Kit </b>and <b>Autopsy</b> are both Open Source and run on UNIX platforms (you can use Cygwin to run them both on <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>). As <b>Autopsy</b> is HTML-based, you can connect to the <b>Autopsy</b> server from any platform using an HTML browser. Autopsy provides a "File Manager"-like interface and shows details about deleted data and file system structures.</div> <h3 style="text-align: justify;"> <span style="font-size: small;">Analysis Modes</span></h3> <ul style="text-align: justify;"> <li>A <b>dead analysis</b> occurs when a dedicated <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a> system is used to examine the data from a suspect system. In this case, <b>Autopsy</b> and The Sleuth Kit are run in a trusted environment, typically in a lab. Autopsy and TSK support raw, Expert Witness, and AFF file formats. </li> <li>A <b>live analysis</b> occurs when the suspect <a href="http://www.toolwar.com/search/label/System" target="_blank">system</a> is being analyzed while it is running. In this case, <b>Autopsy</b> and The Sleuth Kit are run from a CD in an untrusted environment. This is frequently used during incident response while the incident is being confirmed. After it is confirmed, the system can be acquired and a dead analysis performed. </li> </ul> <h3 style="text-align: justify;"> Evidence Search Techniques</h3> <ul style="text-align: justify;"> <li><b>File Listing</b>: Analyze the files and directories, including the names of deleted files and files with Unicode-based names.</li> <li><b>File Content</b>: The contents of files can be viewed in raw, hex, or the ASCII strings can be extracted. When data is interpreted, Autopsy sanitizes it to prevent damage to the local analysis system. Autopsy does not use any client-side scripting languages.</li> <li><b>Hash Databases</b>: Lookup unknown files in a <a href="http://www.toolwar.com/search/label/Hash" target="_blank">hash</a> database to quickly identify it as good or bad. Autopsy uses the NIST <i>National Software Reference Library (NSRL)</i> and user created databases of known good and known bad files </li> <li><b>File Type Sorting</b>: Sort the files based on their internal signatures to identify files of a known type. Autopsy can also extract only graphic images (including thumbnails). The extension of the file will also be compared to the file type to identify files that may have had their extension changed to hide them.</li> <li><b>Timeline of File Activity</b>: In some cases, having a timeline of file activity can help identify areas of a file system that may contain evidence. Autopsy can create timelines that contain entries for the Modified, Access, and Change (MAC) times of both allocated and unallocated files.</li> <li><b>Keyword Search</b>: Keyword searches of the file system image can be performed using ASCII strings and grep regular expressions. Searches can be performed on either the full file system image or just the unallocated space. An index file can be created for faster searches. Strings that are frequently searched for can be easily configured into Autopsy for automated searching. </li> <li><b>Meta Data Analysis</b>: Meta Data structures contain the details about files and directories. Autopsy allows you to view the details of any meta data structure in the file system. This is useful for recovering deleted content. Autopsy will search the directories to identify the full path of the file that has allocated the structure.</li> <li><b>Data Unit Analysis</b>: Data Units are where the file content is stored. Autopsy allows you to view the contents of any data unit in a variety of formats including ASCII, hexdump, and strings. The file type is also given and Autopsy will search the meta data structures to identify which has allocated the data unit. </li> <li><b>Image Details</b>: File system details can be viewed, including on-disk layout and times of activity. This mode provides information that is useful during data recovery. </li> </ul> <h3 style="text-align: justify;"> Case Management</h3> <ul style="text-align: justify;"> <li><b>Case Management</b>: Investigations are organized by <i>cases</i>, which can contain one or more <i>hosts</i>. Each host is configured to have its own time zone setting and clock skew so that the times shown are the same as the original user would have seen. Each host can contain one or more file system images to analyze. </li> <li><b>Event Sequencer</b>: Time-based events can be added from file activity or IDS and firewall logs. Autopsy sorts the events so that the sequence of incident events can be more easily determined. </li> <li><b>Notes</b>: Notes can be saved on a per-host and per-investigator basis. These allow you to make quick notes about files and structures. The original location can be easily recalled with the click of a button when the notes are later reviewed. All notes are stored in an ASCII file. </li> <li><b>Image Integrity</b>: It is crucial to ensure that files are not modified during analysis. Autopsy, by default, will generate an MD5 value for all files that are imported or created. The integrity of any file that Autopsy uses can be validated at any time. </li> <li><b>Reports</b>: Autopsy can create ASCII reports for files and other file system structures. This enables you to quickly make consistent data sheets during the investigation.</li> <li><b>Logging</b>: Audit logs are created on a case, host, and investigator level so that actions can be easily recalled. The exact Sleuth Kit commands that are executed are also logged.</li> <li><b>Open Design</b>: The code of Autopsy is open source and all files that it uses are in a raw format. All configuration files are in ASCII text and cases are organized by directories. This makes it easy to export the data and archive it. It also does not restrict you from using other tools that may solve the specific problem more appropriately.</li> <li><b>Client Server Model</b>: Autopsy is HTML-based and therefore you do not have to be on the same system as the file system images. This allows multiple investigators to use the same server and connect from their personal systems.</li> </ul> <div style="text-align: justify;"> <b>Autopsy</b> is written in <a href="http://www.toolwar.com/2013/09/perl-language.html" target="_blank">Perl</a> and runs on the same UNIX platforms as <a href="http://www.toolwar.com/2014/01/the-sleuth-kit-tsk-forensics-framework.html" target="_blank">The Sleuth Kit</a>:</div> <ul style="text-align: justify;"> <li><a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a></li> <li><a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X</a></li> <li>Open & FreeBSD</li> <li>Solaris</li> <li>Cygwin (you cannot use the win32 executables that can be downloaded from this site, you must build in Cygwin) </li> </ul> <h3> Tutorial ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/RUgmkvt2WNg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3>  </h3> <h3> Download ::</h3> <b>Windows :: </b><a href="http://sourceforge.net/projects/autopsy/files/autopsy/3.0.8/autopsy-3.0.8-32bit.msi/download" target="_blank">Autopsy 3.0.8x32</a> (.msi) | <a href="http://sourceforge.net/projects/autopsy/files/autopsy/3.0.8/autopsy-3.0.8-64bit.msi/download" target="_blank">Autopsy 3.0.8x64</a> (.msi)<br /> <b>Linux :: </b><a href="http://sourceforge.net/projects/autopsy/files/autopsy/2.24/autopsy-2.24.tar.gz/download" target="_blank">Autopsy 2.08</a> (.tar.gz)<br /> <b>Official Website :: </b><a href="http://www.sleuthkit.org/autopsy/index.php" target="_blank">http://www.sleuthkit.org/autopsy/index.php </a>

Autopsy (Digital Investigation Analysis) :: Tools

Autopsy is a graphical interface to the command line digital investigation analysis tools in The Sleuth Kit . Together, they can anal...

Read more »

MobiSec (Mobile Penetration Testing) :: Distribution

<div class="separator" style="clear: both; text-align: center;"> <img alt="MobiSec Logo" border="0" height="290" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjW59x4V_GWksXI63xJZsmQMOSfrNW-Ii9BKcCHQs0KpNexigf5nqIW5Pt5JcSmZpM7Uxe08zCrygo5pOcxAKd1lXE3ahraIJm1PGjx0zhX1wk_aVJwBdE77smzaA_kljI8pBqlY8MP4d_L/s1600/MobiSec+Logo.jpg" title="MobiSec Logo" width="400" /></div> <div style="text-align: justify;"> The <b>MobiSec</b> Live Environment <b>Mobile Testing open source project</b> is a live environment for testing <a href="http://www.toolwar.com/search/label/Phone" target="_blank">mobile</a> environments, including devices, applications, and supporting infrastructure. The purpose is to provide attackers and defenders the ability to test their mobile environments to identify design weaknesses and vulnerabilities.</div> <div style="text-align: justify;"> <b>MobiSec</b> provides a single environment for testers to leverage the best of all available open source <a href="http://www.toolwar.com/search/label/Phone" target="_blank">mobile testing tools</a>, as well as the ability to install additional <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> and platforms, that will aid the penetration tester through the testing process as the environment is structured and organized based on an industry-proven testing <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a>. Using a live environment provides penetration testers the ability to boot the <b>MobiSec</b> Live Environment on any Intel-based system from a DVD or USB flash drive, or run the test environment within a virtual machine.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>MobiSec</b> is a <b>bootable Linux distribution</b> that penetration testers, ethical hackers, and other information <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> pros can use to evaluate and analyze mobile devices, applications, and supporting infrastructures. Created by <b>SecureIdeas</b>, the <b>MobiSec framework</b> lets you test mobile environments to identify design weaknesses and vulnerabilities, all with the goal of improving security. Instead of you having to download countless tools, install them in your own environment, and then troubleshoot interoperability issues, the <b>MobiSec</b> team has done all of that work for you, pulling together best-of-breed free tools for mobile device and infrastructure <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a> into one handy distribution.</div> <div style="text-align: justify;"> The <b>MobiSec</b> Live Environment includes the following capabilities:</div> <ul style="text-align: justify;"> <li>Creates a single environment for testers to leverage the best of all available open source mobile testing tools</li> <li>Allows installation of additional tools and platforms</li> <li>Assists the penetration tester throughout the testing process as the environment is structured and organized based on an industry-proven testing framework</li> <li>Provides penetration testers the ability to boot the MobiSec Live Environment on any x86- or x64-based system from a DVD or <a href="http://www.toolwar.com/search/label/USB" target="_blank">USB flash drive</a>, or run the test environment within a <a href="http://www.toolwar.com/search/label/Virtual" target="_blank">virtual machine</a></li> </ul> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/n1GlXOvBuqg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://sourceforge.net/projects/mobisec/files/latest/download" target="_blank">MobiSec 1.1</a> (.iso)</div> <div style="text-align: justify;"> <b>Official Website :: </b>http://mobisec.professionallyevil.com/</div>

MobiSec (Mobile Penetration Testing) :: Distribution

The MobiSec Live Environment Mobile Testing open source project is a live environment for testing mobile environments, including d...

Read more »

Bizploit (ERP Penetration Testing) :: Framework

<div class="separator" style="clear: both; text-align: center;"> <img alt="onapsis logo" border="0" height="157" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEin6I42nzkLY76YbK6quX_PVYjdXrZ8ZpxDui0742p564fJp9gziwUTmwc3CRFGoTz5et3sDfyb3dBOMb7o0I9stsuh20N8o7GqsAhA_mdKp5AO_osq2EkqNGSDHp9JvasUAXoL_9P3L4Ce/s400/onapsis+logo.png" title="onapsis logo" width="400" /></div> <div class="separator" style="clear: both; text-align: center;"> </div> <div style="text-align: justify;"> <b>Bizploit</b> is the first Opensource <i>ERP Penetration Testing framework</i>. Developed by the <b>Onapsis Research Labs,</b> <b>Bizploit</b> assists security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized <b>ERP Penetration Tests</b>.<br /> Currently, <b>Bizploit</b> is shipped with many plugins to assess the security of SAP business platforms. Plugins for other popular ERPs will be included in the short term.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials :: </h3> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b><a class="download" href="http://www.onapsis.com/get.php?resid=bizploit-linux-1-5">Bizploit v1.50-rc1</a></div> <div style="text-align: justify;"> <b>Windows ::</b> <a class="download" href="http://www.onapsis.com/get.php?resid=bizploit-win32-1-5">Bizploit v1.50-rc1</a><br /> <b>Official Website :: </b><a href="http://www.onapsis.com/">http://www.onapsis.com</a>/</div>

Bizploit (ERP Penetration Testing) :: Framework

Bizploit is the first Opensource ERP Penetration Testing framework . Developed by the Onapsis Research Labs, Bizploit assists secur...

Read more »

Commview for WiFi (Wireless Network Monitor and Analyzer) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifqWsa_cgm-7HH4xzL0ejeSIshghYPqKMYXdz_SA8Nh8J_E8hKyYR30mBv-is_Bda0EYIY21YAhcIHM_o1E4OKOX6zA07C2ILllcbNYvJdc5nxQ_ksR_go6h9NnucLa_JdOVqRjyE0Pnrb/s1600/Commview+for+wifi+screenshot.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Commview for WiFi screenshot" border="0" height="227" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifqWsa_cgm-7HH4xzL0ejeSIshghYPqKMYXdz_SA8Nh8J_E8hKyYR30mBv-is_Bda0EYIY21YAhcIHM_o1E4OKOX6zA07C2ILllcbNYvJdc5nxQ_ksR_go6h9NnucLa_JdOVqRjyE0Pnrb/s400/Commview+for+wifi+screenshot.jpg" title="Commview for WiFi screenshot" width="400" /></a></div> <div style="text-align: justify;"> <b>CommView for WiFi</b> is a powerful <b>wireless <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> monitor and <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analyzer</a></b> for 802.11 a/b/g/n/ac networks. Loaded with many user-friendly features, <b>CommView for WiFi </b>combines performance and flexibility with an ease of use unmatched in the industry. </div> <div style="text-align: justify;"> <b>CommView for WiFi </b>captures every <a href="http://www.toolwar.com/search/label/Packet" target="_blank">packet </a>on the air to display important information such as the list of <b>access points</b> and <b>stations</b>, per-node and per-channel <b>statistics</b>, <b>signal strength</b>, a list of packets and <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> <b>connections</b>, protocol distribution <b>charts</b>, etc. By providing this information, CommView for WiFi can help you view and examine packets, pinpoint network problems, and troubleshoot software and hardware. </div> <div style="text-align: justify;"> <a href="http://www.tamos.com/upload/iblock/ac79f4ac4ad9ee81c2f0fc2987267948.png" id="screenshots" rel="lightbox[shots]" title=""></a>CommView for WiFi includes a <b>VoIP</b> module for in-depth analysis, recording, and playback of SIP and H.323 voice communications. </div> <div style="text-align: justify;"> Packets can be decrypted utilizing user-defined <b>WEP or WPA-PSK</b> keys and are decoded down to the lowest layer. With <b>over 70 supported protocols</b>, this network analyzer allows you to see every detail of a captured packet using a convenient tree-like structure to display protocol layers and packet headers. Additionally, the product provides an open interface for plugging in custom decoding modules. </div> <div style="text-align: justify;"> A number of <b>case studies</b> describe real-world applications of <b>CommView for WiFi</b> in business, government, and education sectors. </div> <div style="text-align: justify;"> <b>CommView for WiFi</b> is a comprehensive and affordable tool for <a href="http://www.toolwar.com/search/label/Wireless" target="_blank">wireless</a> LAN administrators, security professionals, network programmers, or anyone who wants to have a full picture of the WLAN traffic. This application runs on <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> XP / Vista/ 7 / 8 or Windows Server 2003 / 2008 / 2012 (both 32- and 64-bit versions) and requires a compatible wireless network adapter. You can also run CommView for WiFi on Macs. To view the list of the adapters that have been tested and are compatible with CommView for WiFi, click on the link below: </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <span class="subtitletext">What you can do with <b>CommView for WiFi ::</b></span> </div> <ul style="text-align: justify;"> <li>Scan the air for WiFi stations and access points. </li> <li>Capture 802.11a, 802.11b, 802.11g, 802.11n, and 802.11ac WLAN traffic. </li> <li>Specify WEP or WPA keys to decrypt encrypted packets. </li> <li>View detailed per-node and per-channel statistics. </li> <li>View detailed IP connections statistics: IP addresses, ports, sessions, etc. </li> <li>Reconstruct TCP sessions. </li> <li>Configure alarms that can notify you about important events, such as suspicious packets, high bandwidth utilization, unknown addresses, rogue access points, etc. </li> <li>View protocol "pie" charts. </li> <li>Monitor bandwidth utilization. </li> <li>Browse captured and decoded packets in real time. </li> <li>Search for strings or hex data in captured packet contents. </li> <li>Log individual or all packets to files. </li> <li>Load and view capture files offline. </li> <li>Import and export packets in Sniffer®, EtherPeek™, AiroPeek™, Observer®, NetMon, Tcpdump, hex, and text formats. </li> <li>Export any IP address to SmartWhois for quick, easy IP lookup. </li> <li>Capture data from multiple channels simultaneously using several USB adapters. </li> <li>Capture A-MPDU and A-MSDU packets. </li> <li>Simulate access points.</li> <li>And much more! </li> </ul> <h3> Tutorials :: </h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/pkXEa5TKlCo?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> </h3> <h3> Download :: </h3> <b>Windows ::</b> <a href="http://www.tamos.com/bitrix/redirect.php?event1=download&event2=commwifi&event3=&goto=/files/ca7.zip" target="_blank">Commview for WiFi v7 (Evaluation Version)</a> <b> </b> <b>Official Website ::</b> <a href="http://www.tamos.com/products/commwifi/">http://www.tamos.com/products/commwifi/</a>

Commview for WiFi (Wireless Network Monitor and Analyzer) :: Tools

CommView for WiFi is a powerful wireless network monitor and analyzer for 802.11 a/b/g/n/ac networks. Loaded with many user-friendly ...

Read more »

SILICA (WiFi Penetration Testing) :: Tools

<div style="text-align: justify;"> <span style="font-size: small;"></span></div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3Pvv_IBiRa-8oX-3aa_2A22D5nvUsowumkAz3fTkG5t9hmCiUfG5XBQ9K7MtHa4Kch16v2V0fOiVRZCFh1GtfuGsYF9YsTitnsPUXCPQgDqqoijMqSka4DOSumJJFHujYBuhicQzLzSR-/s1600/Silica+Wireless+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Silica Wireless Screenshot" border="0" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3Pvv_IBiRa-8oX-3aa_2A22D5nvUsowumkAz3fTkG5t9hmCiUfG5XBQ9K7MtHa4Kch16v2V0fOiVRZCFh1GtfuGsYF9YsTitnsPUXCPQgDqqoijMqSka4DOSumJJFHujYBuhicQzLzSR-/s400/Silica+Wireless+screenshot.png" title="Silica Wireless Screenshot" width="400" /></a></div> <div style="text-align: justify;"> <span style="font-size: small;"><b>SILICA</b> is a tool for hacking or <i>Wi-Fi penetration testing</i>. Understanding the <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerabilities</a> of your <a href="http://www.toolwar.com/search/label/WiFi" target="_blank">WiFi</a> network can be challenging as users can easily create networks on demand, or even perhaps unintentionally. But as recent events have demonstrated, scanning your <i>WiFi network</i> is an important part of understanding your <a href="http://www.toolwar.com/search/label/Security" target="_blank">security </a>posture.</span></div> <div style="text-align: justify;"> <span style="font-size: small;"> Most vulnerability assessment tools simply take their current network scanners and point them at the wireless infrastructure. This approach does not give you the information that is unique to <a href="http://www.toolwar.com/search/label/Wireless" target="_blank">wireless </a>networks. Immunity has built the first automated, WiFi specific, vulnerability assessment and penetration tool.</span></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> Unlike traditional scanners that merely identify possible vulnerabilities, <b>SILICA</b> determines the true risk of a particular access point. <b>SILICA</b> does this by unintrusively leveraging vulnerabilities and determining what assets behind the vulnerable access point can be compromised.</div> <div style="text-align: justify;"> Additionally while traditional <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanners</a> can enumerate the vulnerabilities of a particular target, they cannot evaluate whether a mitigating control is in place on the target or in the surrounding environ- ment. With<b> SILICA</b>’s unique methodology it can report on whether vulnerability can be successfully exploited.</div> <div style="text-align: justify;"> <b>More than simple scanning, the benefits of using SILICA include:</b></div> <div style="text-align: justify;"> 1) Improved security posture<br /> 2) Simplified trouble shooting<br /> 3) <a href="http://www.toolwar.com/search/label/Network" target="_blank">Network</a> mapping<br /> 4) Create real threat profiles and vulnerability assessments<br /> 5) Build WiFi risk and vulnerability analysis for PCI, SOX<br /> 6) Rogue access point detection<br /> 7) Auditing wireless client security</div> <h3 style="text-align: justify;"> <span style="font-size: small;">With SILICA You Can ::</span></h3> <div style="text-align: justify;"> <span style="font-size: small;">1. Recover WEP, WPA 1,2 and LEAP keys<br />2. Passively hijack web application sessions for email, social networking and Intranet sites.<br />3. Map a wireless network and identify its relationships with associated clients and other access points.<br />4. Identify vendors, hidden SSIDs and equipment passively.<br />5. Scan and break into hosts on the network using integrated CANVAS exploit modules and commands to recover screenshots, password hashes and other sensitive information.<br />6. Perform man-in-the-middle attacks to find valuable information exchanged between hosts.<br />7. Generate reports for wireless and network data.<br />8. Hijack wireless client connections via access point impersonation.<br />9. Passively inject custom content into client's web sessions.<br />10. Take full control of wireless clients via CANVAS's client-side exploitation framework (clientD).<br />11. Decrypt and easily view all WEP and WPA 1/2 traffic.</span></div> <h3 style="text-align: justify;"> Tutorial ::</h3> <div style="text-align: justify;"> <b>Videos :: </b><a href="http://www.immunitysec.com/products-silica.shtml" target="_blank">Silica Videos Tutorials</a> </div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="http://downloads.immunityinc.com/SILICA_VM.zip" target="_blank">SILICA_VM</a></div> <div style="text-align: justify;"> <span style="font-size: small;"></span></div> <div style="text-align: justify;"> </div>

SILICA (WiFi Penetration Testing) :: Tools

SILICA is a tool for hacking or Wi-Fi penetration testing . Understanding the vulnerabilities of your WiFi network can be challengin...

Read more »

Blue|Smash (Bluetooth Penetration Testing Suite) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAbSu1pJlmWvitiwSQ6VbwDnk9YGXBwiQYxb8jRWOKY83EeuFf8reMEgHAd0wiMs_5B4voq_teB_0YZUKMxghjkcSF1FlCPn0JQTQwdhz0psxua3qc4t1izcLhHPAIIUFma1XcjO6U93xU/s1600/bluesmash+logo.gif" imageanchor="1"><img alt="qBluesmash logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAbSu1pJlmWvitiwSQ6VbwDnk9YGXBwiQYxb8jRWOKY83EeuFf8reMEgHAd0wiMs_5B4voq_teB_0YZUKMxghjkcSF1FlCPn0JQTQwdhz0psxua3qc4t1izcLhHPAIIUFma1XcjO6U93xU/s1600/bluesmash+logo.gif" title="Bluesmash logo" /></a></div> <div style="text-align: justify;"> <b>Blue|Smash</b> is a free open source <b>Bluetooth Pentest Suite,</b> powered by <a href="http://www.toolwar.com/search/label/Python" target="_blank">python</a> for <a href="http://www.toolwar.com/search/label/Linux" target="_blank">linux</a>. I built <b>Blue|Smash</b> to aid me in my <a href="http://www.toolwar.com/search/label/Bluetooth" target="_blank">bluetooth</a> adventures and thought others might benefit from my work . Here is a list of some of the tools included. </div> <ul id="main" style="text-align: justify;"> <li>Sorbo's Front-line Bluetooth sniffer.</li> <li>A brute-force scanner</li> <li>Mac address spoofer</li> <li>Load's of exploits</li> <li>Autopwn vulnerability checker</li> <li>CSR Firmware Backup/Updater</li> </ul> <h3> Download ::</h3> <b>Linux :: </b><a class="name" href="http://sourceforge.net/projects/bluesmash/files/bluesmash/Blue-Smash-v1.0e.tar.gz/Blue-Smash-v1.0e.tar.gz/download" title="Click to download Blue-Smash-v1.0e.tar.gz">Blue-Smash-v1.0e.tar.gz</a><br /> <b>Official Website :: </b> <a class="external free" href="http://bluesmash.sourceforge.net/" rel="nofollow">http://bluesmash.sourceforge.net/</a>

Blue|Smash (Bluetooth Penetration Testing Suite) :: Tools

Blue|Smash is a free open source Bluetooth Pentest Suite, powered by python for linux . I built Blue|Smash to aid me in my bluetooth...

Read more »

SRDF - Security Research and Development Framework :: Framework

<div class="separator" style="clear: both; text-align: center;"> <img alt="SRDF - Security Research and Development Framework" border="0" height="312" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGnFfLl9tWVJH2zHKe7QLRdJ4tE1-4JAVwWqtOKo-ds-ItC_74qf8W7on7y6J8LHN7QOoORnyUYL9kjj92u8pROLRqs2-pzuPS2_fdPhfbbIAtfarXwCUSP_srtZSZgrFQ8NKSyvpKJCAy/s640/SRDF+Logo.jpg" title="SRDF - Security Research and Development Framework" width="640" /></div> <div style="text-align: justify;"> <b>SRDF - Security Research and Development Framework</b> is a free open source <i>Development Framework</i> created to support <i> writing security tools and malware analysis tools</i>. And to convert the security researches and ideas from the theoretical approach to the practical implementation. </div> <div style="text-align: justify;"> This development framework created mainly to support the malware field to create malware analysis tools and anti-virus tools easily without reinventing the wheel and inspire the innovative minds to write their researches on this field and implement them using SRDF. </div> <h3 style="text-align: justify;"> <span style="font-size: large;"><b>Introduction:</b></span> </h3> <div style="text-align: justify;"> In the last several years, the malware black market grows widely. The statistics shows that the number of new viruses increased from 300,000 viruses to millions and millions nowadays. </div> <div style="text-align: justify;"> The complexity of malware attacks also increased from small amateur viruses to stuxnet, duqu and flame. </div> <div style="text-align: justify;"> The malware field is searching for new technologies and researches, searching for united community can withstand against these attacks. And that’s why SRDF </div> <div style="text-align: justify;"> The SRDF is not and will not be developed by one person or a team. It will be developed by a big community tries to share their knowledge and tools inside this Framework </div> <div style="text-align: justify;"> SRDF still not finished … and it will not be finished as it’s a community based framework developed by the contributors. We just begin the idea. </div> <div style="text-align: justify;"> The SRDF is divided into 2 parts: User-Mode and Kernel-Mode. And we will describe each one in the next section. </div> <h3 style="text-align: justify;"> <span style="font-size: large;"><b>The Features:</b></span> </h3> <div style="text-align: justify;"> Before talking about SRDF Design and structure, I want to give you what you will gain from SRDF and what it could add to your project. </div> <div style="text-align: justify;"> In User-Mode part, SRDF gives you many helpful tools … and they are: </div> <ul style="text-align: justify;"> <li>Assembler and Disassembler </li> </ul> <ul style="text-align: justify;"> <li>x86 Emulator </li> </ul> <ul style="text-align: justify;"> <li>Debugger </li> </ul> <ul style="text-align: justify;"> <li>PE Analyzer </li> </ul> <ul style="text-align: justify;"> <li>Process Analyzer (Loaded DLLs, Memory Maps … etc) </li> </ul> <ul style="text-align: justify;"> <li>MD5, SSDeep and Wildlist Scanner (YARA) </li> </ul> <ul style="text-align: justify;"> <li>API Hooker and Process Injection </li> </ul> <ul style="text-align: justify;"> <li>Backend Database, XML Serializer </li> </ul> <ul style="text-align: justify;"> <li>And many more </li> </ul> <div style="text-align: justify;"> In the Kernel-Mode part, it tries to make it easy to write your own filter device driver (not with WDF and callbacks) and gives an easy, object oriented (as much as we can) development framework with these features: </div> <ul style="text-align: justify;"> <li>Object-oriented and easy to use development framework </li> </ul> <ul style="text-align: justify;"> <li>Easy IRP dispatching mechanism </li> </ul> <ul style="text-align: justify;"> <li>SSDT Hooker </li> </ul> <ul style="text-align: justify;"> <li>Layered Devices Filtering </li> </ul> <ul style="text-align: justify;"> <li>TDI Firewall </li> </ul> <ul style="text-align: justify;"> <li>File and Registry Manager </li> </ul> <ul style="text-align: justify;"> <li>Kernel Mode easy to use internet sockets </li> </ul> <ul style="text-align: justify;"> <li>Filesystem Filter </li> </ul> <div style="text-align: justify;"> Still the Kernel-Mode in progress and many features will be added in the near future. </div> <h3 style="text-align: justify;"> Download ::  </h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://srdf.googlecode.com/files/SRDF-v1.00.rar" target="_blank">SRDF v1.0</a></div> <div style="text-align: justify;"> <b>Help & Official Website :: </b>https://www.owasp.org/</div>

SRDF - Security Research and Development Framework :: Framework

SRDF - Security Research and Development Framework is a free open source Development Framework created to support writing security too...

Read more »

Yeti (Network Foot-Printing) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5p_8uF28TyyEY6WHl18BJAymokj8-VVu3MRWW5Wt7IIrOKw2h-IiduRV_50rPsD9BqFdwAWtpQ9-szzl3mPK2neFFLS6lG6F0wxVLr7SueOJFhRZRFJRSJQia0DgBxQlZnQRUrCAjfAbO/s1600/yeti+tool+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Yeti tool screenshot" border="0" height="250" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5p_8uF28TyyEY6WHl18BJAymokj8-VVu3MRWW5Wt7IIrOKw2h-IiduRV_50rPsD9BqFdwAWtpQ9-szzl3mPK2neFFLS6lG6F0wxVLr7SueOJFhRZRFJRSJQia0DgBxQlZnQRUrCAjfAbO/s400/yeti+tool+screenshot.png" title="Yeti tool screenshot" width="400" /></a></div> <div style="text-align: justify;"> <b>Yeti </b>is a network foot-printing tool and <b>Yeti</b> is a <i>perfect tool to perform the reconnaissance </i>phase before a pentest or a security assessment. A nice feature is the use of a <i>GeoIP database to look for IP addresses</i> and <i>display your network</i> on a world map. <b>Yeti</b> grabs information publicly available on the Internet and does not perform any intrusive actions. Big companies may have a huge amount of devices and resources online with remote offices in several countries, several websites. If you host applications in the cloud, it could also discover what are your “neighbours” (who share the same IP addresses as you). </div> <div style="text-align: justify;"> Yeti is developed in Java and run on all the well-known operating systems flavors. Yeti proposes the following features: </div> <ul style="text-align: justify;"> <li> Domain expansion – Based on a domain names list, it gathers information for all the available TLD (read from a list). Ex: rootshell.be, rootshell.org, rootshell.eu, rootshell.com, etc. Whois information is gathered and filters can be applied to search for relevant information. </li> <li> Forward lookup – Extracts information from domains (MX records, etc) </li> <li> Certification extraction – Extracts the SSL certificates from web sites. </li> <li> Reverse lookup – Performs reverse IP lookup from IP lists. </li> <li> IP/Site scan – Using the Microsoft Bing API, it extracts information based on domain names or IP addresses<b>. </b></li> </ul> <b>Tutorial :: </b><a href="http://spyeti.blogspot.in/p/getting-started.html" target="_blank">Click Here</a><b> </b><br /> <b>Download Here :: </b><a href="http://www.sensepost.com/cms/resources/labs/tools/misc/jyeti-dist.tar.bz2" target="_blank">Yeti .tar.bz2 (for Linux)</a><b><br /></b><br /> <b>Official Website ::</b> http://spyeti.blogspot.in/

Yeti (Network Foot-Printing) :: Tools

Yeti is a network foot-printing tool and Yeti is a perfect tool to perform the reconnaissance phase before a pentest or a security asse...

Read more »

DNSRecon (DNS Information Gathering) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBmBNrk2zjtV5xfWpJ9Ho5Dxa_UwHGMt5XrbrxISfORTwpUgIpmszrDOrbLbsO6loanBsuVWDn27vHVtA4zWOLDGCd-r9_Uf7Bc1W2EBm0TDEkMdxq6dRPqXoKZ8Jj5iD12qE0nBpf7Oz_/s1600/dnsrecon1.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="dnsrecon" border="0" height="232" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBmBNrk2zjtV5xfWpJ9Ho5Dxa_UwHGMt5XrbrxISfORTwpUgIpmszrDOrbLbsO6loanBsuVWDn27vHVtA4zWOLDGCd-r9_Uf7Bc1W2EBm0TDEkMdxq6dRPqXoKZ8Jj5iD12qE0nBpf7Oz_/s400/dnsrecon1.jpeg" title="dnsrecon" width="400" /></a></div> <span class="nodeLabelBox repTarget " role="treeitem"><span class="nodeBracket editable insertBefore "></span><span class="nodeText editable "><span class=" "><b>DNS reconnaissance or DNSRecon</b> is part of the <i>information gathering stage</i> on a penetration test engagement.When a penetration tester is performing a DNS reconnaissance is trying to obtain as much as information as he can regarding the DNS servers and their records.The information that can be gathered it can disclose the network infrastructure of the company without alerting the IDS/IPS.This is due that most of the organizations are not monitoring their DNS server traffic and those that do they only monitor the zone transfers attempts.</span></span></span><br /> <span class="nodeLabelBox repTarget " role="treeitem"><span class="nodeText editable "><span class=" ">On the web there are a variety of tools available that can gather DNS information effectively but in this article we will focus on the DNSRecon which is a tool that was developed by Carlos Perez and it is designed to perform DNS reconnaissance.This tool is included on backtrack and it is written in python. </span></span></span><br /> <b>DNSrecon</b> is a simple tool writen for target <b>enumeration</b> during authorized penetration test engaments. This tool provides diferent methods for enumerating targets thru DNS service. </div> <ul style="text-align: justify;"> <li>Standard Record Enumeration for a given domain (A, NS, SOA and MX). </li> <li>Top Leven Domain Expansion for a given domain. </li> <li>Zone Transfer against all NS records of a given domain. </li> <li>Reverse Lookup against a given IP Range given a start and end IP. </li> </ul> <div style="text-align: justify;">  Here is an Example of the tool enumerating SRV Record and Standard Record.</div> <pre style="background-color: #fbfbfb; border: 1px solid #cecece; min-height: 40px; overflow: auto; padding: 5px; width: 650px;"><pre style="background-color: #fbfbfb; font-family: consolas,'Courier New',courier,monospace; font-size: 11px; height: 19px; margin: 0em; width: 100%;">root@bt:~# ./dnsrecon.rb -t srv -d avaya.com</pre> <pre style="background-color: #fbfbfb; font-family: consolas,'Courier New',courier,monospace; font-size: 11px; height: 17px; margin: 0em; width: 100%;">_sip._udp.avaya.com,198.152.17.90,5060</pre> <pre style="background-color: #fbfbfb; font-family: consolas,'Courier New',courier,monospace; font-size: 11px; margin: 0em; width: 100%;">_sip._tcp.avaya.com,198.152.17.90,5060</pre> <pre style="background-color: #fbfbfb; font-family: consolas,'Courier New',courier,monospace; font-size: 11px; height: 17px; margin: 0em; width: 100%;">root@bt:~# ./dnsrecon.rb -t std -d google.com</pre> <pre style="background-color: #fbfbfb; font-family: consolas,'Courier New',courier,monospace; font-size: 11px; height: 18px; margin: 0em; width: 100%;">google.com,209.85.171.100,A</pre> <pre style="background-color: #fbfbfb; font-family: consolas,'Courier New',courier,monospace; font-size: 11px; height: 17px; margin: 0em; width: 100%;">google.com,74.125.67.100,A</pre> <pre style="background-color: #fbfbfb; font-family: consolas,'Courier New',courier,monospace; font-size: 11px; height: 17px; margin: 0em; width: 100%;">google.com,74.125.45.100,A</pre> <pre style="background-color: #fbfbfb; font-family: consolas,'Courier New',courier,monospace; font-size: 11px; height: 19px; margin: 0em; width: 100%;">ns1.google.com,216.239.32.10,SOA</pre> <pre style="background-color: #fbfbfb; font-family: consolas,'Courier New',courier,monospace; font-size: 11px; height: 17px; margin: 0em; width: 100%;">ns4.google.com,216.239.38.10,NS</pre> <pre style="background-color: #fbfbfb; font-family: consolas,'Courier New',courier,monospace; font-size: 11px; height: 18px; margin: 0em; width: 100%;">ns1.google.com,216.239.32.10,NS</pre> <pre style="background-color: #fbfbfb; font-family: consolas,'Courier New',courier,monospace; font-size: 11px; height: 18px; margin: 0em; width: 100%;">ns2.google.com,216.239.34.10,NS</pre> <pre style="background-color: #fbfbfb; font-family: consolas,'Courier New',courier,monospace; font-size: 11px; height: 17px; margin: 0em; width: 100%;">ns3.google.com,216.239.36.10,NS</pre> <pre style="background-color: #fbfbfb; font-family: consolas,'Courier New',courier,monospace; font-size: 11px; height: 18px; margin: 0em; width: 100%;">smtp4.google.com,72.14.221.25,MX,10</pre> <pre style="background-color: #fbfbfb; font-family: consolas,'Courier New',courier,monospace; font-size: 11px; height: 19px; margin: 0em; width: 100%;">smtp1.google.com,209.85.237.25,MX,10</pre> <pre style="background-color: #fbfbfb; font-family: consolas,'Courier New',courier,monospace; font-size: 11px; height: 19px; margin: 0em; width: 100%;">smtp2.google.com,64.233.165.25,MX,10</pre> <pre style="background-color: #fbfbfb; font-family: consolas,'Courier New',courier,monospace; font-size: 11px; margin: 0em; width: 100%;">smtp3.google.com,209.85.137.25,MX,10</pre> </pre> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/uy9Z6C8vVRw?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> <b>Download Here :: </b><a href="https://github.com/darkoperator/dnsrecon/blob/master/dnsrecon.py" target="_blank">dnsrecon.py</a><b> </b></div> <div style="text-align: justify;"> <b>Source :: </b><cite>https://github.com/darkoperator/<b>dnsrecon</b></cite></div> </div>

DNSRecon (DNS Information Gathering) :: Tools

DNS reconnaissance or DNSRecon is part of the information gathering stage on a penetration test engagement.When a penetration tester...

Read more »

DNSTracer (DNS Route) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijwi4woQmAhYPT0HfRIFqdXQpeOUXfuxlKLRCrcPaokynz71x66BXbyCIF6IAC2GsPaQEd1flhUoUmSSzx7TQommBkqteEQLjJBNIeQZ9s_hzczl3cyyIFOlmx7SeuBcVXWwDKLgN4QBdV/s1600/dnstracer+screenshot.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="dnstracer screenshot" border="0" height="202" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijwi4woQmAhYPT0HfRIFqdXQpeOUXfuxlKLRCrcPaokynz71x66BXbyCIF6IAC2GsPaQEd1flhUoUmSSzx7TQommBkqteEQLjJBNIeQZ9s_hzczl3cyyIFOlmx7SeuBcVXWwDKLgN4QBdV/s400/dnstracer+screenshot.jpg" title="dnstracer screenshot" width="400" /></a></div> <div style="text-align: justify;"> <b>dnstracer</b> determines where a given <i>Domain Name Server (DNS) gets its information</i> from, and follows the chain of DNS servers back to the servers which know the data.</div> <br /> Example :-<br /> <pre class="screenshot">[~] edwin@k7><b>dnstracer www.mavetju.org</b> Tracing to www.mavetju.org via 127.0.0.1, timeout 15 seconds 127.0.0.1 (127.0.0.1) |\___ B.ROOT-SERVERS.NET [.] (128.9.0.107) | |\___ M.GTLD-SERVERS.NET [org] (202.153.114.101) | | |\___ NS2.SECONDARY.COM [mavetju.org] (198.133.199.4) Got authoritative answer | | \___ NS1.SECONDARY.COM [mavetju.org] (198.133.199.3) Got authoritative answer | |\___ E.GTLD-SERVERS.NET [org] (192.12.94.30) | | |\___ NS2.SECONDARY.COM [mavetju.org] (198.133.199.4) (cached) | | \___ NS1.SECONDARY.COM [mavetju.org] (198.133.199.3) (cached) | |\___ K.GTLD-SERVERS.NET [org] (213.177.194.5) | | |\___ NS2.SECONDARY.COM [mavetju.org] (198.133.199.4) (cached) | | \___ NS1.SECONDARY.COM [mavetju.org] (198.133.199.3) (cached) [...] | \___ A.GTLD-SERVERS.NET [org] (192.5.6.30) | |\___ NS2.SECONDARY.COM [mavetju.org] (198.133.199.4) (cached) | \___ NS1.SECONDARY.COM [mavetju.org] (198.133.199.3) (cached) |\___ F.ROOT-SERVERS.NET [.] (192.5.5.241) | |\___ M.GTLD-SERVERS.NET [org] (202.153.114.101) (cached) | |\___ E.GTLD-SERVERS.NET [org] (192.12.94.30) (cached) | |\___ K.GTLD-SERVERS.NET [org] (213.177.194.5) (cached) | |\___ J.GTLD-SERVERS.NET [org] (210.132.100.101) (cached) | |\___ F.GTLD-SERVERS.NET [org] (192.35.51.30) (cached) [...] | \___ A.GTLD-SERVERS.NET [org] (192.5.6.30) (cached) |\___ G.ROOT-SERVERS.NET [.] (192.112.36.4) | |\___ M.GTLD-SERVERS.NET [org] (202.153.114.101) (cached) [...]</pre> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/ibBUa6u9R6Y?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br /> <b>Download Here ::</b> <a href="http://freecode.com/urls/90291af9c8922e02e73b8299afb0f868" target="_blank">dnstracer (for Linux)</a><br /> <b>Source ::</b> http://www.mavetju.org/unix/dnstracer.php</div>

DNSTracer (DNS Route) :: Tools

dnstracer determines where a given Domain Name Server (DNS) gets its information from, and follows the chain of DNS servers back to th...

Read more »

p0f (OS and Application Fingerprinting) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxMdkwqLhu3-pobymZBIO1qkTOxYwuX4bDCm4Q611wMbhHmVJFqDwC9T4Kry2DSL2ce_ZpjZSs3_1aULLvVDqe4vFIpOWUhyphenhyphenEX_EdPrmfz-HG-XmVhf9ArdZ8L37QRcjw75UeZOC30pf8G/s1600/p0f+screenshot.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="p0f screenshot" border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxMdkwqLhu3-pobymZBIO1qkTOxYwuX4bDCm4Q611wMbhHmVJFqDwC9T4Kry2DSL2ce_ZpjZSs3_1aULLvVDqe4vFIpOWUhyphenhyphenEX_EdPrmfz-HG-XmVhf9ArdZ8L37QRcjw75UeZOC30pf8G/s320/p0f+screenshot.jpg" title="p0f screenshot" width="320" /></a></div> <div style="text-align: justify;"> <b>p0f</b> is a versatile <i>passive OS and application fingerprinter,</i> and a tool for <i>detecting NAT/connection sharing</i>. It is useful for <i>penetration testing, routine network monitoring, and forensics</i>, and to aid abuse detection tools such as IDSes, spam filters, or honeypots. <b>P0f</b> is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP). </div> <div style="text-align: justify;"> Some of p0f's capabilities include: </div> <ul style="text-align: justify;"> <li> Highly scalable and extremely fast identification of the operating system and software on both endpoints of a vanilla TCP connection - especially in settings where <a href="http://www.nmap.org/">NMap</a> probes are blocked, too slow, unreliable, or would simply set off alarms. </li> <li> Measurement of system uptime and network hookup, distance (including topology behind NAT or packet filters), user language preferences, and so on. </li> <li> Automated detection of connection sharing / NAT, load balancing, and application-level proxying setups. </li> <li> Detection of clients and servers that forge declarative statements such as <i>X-Mailer</i> or <i>User-Agent</i>. </li> </ul> <div style="text-align: justify;"> <b>p0f</b> can be operated in the foreground or as a daemon, and offers a simple real-time API for third-party components that wish to obtain additional information about the actors they are talking to. </div> <div style="text-align: justify;"> Common uses for p0f include reconnaissance during penetration tests; routine network monitoring; detection of unauthorized network interconnects in corporate environments; providing signals for abuse-prevention tools; and miscellanous forensics. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/OROE_HoN8mg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> Download Here :: <a href="http://lcamtuf.coredump.cx/p0f3/releases/p0f-3.06b.tgz" target="_blank">p0f-3.06b.tgz (for Linux)</a></div> <div style="text-align: justify;"> Official Website :: http://lcamtuf.coredump.cx/p0f3/</div> </div>

p0f (OS and Application Fingerprinting) :: Tools

p0f is a versatile passive OS and application fingerprinter, and a tool for detecting NAT/connection sharing . It is useful for pene...

Read more »

Fierce (DNS Enumeration) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;">  <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-d0GilIUG5gDmVrO9tXHE8UJRtwhXIr4VOfgiq6g0SySvlmFZvw7j4UPg3IEW2Ngpv9CxGhO0Cq94iAL9eUmsarmZ8wzwJHgmSM1t3kWG8zfMEfxm7QLPnHMWfkarA-sqsYXQJRJUhROK/s1600/fierce+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="fierce domain" border="0" height="256" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-d0GilIUG5gDmVrO9tXHE8UJRtwhXIr4VOfgiq6g0SySvlmFZvw7j4UPg3IEW2Ngpv9CxGhO0Cq94iAL9eUmsarmZ8wzwJHgmSM1t3kWG8zfMEfxm7QLPnHMWfkarA-sqsYXQJRJUhROK/s400/fierce+screenshot.png" title="fierce domain" width="400" /></a></div> <div style="text-align: justify;"> <b>Fierce </b>is a <i>DNS Enumeration</i> and <b>Fierce</b> is a <i>semi-lightweight scanner that helps locate non-contiguous IP space and hostnames</i> against specified domains. It's really meant as a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all of those require that you already know what IP space you are looking for. This does not perform exploitation and does not scan the whole internet indiscriminately. It is meant specifically to locate likely targets both inside and outside a corporate network. Because it uses DNS primarily you will often find mis-configured networks that leak internal address space. That's especially useful in targeted malware.  <b><br /> </b></div> <div style="text-align: justify;"> <b>Fierce</b> domain scan was born out of personal frustration after performing a web application security audit. It is traditionally very difficult to discover large swaths of a corporate network that is non-contiguous. It's terribly easy to run a scanner against an IP range, but if the IP ranges are nowhere near one another you can miss huge chunks of networks.</div> <div style="text-align: justify;"> First what Fierce is not. Fierce is not an IP scanner, it is not a DDoS tool, it is not designed to scan the whole internet or perform any un-targeted attacks. It is meant specifically to locate likely targets both inside and outside a corporate network. Only those targets are listed (unless the -nopattern switch is used). No exploitation is performed (unless you do something intentionally malicious with the -connect switch). Fierce is a reconnaissance tool. Fierce is a PERL script that quickly scans domains (usually in just a few minutes, assuming no network lag) using several tactics.</div> <div style="text-align: justify;"> First it queries your DNS for the DNS servers of the target. It then switches to using the target's DNS server (you can use a different one if you want using the -dnsserver switch but this can cause problems if the server you use won't tell you information about other people's sites and of course you won't find much relevant internal address space). Fierce then attempts to dump the SOA records for the domain in the very slim hope that the DNS server that your target uses may be misconfigured. Once that fails (because it almost always will) it attempts to "guess" names that are common amongst a lot of different companies. Don't ask me where I got the list, it's just a list of names that id and I have seen all over the place. I thought about adding a dictionary to this, but I think that would take a lot longer, and given that very few of the words are dictionary words I don't think this would add a lot of value.</div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/il6Ey1sNc0w?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> <b>Download Here :: </b><a href="http://ha.ckers.org/fierce/fierce.pl" target="_blank">fierce.pl</a></div> <div style="text-align: justify;"> <b>Official Website :: </b>http://ha.ckers.org/fierce/</div> </div>

Fierce (DNS Enumeration) :: Tools

  Fierce is a DNS Enumeration and Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames again...

Read more »

Social Engineering Toolkit (SET) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Social-Engineering-Toolkit Logo" border="0" height="203" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZp5OAjBJvIyr5zI3tkhYhzWyUadCCpXmfibfXqc_q0jgKSbkicYCNzA91NhgcYEyKkp2mjzZCDl-toVTu6AEL96HjxPEnEHhMAHpZfVw79c4kmp13o5fXXigNVPUL_aBkNQUqsT7-aH5u/s400/SET+Logo.jpg" title="Social-Engineering-Toolkit Logo" width="400" /></div> <div style="text-align: justify;"> The <b>Social-Engineer Toolkit (SET)</b> was created and written by the founder of <b>TrustedSec</b>. It is an open-source Python-driven tool aimed at <b>penetration testing around Social-Engineering.</b> SET has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two million downloads, SET is the standard for social-engineering penetration tests and supported heavily within the security community. </div> <div style="text-align: justify;"> <b>The Social-Engineer Toolkit</b> has over 2 million downloads and is aimed at leveraging advanced technological attacks in a social-engineering type environment. TrustedSec believes that social-engineering is one of the hardest attacks to protect against and now one of the most prevalent. The toolkit has been featured in a number of books including the number one best seller in security books for 9 months since its release,“Metasploit: The Penetrations Testers Guide” written by TrustedSec’s founder as well as Devon Kearns, Jim O’Gorman, and Mati Aharoni.</div> <div style="text-align: justify;"> <b>SET</b> is included in the latest version of the most popular Linux distribution focused on security, Back|Track.  </div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Q9oDyd2yAFc?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> <b>For More Video Tutorial :: </b><a href="https://www.trustedsec.com/downloads/social-engineer-toolkit/" target="_blank">Click Here </a><b> </b><br /> <b>Download Here :: </b><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"><span class="crayon-e">git </span><span class="crayon-r">clone</span><span class="crayon-h"> </span><span class="crayon-i">https</span><span class="crayon-o">:</span><span class="crayon-c">//github.com/trustedsec/social-engineer-toolkit/ set/</span></span></span></div> <div class="crayon-pre" style="font-size: 12px !important; line-height: 15px !important;"> <div class="crayon-line" id="crayon-526c3fed2a2ac390979488-1"> </div> <div class="crayon-line" id="crayon-526c3fed2a2ac390979488-1"> </div> <div class="crayon-line" id="crayon-526c3fed2a2ac390979488-1"> </div> <div class="crayon-line" id="crayon-526c3fed2a2ac390979488-1"> </div> <div class="crayon-line" id="crayon-526c3fed2a2ac390979488-1"> <b><span class="crayon-c"></span></b><span class="crayon-c"><b><span style="font-size: small;">Official Website :: </span></b><span style="font-size: small;">https://www.trustedsec.com/</span><b> </b></span><span class="crayon-c"></span></div> </div> <div style="text-align: justify;"> </div> </div>

Social Engineering Toolkit (SET) :: Tools

The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec . It is an open-source Python-driven tool aimed...

Read more »

Kali Linux :: ToolWar

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Kali Linux :: ToolWar" border="0" height="219" src="http://www.kali.org/wp-content/uploads/2013/03/kali-home-large-slider2.jpg" title="Kali Linux :: ToolWar" width="320" /></div> <br /> <div style="text-align: justify;"> <b>Kali Linux</b> is a newer version of BackTrack with additional tools. <b>Kali Linux</b> is a <b>Debian-derived Linux distribution</b> designed for forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. Mati Aharoni and Devon Kearns of Offensive Security developed it by rewriting BackTrack, their previous forensics Linux distribution.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <sup class="reference" id="cite_ref-1"></sup></div> <div style="text-align: justify;"> <a href="http://sdfa/" target="_blank"> </a></div> <div style="text-align: justify;"> Kali is preinstalled with numerous penetration-testing programs, including nmap (a port scanner), <i>Wireshark</i> (a packet analyzer), <i>John the Ripper</i> (a password cracker), and <i>Aircrack-ng</i> (a software suite for penetration-testing wireless LANs).<sup class="reference" id="cite_ref-arrives_2-0"></sup> Users may run <b>Kali Linux</b> from a hard disk, live CD, or live USB. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits.<sup class="reference" id="cite_ref-arrives_2-1"></sup></div> <div style="text-align: justify;"> <a href="http://sdfa/" target="_blank"> </a></div> <div style="text-align: justify;"> <b>Kali Linux</b> is distributed in 32- and 64-bit images for use on hosts based on the x86 instruction set, as well as an image for the ARM architecture for use on the Raspberry Pi computer and on Samsung's ARM Chromebook.</div> <div style="text-align: justify;"> Kali is a complete re-build of BackTrack Linux, adhering completely to Debian development standards. All-new infrastructure has been put in place, all tools were reviewed and packaged, and we use Git for our VCS.</div> <ul style="text-align: justify;"> <li><b>More than 300 penetration testing tools:</b> After reviewing every tool that was included in BackTrack, we eliminated a great number of tools that either did not work or had other tools available that provided similar functionality.</li> <li><b>Free and always will be:</b> Kali Linux, like its predecessor, is completely free and always will be. You will never, ever have to pay for Kali Linux.</li> <li><b>Open source Git tree:</b> We are huge proponents of open source software and our development tree is available for all to see and all sources are available for those who wish to tweak and rebuild packages.</li> <li><b>FHS compliant:</b> Kali has been developed to adhere to the Filesystem Hierarchy Standard, allowing all Linux users to easily locate binaries, support files, libraries, etc.</li> <li><b>Vast wireless device support:</b> We have built Kali Linux to support as many wireless devices as we possibly can, allowing it to run properly on a wide variety of hardware and making it compatible with numerous USB and other wireless devices.</li> <li><b>Custom kernel patched for injection:</b> As penetration testers, the development team often needs to do wireless assessments so our kernel has the latest injection patches included.</li> <li><b>Secure development environment:</b> The Kali Linux team is made up of a small group of trusted individuals who can only commit packages and interact with the repositories while using multiple secure protocols.</li> <li><b>GPG signed packages and repos:</b> All Kali packages are signed by each individual developer when they are built and committed and the repositories subsequently sign the packages as well.</li> <li><b>Multi-language:</b> Although pentesting tools tend to be written in English, we have ensured that Kali has true multilingual support, allowing more users to operate in their native language and locate the tools they need for the job.</li> <li><b>Completely customizable:</b> We completely understand that not everyone will agree with our design decisions so we have made it as easy as possible for our more adventurous users to customize Kali Linux to their liking, all the way down to the kernel.</li> </ul> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/cLQ8Yd0C7sM?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: center;"> </div> <div style="text-align: left;"> <b>Download Here :: </b><a href="http://cdimage.kali.org/kali-images/kali-1.0.5/kali-linux-1.0.5-i386.iso" target="_blank">Kali Linux 1.0.5 32-bit ISO</a><b> </b></div> <div style="text-align: left;"> <b>Official Website :: </b> http://www.kali.org/</div> <div style="text-align: justify;"> </div> <sup class="reference" id="cite_ref-3"></sup> <sup class="reference" id="cite_ref-3"></sup></div>

Kali Linux :: ToolWar

Kali Linux is a newer version of BackTrack with additional tools. Kali Linux is a Debian-derived Linux distribution designed for for...

Read more »

DNSMap (DNS Network Mapper) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;">  <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtvLH9JV95_ugTvvdVTHaLKagKNfbMcFZroTS2L0UYmecPvN77x5zOtyG23Q0D_KhBl2itBUHXhGHB3ylnVmZDM_HbwONQVFB1JUPOEW8Ngr9Br57qzs4t-Gihxov75rM8h7TIgRrdf158/s1600/dnsmap.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="dnsmap screenshot" border="0" height="250" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtvLH9JV95_ugTvvdVTHaLKagKNfbMcFZroTS2L0UYmecPvN77x5zOtyG23Q0D_KhBl2itBUHXhGHB3ylnVmZDM_HbwONQVFB1JUPOEW8Ngr9Br57qzs4t-Gihxov75rM8h7TIgRrdf158/s400/dnsmap.png" title="dnsmap screenshot" width="400" /></a></div> </div> <div style="text-align: justify;"> <b>dnsmap</b> is a <i><span itemprop="description">Passive DNS network mapper a.k.a. subdomains bruteforcer</span></i>. <b>dnsmap</b> is mainly meant to be used by pentesters during the <i> information gathering/enumeration phase</i> of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, domain names, phone numbers, etc. dnsmap was included in Backtrack 2 and 3, although the version included is the now dated version 0.1. </div> <div style="text-align: justify;"> Subdomain brute-forcing is another technique that should be used in the enumeration stage, as it’s especially useful when other domain enumeration techniques such as zone transfers don’t work (I rarely see zone transfers being publicly allowed these days by the way).<br /> <br /> obtain all IP addresses (A records) associated to each successfully bruteforced subdomain, rather than just one IP address per subdomain, abort the bruteforcing process in case the target domain uses wildcards , ability to be able to run the tool without providing a wordlist by using a built-in list of keywords, bruteforcing by using a user-supplied wordlist (as opposed to the built-in wordlist).</div> <h3 style="text-align: justify;"> New Improvements in Version 0.22 - </h3> <div style="text-align: justify;"> saving the results in human-readable and CSV format for easy processing,fixed bug that disallowed reading wordlists with DOS CRLF format,improved built-in subdomains wordlist,new bash script (<code>dnsmap-bulk.sh</code>) included which allows running dnsmap against a list of domains from a , user-supplied file. i.e.: bruteforcing several domains in a bulk fashion, bypassing of signature-based dnsmap detection by generating a proper pseudo-random subdomain when checking for wildcards</div> <div style="text-align: left;"> <h3 style="text-align: left;"> <span style="font-size: small;">Usage -</span></h3> <br /> <pre><code>usage: dnsmap <target-domain> [options] options: -w <wordlist-file> -r <results-path> </code></pre> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/55ITD0hceio?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <br /> <h3> Example on Live Domain</h3> The following is just an example so you get an idea of how dnsmap works. Very simple to use as you can see. If you want to save the results or use your own wordlist, checkout the usage syntax. Question for those who pay attention to detail: <i>can you spot the potential leaks of internal IP addresses?</i> <br /> <pre><code><span style="background-color: #ffd966;"> <span style="background-color: white;">$ dnsmap baidu.com dnsmap 0.22 - DNS Network Mapper by pagvac (gnucitizen.org) [+] searching (sub)domains for baidu.com using built-in wordlist accounts.baidu.com IP address #1: 10.11.252.74 events.baidu.com IP address #1: 202.108.23.40 finance.baidu.com IP address #1: 60.28.250.196 IP address #2: 60.28.251.79 IP address #3: 60.28.251.206 IP address #4: 123.129.240.28 IP address #5: 123.129.240.29 IP address #6: 60.28.250.102 IP address #7: 60.28.250.111 forum.baidu.com IP address #1: 202.108.250.212 images.baidu.com IP address #1: 61.135.163.93 mail.baidu.com IP address #1: 10.23.3.137 mobile.baidu.com IP address #1: 202.108.23.125 mx.baidu.com IP address #1: 61.135.163.61 mx1.baidu.com IP address #1: 61.135.163.61 mx2.baidu.com IP address #1: 61.135.163.62 mx3.baidu.com IP address #1: 61.135.162.61 news.baidu.com IP address #1: 61.135.163.87 ns1.baidu.com IP address #1: 202.108.22.220 ns2.baidu.com IP address #1: 61.135.165.235 ns3.baidu.com IP address #1: 220.181.37.10 oracle.baidu.com IP address #1: 172.18.0.50 photo.baidu.com IP address #1: 61.135.163.93 photos.baidu.com IP address #1: 61.135.163.93 pop.baidu.com IP address #1: 61.135.166.249 proxy.baidu.com IP address #1: 202.108.11.30 smtp.baidu.com IP address #1: 61.135.163.61 vpn.baidu.com IP address #1: 202.108.250.231 wap.baidu.com IP address #1: 61.135.163.237 webmail.baidu.com IP address #1: 61.135.166.249 win.baidu.com IP address #1: 10.65.19.212 www.baidu.com IP address #1: 220.181.5.222 www1.baidu.com IP address #1: 220.181.5.222 www2.baidu.com IP address #1: 202.108.22.136 www3.baidu.com IP address #1: 202.108.22.188 [+] 29 (sub)domains and 35 IP address(es) found </span></span> </code></pre> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>Download Here :: </b><a href="http://www.gnucitizen.org/static/blog/2009/03/dnsmap-0222tar.gz">dnsmap-0.22.2.tar.gz</a></div> <div style="text-align: justify;"> <b>Source :: </b>http://code.google.com/p/dnsmap/</div> </div>

DNSMap (DNS Network Mapper) :: Tools

  dnsmap is a Passive DNS network mapper a.k.a. subdomains bruteforcer . dnsmap is mainly meant to be used by pentesters during the ...

Read more »

Aircrack-ng 1.2 Beta :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: justify;"> </div> <div class="separator" style="clear: both; text-align: center;"> <img alt="Aircrack-ng logo" border="0" src="http://www.aircrack-ng.org/resources/aircrack-ng-new-logo.jpg" title="Aircrack-ng logo" /></div> <div style="margin-left: 1em; margin-right: 1em; text-align: justify;"> <b>Aircrack-ng</b> is a free open source tool for cracking 802.11 WEP and WPA-PSK that can (crack the key through the enough data packets or weak IVs captured in a file. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, <b>Aircrack-ng </b>suite is a collection of tools for auditing wireless networks.</div> <div style="text-align: center;"> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/GLO9HGDwOY0?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> </div> <div style="text-align: justify;"> <br /> <b>Download Here</b><b> :: </b><span style="color: #3d85c6;"><a href="http://download.aircrack-ng.org/aircrack-ng-1.2-beta1.tar.gz" target="_blank">Aircrack-NG (for Linux)</a> </span><br /> <span style="color: #3d85c6;"><a href="http://download.aircrack-ng.org/aircrack-ng-1.2-beta1-win.zip" target="_blank">Aircrack-NG (for Windows)</a></span></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>Official Website  ::</b> http://www.aircrack-ng.org/</div> <div style="text-align: justify;"> </div> </div>

Aircrack-ng 1.2 Beta :: Tools

Aircrack-ng is a free open source tool for cracking 802.11 WEP and WPA-PSK that can (crack the key through the enough data packets o...

Read more »

DNSenum (DNS Enumeration) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxNRJcNRL-APPaXbHIFD6jfAfGbCGG1E052DaRrexH-nbnr31HFbWFG7KFm57OfZkJDDRj-ivRZTs9nt-w8RzbgB2kyglNN3h1MccRqG7vMob6eWeouWflpga0z9NFdYUmsxje824PEaUU/s1600/dnsenum.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="dnsenum screenshot" border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxNRJcNRL-APPaXbHIFD6jfAfGbCGG1E052DaRrexH-nbnr31HFbWFG7KFm57OfZkJDDRj-ivRZTs9nt-w8RzbgB2kyglNN3h1MccRqG7vMob6eWeouWflpga0z9NFdYUmsxje824PEaUU/s640/dnsenum.png" title="dnsenum screenshot" width="640" /></a></div> <br /> <span itemprop="description"><b>DNSenum </b>is a <i>pentesting cool created to enumerate DNS info about domains</i></span>. The purpose of <b>Dnsenum</b> is to gather as much information as possible about a domain. The program currently performs the following operations: </div> <div style="text-align: justify;"> 1) Get the host's addresse (A record). </div> <div style="text-align: justify;"> 2) Get the namservers (threaded). </div> <div style="text-align: justify;"> 3) Get the MX record (threaded). </div> <div style="text-align: justify;"> 4) Perform axfr queries on nameservers and get BIND versions(threaded). </div> <div style="text-align: justify;"> 5) Get extra names and subdomains via google scraping (google query = "allinurl: -www site:domain"). </div> <div style="text-align: justify;"> 6) Brute force subdomains from file, can also perform recursion on subdomain that have NS records (all threaded). </div> <div style="text-align: justify;"> 7) Calculate C class domain network ranges and perform whois queries on them (threaded). </div> <div style="text-align: justify;"> 8) Perform reverse lookups on netranges ( C class or/and whois netranges) (threaded). </div> <div style="text-align: justify;"> 9) Write to domain_ips.txt file ip-blocks.<br /> <h3> Tutorials ::  </h3> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Sk7NI6LDkJQ?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/h-emEp6n9Fk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> Download :: </h3> <b>Linux :: </b><a href="http://dnsenum.googlecode.com/files/dnsenum-1.2.2.tar.gz" target="_blank">DNSenum 1.2.2 (for Linux)</a><b> </b></div> <div style="text-align: justify;"> <b>Source :: </b><a href="http://code.google.com/p/dnsenum/">http://code.google.com/p/dnsenum/</a></div> </div>

DNSenum (DNS Enumeration) :: Tools

DNSenum is a pentesting cool created to enumerate DNS info about domains . The purpose of Dnsenum is to gather as much information as ...

Read more »