Web Spidering Framework - Malspider

Malspider is a web spidering framework that inspects websites for characteristics of compromise. Malspider has three purposes:

• Website Integrity Monitoring: monitor your organization’s website (or your personal website) for potentially malicious changes.
• Generate Threat Intelligence: keep an eye on previously compromised sites, currently compromised sites, or sites that may be targeted by various threat actors.
• Validate Web Compromises: Is this website still compromised?

What can Malspider detect?

Malspider has built-in detection for characteristics of compromise like hidden iframes, reconnaisance frameworks, vbscript injection, email address disclosure, etc.

As we find stuff we will continue to add classifications to this tool and we hope you will do the same. Malspider will be a much better tool if CIRT teams and security practitioners around the world contribute to the project. ciscocsirt

Prerequisites

Please make sure these technologies are installed before continuing:

• Python 2.7.6
• Updated version of pip
• mysql

Note: If your server already has specific versions of these components installed, you can use a virtualenv to create an isolated python environment.
Tested and working on minimal installations of:

• Ubuntu 14
• CentOS 6
• CentOS 7

Installation

Start the installation process by running “./quick_install” from the command line. Please read the prompts carefully!!

Malspider comes with a quick_install script found in the root directory. This scripts attempts to makes the installation process as painless as possible by completing the following steps:

1. Install Database: creates a database titled ‘malspider’, creates a new mysql user, and applies db schema.
2. Install Dependencies: installs ALL dependencies and modules required by Malspider.
3. Django Migrations: applies django migrations to the database (necessary for the web app).
4. Create Web Admin User: creates an administrative user for the web application.
5. Add Access Control: creates iptables rules to block port 6802 (used by the daemon) and open port 8080 (web app).
6. Add Cronjobs: creates crontab entries to schedule jobs, analyze data, and purge the database after a period of time.

Note: The quick_install script uses scripts found under the install/ directory. If any of the above steps fail you can attempt to complete them manually using those scripts.

Start

Start Malspider by running “./quick_start” from the command line. Malspider comes with a quick_start script found in the root directory. This script attempts to start the daemon and the web application. Malspider can be accessed from your browser on port 8080 @ http://0.0.0.0:8080

Interaction with Malspider happens via an easy-to-use dashboard accessible through your web browser. The dashboard enables you to view alerts, inspect injected code, add websites to monitor, and tune false positives. You can add websites to you want to crawl by navigating to the administrative panel @ http://0.0.0.0:8080/admin (or by clicking on the admin link from the dashboard). Click on “Organizations” and a new Organization. You’ll be prompted for the:

• website name (ie. “Cisco Systems”)
• domain (ie. cisco.com)
• industry/org category (ie. Energy, Political, Education, etc)

By default, Malspider crawls 20 pages per domain. This can be changed. You can crawl as many pages as you like (per domain) or you can crawl only the homepage of each site.

Malspider randomly selects a user agent string from a list found at malspider/resources/useragents.txt. If you would like to add more user agents to the list then simply edit that text file. Malspider has also built-in capabilities for taking screenshots of every page it crawls. Screenshots can be useful in a variety of situations, but this can cause a drastic increase in server space utilization. For that reason, screenshots are turned off by default. For this reason email address detection is also off by default. Malspider crawls websites and stores information about those sites in a database. The data in the database is post-processed and analyzed for potentially malicious characteristics. You can view results from the analyzer by simply viewing the dashboard and clicking on “View Alerts”. Your database can grow rather large very quickly. It is recommended that, for performance reasons, you delete data from the ‘pages’ table and the ‘elements’ table once per month

Download Malspider

Read More

Passive DNS V2 - pDNS2

pDNS2 is yet another implementation of a passive DNS tool working with Redis as the database. pDNS2 means ‘passive DNS version2’ and favors speed in query over other database features. pDNS2 is based on Florian Weimer’s original dnslogger with improved features for speed and specialization for analyst.

REQUIREMENTS
Redis http://redis.io/
Redis API https://github.com/andymccurdy/redis-py
wireshark full install http://www.wireshark.org/

GETTING STARTED
This version has two simple python scripts to support the collection of DNS traffic as pdns2_collect.py and the other to query as pdns2_query.py

1. Ensure wireshare’s share is working and can collect on the desired interface or read pcap files.
2. Run redis-server and listening on local port 6379
3. run pdns2_collect.py with -i for an interface or -p for a pcap file
4. Anytime the collection is working, try pdns2_query.py with the options available.

below are are simply using a wildcard with -d for any domain
Sample query python pdns2_query.py -d *

  Domain                                   ips             first     date      rr    ttl   count   
  w2.eff.org                               69.50.232.52    20120524  20120524  CNAME 300   3        
  web5.eff.org                             69.50.232.52    20120524  20120524  A     300   3        
  slashdot.org                             216.34.181.45   20120524  20120524  A     2278  1        
  csi.gstatic.com                          74.125.143.120  20120524  20120524  A     300   1        
  ssl.gstatic.com                          74.125.229.175  20120524  20120524  A     244   1        
  xkcd.com                                 107.6.106.82    20120524  20120524  A     600   1        
  imgs.xkcd.com                            69.9.191.19     20120524  20120524  CNAME 418   1        
  www.xkcd.com                             107.6.106.82    20120524  20120524  CNAME 600   1        
  craphound.com                            204.11.50.137   20120524  20120524  A     861   1        
  www.youtube.com                          173.194.37.4    20120524  20120524  CNAME 81588 1        

pDNS2 commands
DOMAIN EXAMPLES

arguments:
  -h, --help            show this help message and exit
  -d DOMAIN, --domain DOMAIN
  -i IP, --ip IP
  -da DATE, --date DATE
  -ips IP_SNIFF, --ip_sniff IP_SNIFF
  -ttl TTL, --ttl TTL
  -rr RRECORD, --rrecord RRECORD
  -l LOCAL, --local LOCAL
  -ac ACOUNT, --acount ACOUNT
  -c COUNT, --count COUNT
  -ipf IP_FLUX, --ip_flux IP_FLUX
  -ipr IP_REVERSE, --ip_reverse IP_REVERSE


-d *example.com     seeks all domains that end with example.com
-i 1.1.1.1          ip address search
-ttl 0              use a number like 0 or 100 to get all the TTL of a specific value search is based on domain not IP
-ac  *example.com            return by query, counts of counts (usage), or 'hits' for the domains in order, *.google.com or *.com are examples 

-l               search entire database local resolved IP addresses that resolve to 127.0.0.1 etc. 
-ipf *.com       return a COUNT of domains in the IP space for each instance of a domain, use with ip_reverse
-ipr * seattletimes.com use with ip_flux, enumerate domains in the IP space

-ips 192.168.1.1'    search the domain space for a specific IP address, different then searching by IP 
-da 20130101          return all records by date

ADMINISTRATIVE
delete_key('Domain:*delete*') Dangerous command, deletes a key, must use the entire key such as Domain: or IP:
raw_record('Domain:xalrbngb-0.t.nessus.org') view the raw record properties (no wildcards) use full key name
pDNS2 tracks current state and last known, it is a snapshot of organization perception, not a log.

AUTHOR
pDNS is developed and maintained terraplex at gmail.com

Errata
This is the basic version, if interested in the more advanced versions or specialized versions that work with scapy, let me know.

Download pDNS2

Read More

A Collection of Awesome Penetration Testing Resources - OffSec

A collection of awesome penetration testing resources

• Online Resources
  • Penetration Testing Resources
  • Exploit development
  • Social Engineering Resources
  • Lock Picking Resources
• Tools
  • Penetration Testing Distributions
  • Basic Penetration Testing Tools
  • Docker for Penetration Testing
  • Vulnerability Scanners
  • Network Tools
  • Wireless Network Tools
  • SSL Analysis Tools
  • Web exploitation
  • Hex Editors
  • Crackers
  • Windows Utils
  • Linux Utils
  • DDoS Tools
  • Social Engineering Tools
  • OSInt Tools
  • Anonymity Tools
  • Reverse Engineering Tools
  • CTF Tools
• Books
  • Penetration Testing Books
  • Hackers Handbook Series
  • Network Analysis Books
  • Reverse Engineering Books
  • Malware Analysis Books
  • Windows Books
  • Social Engineering Books
  • Lock Picking Books
• Vulnerability Databases
• Security Courses
• Information Security Conferences
• Information Security Magazines
• Awesome Lists
• Contribution
• License
• 
  

Online Resources

Penetration Testing Resources

• Metasploit Unleashed - Free Offensive Security metasploit course
• PTES - Penetration Testing Execution Standard
• OWASP - Open Web Application Security Project

Exploit development

• Shellcode Tutorial - Tutorial on how to write shellcode
• Shellcode Examples - Shellcodes database
• Exploit Writing Tutorials - Tutorials on how to develop exploits
• GDB-peda - Python Exploit Development Assistance for GDB
• shellsploit - New Generation Exploit Development Kit

Social Engineering Resources

• Social Engineering Framework - An information resource for social engineers

Lock Picking Resources

• Schuyler Towne channel - Lockpicking videos and security talks
• /r/lockpicking - Resources for learning lockpicking, equipment recommendations.

Tools

Penetration Testing Distributions

• Kali - A Linux distribution designed for digital forensics and penetration testing
• ArchStrike - An Arch Linux repository for security professionals and enthusiasts
• BlackArch - Arch Linux-based distribution for penetration testers and security researchers
• NST - Network Security Toolkit distribution
• Pentoo - Security-focused livecd based on Gentoo
• BackBox - Ubuntu-based distribution for penetration tests and security assessments
• Parrot - A distribution similar to Kali, with multiple architecture

Basic Penetration Testing Tools

• Metasploit Framework - World's most used penetration testing software
• Burp Suite - An integrated platform for performing security testing of web applications
• ExploitPack - Graphical tool for penetration testing with a bunch of exploits
• BeeF - The Browser Exploitation Framework Project
• faraday - Collaborative Penetration Test and Vulnerability Management Platform
• evilgrade - The update explotation framework
• commix - Automated All-in-One OS Command Injection and Exploitation Tool
• routersploit - Automated penetration testing software for router

Docker for Penetration Testing

• docker pull kalilinux/kali-linux-docker official Kali Linux
• docker pull owasp/zap2docker-stable - official OWASP ZAP
• docker pull wpscanteam/wpscan - official WPScan
• docker pull pandrew/metasploit - docker-metasploit
• docker pull citizenstig/dvwa - Damn Vulnerable Web Application (DVWA)
• docker pull wpscanteam/vulnerablewordpress - Vulnerable WordPress Installation
• docker pull hmlio/vaas-cve-2014-6271 - Vulnerability as a service: Shellshock
• docker pull hmlio/vaas-cve-2014-0160 - Vulnerability as a service: Heartbleed
• docker pull opendns/security-ninjas - Security Ninjas
• docker pull diogomonica/docker-bench-security - Docker Bench for Security
• docker pull ismisepaul/securityshepherd - OWASP Security Shepherd
• docker pull danmx/docker-owasp-webgoat - OWASP WebGoat Project docker image
• docker pull citizenstig/nowasp - OWASP Mutillidae II Web Pen-Test Practice Application

Vulnerability Scanners

• Netsparker - Web Application Security Scanner
• Nexpose - Vulnerability Management & Risk Management Software
• Nessus - Vulnerability, configuration, and compliance assessment
• Nikto - Web application vulnerability scanner
• OpenVAS - Open Source vulnerability scanner and manager
• OWASP Zed Attack Proxy - Penetration testing tool for web applications
• Secapps - Integrated web application security testing environment
• w3af - Web application attack and audit framework
• Wapiti - Web application vulnerability scanner
• WebReaver - Web application vulnerability scanner for Mac OS X
• DVCS Ripper - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR
• arachni - Web Application Security Scanner Framework

Network Tools

• nmap - Free Security Scanner For Network Exploration & Security Audits
• pig - A Linux packet crafting tool
• tcpdump/libpcap - A common packet analyzer that runs under the command line
• Wireshark - A network protocol analyzer for Unix and Windows
• Network Tools - Different network tools: ping, lookup, whois, etc
• netsniff-ng - A Swiss army knife for for network sniffing
• Intercepter-NG - a multifunctional network toolkit
• SPARTA - Network Infrastructure Penetration Testing Tool
• dnschef - A highly configurable DNS proxy for pentesters
• DNSDumpster - Online DNS recon and search service
• dnsenum - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results
• dnsmap - Passive DNS network mapper
• dnsrecon - DNS Enumeration Script
• dnstracer - Determines where a given DNS server gets its information from, and follows the chain of DNS servers
• passivedns-client - Provides a library and a query tool for querying several passive DNS providers
• passivedns - A network sniffer that logs all DNS server replies for use in a passive DNS setup
• Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
• Zarp - Zarp is a network attack tool centered around the exploitation of local networks
• mitmproxy - An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers
• mallory - HTTP/HTTPS proxy over SSH
• Netzob - Reverse engineering, traffic generation and fuzzing of communication protocols
• DET - DET is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time
• pwnat - punches holes in firewalls and NATs
• dsniff - a collection of tools for network auditing and pentesting
• tgcd - a simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls
• smbmap - a handy SMB enumeration tool
• scapy - a python-based interactive packet manipulation program & library

Wireless Network Tools

• Aircrack-ng - a set of tools for auditing wireless network
• Kismet - Wireless network detector, sniffer, and IDS
• Reaver - Brute force attack against Wifi Protected Setup
• Wifite - Automated wireless attack tool
• wifiphisher - Automated phishing attacks against Wi-Fi networks

SSL Analysis Tools

• SSLyze - SSL configuration scanner
• sslstrip - a demonstration of the HTTPS stripping attacks
• sslstrip2 - SSLStrip version to defeat HSTS
• tls_prober - fingerprint a server's SSL/TLS implementation

Web exploitation

• WPScan - Black box WordPress vulnerability scanner
• SQLmap - Automatic SQL injection and database takeover tool
• weevely3 - Weaponized web shell
• Wappalyzer - Wappalyzer uncovers the technologies used on websites
• cms-explorer - CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
• joomscan - Joomla CMS scanner
• WhatWeb - Website Fingerprinter
• BlindElephant - Web Application Fingerprinter
• fimap - Find, prepare, audit, exploit and even google automatically for LFI/RFI bugs
• Kadabra - Automatic LFI exploiter and scanner
• Kadimus - LFI scan and exploit tool
• liffy - LFI exploitation tool

Hex Editors

• HexEdit.js - Browser-based hex editing
• Hexinator (commercial) - World's finest Hex Editor

Crackers

• John the Ripper - Fast password cracker
• Online MD5 cracker - Online MD5 hash Cracker
• Hashcat - The more fast hash cracker

Windows Utils

• Sysinternals Suite - The Sysinternals Troubleshooting Utilities
• Windows Credentials Editor - security tool to list logon sessions and add, change, list and delete associated credentials
• mimikatz - Credentials extraction tool for Windows OS
• PowerSploit - A PowerShell Post-Exploitation Framework
• Windows Exploit Suggester - Detects potential missing patches on the target
• Responder - A LLMNR, NBT-NS and MDNS poisoner
• Empire - Empire is a pure PowerShell post-exploitation agent
• Fibratus - Tool for exploration and tracing of the Windows kernel

Linux Utils

• Linux Exploit Suggester - Linux Exploit Suggester; based on operating system release number.

DDoS Tools

• LOIC - An open source network stress tool for Windows
• JS LOIC - JavaScript in-browser version of LOIC
• T50 - The more fast network stress tool

Social Engineering Tools

• SET - The Social-Engineer Toolkit from TrustedSec

OSInt Tools

• Maltego - Proprietary software for open source intelligence and forensics, from Paterva.
• theHarvester - E-mail, subdomain and people names harvester
• creepy - A geolocation OSINT tool
• metagoofil - Metadata harvester
• Google Hacking Database - a database of Google dorks; can be used for recon
• Censys - Collects data on hosts and websites through daily ZMap and ZGrab scans
• Shodan - Shodan is the world's first search engine for Internet-connected devices
• ZoomEye - A cyberspace search engine for Internet-connected devices and websites using Xmap and Wmap
• recon-ng - A full-featured Web Reconnaissance framework written in Python
• github-dorks - CLI tool to scan github repos/organizations for potential sensitive information leak

Anonymity Tools

• Tor - The free software for enabling onion routing online anonymity
• I2P - The Invisible Internet Project
• Nipe - Script to redirect all traffic from the machine to the Tor network.

Reverse Engineering Tools

• IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
• IDA Free - The freeware version of IDA v5.0
• WDK/WinDbg - Windows Driver Kit and WinDbg
• OllyDbg - An x86 debugger that emphasizes binary code analysis
• Radare2 - Opensource, crossplatform reverse engineering framework.
• x64_dbg - An open-source x64/x32 debugger for windows.
• Pyew - A Python tool for static malware analysis.
• Bokken - GUI for Pyew Radare2.
• Immunity Debugger - A powerful new way to write exploits and analyze malware
• Evan's Debugger - OllyDbg-like debugger for Linux
• Medusa disassembler - An open source interactive disassembler
• plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.

CTF Tools

• Pwntools - CTF framework for use in CTFs

Books

Penetration Testing Books

• The Art of Exploitation by Jon Erickson, 2008
• Metasploit: The Penetration Tester's Guide by David Kennedy et al., 2011
• Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014
• Rtfm: Red Team Field Manual by Ben Clark, 2014
• The Hacker Playbook by Peter Kim, 2014
• The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013
• Professional Penetration Testing by Thomas Wilhelm, 2013
• Advanced Penetration Testing for Highly-Secured Environments by Lee Allen, 2012
• Violent Python by TJ O'Connor, 2012
• Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton et al., 2007
• Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz, 2014
• Penetration Testing: Procedures & Methodologies by EC-Council, 2010
• Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp, 2010
• Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson, 2014
• Bug Hunter's Diary by Tobias Klein, 2011

Hackers Handbook Series

• The Database Hacker's Handbook, David Litchfield et al., 2005
• The Shellcoders Handbook by Chris Anley et al., 2007
• The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009
• The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011
• iOS Hackers Handbook by Charlie Miller et al., 2012
• Android Hackers Handbook by Joshua J. Drake et al., 2014
• The Browser Hackers Handbook by Wade Alcorn et al., 2014
• The Mobile Application Hackers Handbook by Dominic Chell et al., 2015
• Car Hacker's Handbook by Craig Smith, 2016

Network Analysis Books

• Nmap Network Scanning by Gordon Fyodor Lyon, 2009
• Practical Packet Analysis by Chris Sanders, 2011
• Wireshark Network Analysis by by Laura Chappell & Gerald Combs, 2012
• Network Forensics: Tracking Hackers through Cyberspace by Sherri Davidoff & Jonathan Ham, 2012

Reverse Engineering Books

• Reverse Engineering for Beginners by Dennis Yurichev
• Hacking the Xbox by Andrew Huang, 2003
• The IDA Pro Book by Chris Eagle, 2011
• Practical Reverse Engineering by Bruce Dang et al., 2014
• Gray Hat Hacking The Ethical Hacker's Handbook by Daniel Regalado et al., 2015

Malware Analysis Books

• Practical Malware Analysis by Michael Sikorski & Andrew Honig, 2012
• The Art of Memory Forensics by Michael Hale Ligh et al., 2014
• Malware Analyst's Cookbook and DVD by Michael Hale Ligh et al., 2010

Windows Books

• Windows Internals by Mark Russinovich et al., 2012

Social Engineering Books

• The Art of Deception by Kevin D. Mitnick & William L. Simon, 2002
• The Art of Intrusion by Kevin D. Mitnick & William L. Simon, 2005
• Ghost in the Wires by Kevin D. Mitnick & William L. Simon, 2011
• No Tech Hacking by Johnny Long & Jack Wiles, 2008
• Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010
• Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014
• Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014

Lock Picking Books

• Practical Lock Picking by Deviant Ollam, 2012
• Keys to the Kingdom by Deviant Ollam, 2012
• CIA Lock Picking Field Operative Training Manual
• Lock Picking: Detail Overkill by Solomon
• Eddie the Wire books

Vulnerability Databases

• NVD - US National Vulnerability Database
• CERT - US Computer Emergency Readiness Team
• OSVDB - Open Sourced Vulnerability Database
• Bugtraq - Symantec SecurityFocus
• Exploit-DB - Offensive Security Exploit Database
• Fulldisclosure - Full Disclosure Mailing List
• MS Bulletin - Microsoft Security Bulletin
• MS Advisory - Microsoft Security Advisories
• Inj3ct0r - Inj3ct0r Exploit Database
• Packet Storm - Packet Storm Global Security Resource
• SecuriTeam - Securiteam Vulnerability Information
• CXSecurity - CSSecurity Bugtraq List
• Vulnerability Laboratory - Vulnerability Research Laboratory
• ZDI - Zero Day Initiative

Security Courses

• Offensive Security Training - Training from BackTrack/Kali developers
• SANS Security Training - Computer Security Training & Certification
• Open Security Training - Training material for computer security classes
• CTF Field Guide - everything you need to win your next CTF competition
• Cybrary - online IT and Cyber Security training platform

Information Security Conferences

• DEF CON - An annual hacker convention in Las Vegas
• Black Hat - An annual security conference in Las Vegas
• BSides - A framework for organising and holding security conferences
• CCC - An annual meeting of the international hacker scene in Germany
• DerbyCon - An annual hacker conference based in Louisville
• PhreakNIC - A technology conference held annually in middle Tennessee
• ShmooCon - An annual US east coast hacker convention
• CarolinaCon - An infosec conference, held annually in North Carolina
• HOPE - A conference series sponsored by the hacker magazine 2600
• SummerCon - One of the oldest hacker conventions, held during Summer
• Hack.lu - An annual conference held in Luxembourg
• HITB - Deep-knowledge security conference held in Malaysia and The Netherlands
• Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany
• Hack3rCon - An annual US hacker conference
• ThotCon - An annual US hacker conference held in Chicago
• LayerOne - An annual US security conference held every spring in Los Angeles
• DeepSec - Security Conference in Vienna, Austria
• SkyDogCon - A technology conference in Nashville
• SECUINSIDE - Security Conference in Seoul
• DefCamp - Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania
• AppSecUSA - An annual conference organised by OWASP
• BruCON - An annual security conference in Belgium
• Infosecurity Europe - Europe's number one information security event, held in London, UK
• Nullcon - An annual conference in Delhi and Goa, India
• RSA Conference USA - An annual security conference in San Francisco, California, USA
• Swiss Cyber Storm - An annual security conference in Lucerne, Switzerland
• Virus Bulletin Conference - An annual conference going to be held in Denver, USA for 2016
• Ekoparty - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina
• 44Con - Annual Security Conference held in London
• BalCCon - Balkan Computer Congress, annualy held in Novi Sad, Serbia
• FSec - FSec - Croatian Information Security Gathering in Varaždin, Croatia

Information Security Magazines

• 2600: The Hacker Quarterly - An American publication about technology and computer "underground"
• Phrack Magazine - By far the longest running hacker zine

Awesome Lists

• Kali Linux Tools - List of tools present in Kali Linux
• SecTools - Top 125 Network Security Tools
• C/C++ Programming - One of the main language for open source security tools
• .NET Programming - A software framework for Microsoft Windows platform development
• Shell Scripting - Command-line frameworks, toolkits, guides and gizmos
• Ruby Programming by @dreikanter - The de-facto language for writing exploits
• Ruby Programming by @markets - The de-facto language for writing exploits
• Ruby Programming by @Sdogruyol - The de-facto language for writing exploits
• JavaScript Programming - In-browser development and scripting
• Node.js Programming by @sindresorhus - JavaScript in command-line
• Node.js Programming by @vndmtrx - JavaScript in command-line
• Python tools for penetration testers - Lots of pentesting tools are written in Python
• Python Programming by @svaksha - General Python programming
• Python Programming by @vinta - General Python programming
• Android Security - A collection of android security related resources
• Awesome Awesomness - The List of the Lists
• AppSec - Resources for learning about application security
• CTFs - Capture The Flag frameworks, libraries, etc
• Hacking - Tutorials, tools, and resources
• Honeypots - Honeypots, tools, components, and more
• Infosec - Information security resources for pentesting, forensics, and more
• Malware Analysis - Tools and resources for analysts
• PCAP Tools - Tools for processing network traffic
• Security - Software, libraries, documents, and other resources
• Awesome List - A curated list of awesome lists
• SecLists - Collection of multiple types of lists used during security assessments
• Security Talks - A curated list of security conferences
• OffensiveSecBlog - Tools for Hackers and Pentesters

OffensiveSec 2016

Read More

Remote Vulnerability Testing Framework - Pocsuite

Pocsuite is an open-sourced remote vulnerability testing and PoC development framework developed by the Knownsec Security Team. It serves as the cornerstone of the team.

You can use Pocsuite to verify and exploit vulnerabilities or write PoC/Exp based on it. You can also integrate Pocsuite in your vulnerability testing tool, which provides a standard calling class.

Requirements

• Python 2.6+
• Works on Linux, Windows, Mac OSX, BSD

Functions

Vulnerability Testing Frameworkul_test

Written in Python and supported both validation and exploitation two plugin-invoked modes, Pocsuite could import batch targets from files and test those targets against multiple exploit-plugins in advance.

PoC/Exp Development Kit

Like Metasploit, it is a development kit for pentesters to develope their own exploits. Based on Pocsuite, you can write the most core code of PoC/Exp without caring about the resulting output etc. There are at least several hundred people writing PoC/Exp based on Pocsuite up to date.

 Integratable Module

Users could utilize some auxiliary modules packaged in Pocsuite to extend their exploit functions or integrate Pocsuite to develop other vulnerability assesment tools.

 Integrated ZoomEye And Seebug APIs

Pocsuite is also an extremely useful tool to integrate Seebug and ZoomEye APIs in a collaborative way. Vulnerablity assessment can be done automatically and effectively by searching targets through ZoomEye and acquiring PoC scripts from Seebug or locally.

Installation
The quick way:

$ pip install pocsuite

Or download the latest source zip package and extract

$ wget https://github.com/knownsec/Pocsuite/archive/master.zip
$ unzip master.zip

The latest version of this software is available from: http://pocsuite.org

Documentation
Documentation is available in the english docs / chinese docs directory.

Download Pocsuite

Read More