I2P - The Invisible Internet Project

I2P is an anonymous network, exposing a simple layer that applications can use to anonymously and securely send messages to each other. The network itself is strictly message based (a la IP), but there is a library available to allow reliable streaming communication on top of it (a la TCP). All communication is end to end encrypted (in total there are four layers of encryption used when sending a message), and even the end points ("destinations") are cryptographic identifiers (essentially a pair of public keys).

How does it work?

To anonymize the messages sent, each client application has their I2P "router" build a few inbound and outbound "tunnels" - a sequence of peers that pass messages in one direction (to and from the client, respectively). In turn, when a client wants to send a message to another client, the client passes that message out one of their outbound tunnels targeting one of the other client's inbound tunnels, eventually reaching the destination. Every participant in the network chooses the length of these tunnels, and in doing so, makes a tradeoff between anonymity, latency, and throughput according to their own needs. The result is that the number of peers relaying each end to end message is the absolute minimum necessary to meet both the sender's and the receiver's threat model.

The first time a client wants to contact another client, they make a query against the fully distributed "network database" - a custom structured distributed hash table (DHT) based off the Kademlia algorithm. This is done to find the other client's inbound tunnels efficiently, but subsequent messages between them usually includes that data so no further network database lookups are required.

What can you do with it?

Within the I2P network, applications are not restricted in how they can communicate - those that typically use UDP can make use of the base I2P functionality, and those that typically use TCP can use the TCP-like streaming library. We have a generic TCP/I2P bridge application ("I2PTunnel") that enables people to forward TCP streams into the I2P network as well as to receive streams out of the network and forward them towards a specific TCP/IP address.

I2PTunnel is currently used to let people run their own anonymous website ("eepsite") by running a normal webserver and pointing an I2PTunnel 'server' at it, which people can access anonymously over I2P with a normal web browser by running an I2PTunnel HTTP proxy ("eepproxy"). In addition, we use the same technique to run an anonymous IRC network (where the IRC server is hosted anonymously, and standard IRC clients use an I2PTunnel to contact it). There are other application development efforts going on as well, such as one to build an optimized swarming file transfer application (a la BitTorrent), a distributed data store (a la Freenet / MNet), and a blogging system (a fully distributed LiveJournal), but those are not ready for use yet.

I2P is not inherently an "outproxy" network - the client you send a message to is the cryptographic identifier, not some IP address, so the message must be addressed to someone running I2P. However, it is possible for that client to be an outproxy, allowing you to anonymously make use of their Internet connection. To demonstrate this, the "eepproxy" will accept normal non-I2P URLs (e.g. "http://www.i2p.net") and forward them to a specific destination that runs a squid HTTP proxy, allowing simple anonymous browsing of the normal web. Simple outproxies like that are not viable in the long run for several reasons (including the cost of running one as well as the anonymity and security issues they introduce), but in certain circumstances the technique could be appropriate.

The I2P development team is an open group, welcome to all who are interested in getting involved, and all of the code is open source. The core I2P SDK and the current router implementation is done in Java (currently working with both sun and kaffe, gcj support planned for later), and there is a simple socket based API for accessing the network from other languages (with a C library available, and both Python and Perl in development). The network is actively being developed and has not yet reached the 1.0 release, but the current roadmap describes our schedule.

Download I2P

Read More

WAIDPS - Wireless Auditing, Intrusion Detection & Prevention System

WAIDPS is an open source wireless swissknife written in Python and work on Linux environment. This is a multipurpose tools designed for audit (penetration testing) networks, detect wireless intrusion (WEP/WPA/WPS attacks) and also intrusion prevention (stopping station from associating to access point). Apart from these, it will harvest all WiFi information in the surrounding and store in databases. This will be useful when it comes to auditing a network if the access point is ‘MAC filtered’ or ‘hidden SSID’ and there isn’t any existing client at that moment.

WAIDS may be useful to penetration testers, wireless trainers, law enforcement agencies and those who is interested to know more about wireless auditing and protection. The primarily purpose for this script is to detect intrusion. Once wireless detect is found, it display on screen and also log to file on the attack. Additional features are added to current script where previous WIDS does not have are :

• automatically save the attack packets into a file
• interactive mode where users are allow to perform many functions
• allow user to analyse captured packets
• load previously saved pcap file or any other pcap file to be examine
• customizing filters
• customize detection threshold (sensitivity of IDS in detection)

At present, WAIDS is able to detect the following wireless attacks and will subsequently add other detection found in the previous WIDS.

• Association / Authentication flooding
• Detect mass deauthentication which may indicate a possible WPA attack for handshake
• Detect possible WEP attack using the ARP request replay method
• Detect possible WEP attack using chopchop method
• Detect possible WPS pin bruteforce attack by Reaver, Bully, etc.
• Detection of Evil-Twin
• Detection of Rogue Access Point

The whole structure of the Wireless Auditing, Intrusion Detection & Prevention System will comprise of

Harvesting WiFi Information         [Done]

Intrusion Detection                         [Partially Done]

Intrusion Prevention                       [Partially Done]

Auditing (Testing network)            [Coming Soon]

Other additional item include analyzing of packets, display of captured dump, display network barchart and much more.

Requirements

No special equipment is required to use this script as long as you have the following :

1. Root access (admin)
2. Wireless interface which is capable of monitoring and injection
3. Python 2.7 installed
4. Aircrack-NG suite installed
5. TShark installed
6. TCPDump installed
7. Mergecap installed (for joining pcap files)
8. xterm  installed

Read more here.

Download WAIDPS

Read More

Damn Vulnerable Web App - PHP/MySQL Training Web Application that is Damn Vulnerable

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

WARNING!

Damn Vulnerable Web App is damn vulnerable! Do not upload it to your hosting provider's public html folder or any working web server as it will be hacked. I recommend downloading and installing XAMPP onto a local machine inside your LAN which is used solely for testing.

We do not take responsibility for the way in which any one uses Damn Vulnerable Web App (DVWA). We have made the purposes of the application clear and it should not be used maliciously. We have given warnings and taken measures to prevent users from installing DVWA on to live web servers. If your web server is compromised via an installation of DVWA it is not our responsibility it is the responsibility of the person/s who uploaded and installed it.

Download Damn Vulnerable Web App

Read More

Web Security Dojo - Training Environment for Web Application Security Penetration Testing

A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo

What?

Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v10.04.2, which is patched with the appropriate updates and VM additions for easy use.

Why?

The Web Security Dojo is for learning and practicing web app security testing techniques. It is ideal for self-teaching and skill assessment, as well as training classes and conferences since it does not need a network connection. The Dojo contains everything needed to get started – tools, targets, and documentation.

Feature Overview

Targets include:

• OWASP’s WebGoat
• Google’s Gruyere
• Damn Vulnerable Web App
• Hacme Casino
• OWASP InsecureWebApp
• w3af’s test website
• simple training targets by Maven Security (including REST and JSON)

Tools: (starred = new this version)

• Burp Suite (free version)
• w3af
• sqlmap
• arachni *
• metasploit
• Zed Attack Proxy *
• OWASP Skavenger
• OWASP Dirbuster
• Paros
• Webscarab
• Ratproxy
• skipfish
• websecurify
• davtest
• J-Baah
• JBroFuzz
• Watobo *
• RATS
• helpful Firefox add-ons

Download Web Security Dojo

Read More

NoPo - NoSQL Honeypot Framework

NoSQL-Honeypot-Framework (NoPo) is an open source honeypot for nosql databases that automates the process of detecting attackers,logging attack incidents. The simulation engines are deployed using the twisted framework.Currently the framework holds support for redis.

N.B : The framework is under development and is prone to bugs

Installation
You can download NoPo by cloning the Git repository:

git clone https://github.com/torque59/nosqlpot.git

pip install -r requirements.txt

NoPo works out of the box with Python version 2.6.x and 2.7.x on any platform.

Added Features:

• First Ever Honeypot for NoSQL Databases
• Support For Config Files
• Simulates Protocol Specification as of Servers
• Support for Redis

Usage
Get a list of basic options :

python nopo.py -h

Deploy an nosql engine:

python nopo.py -deploy redis

Deploy an nosql engine with a configuration file:

python nopo.py -deploy redis -config filename

Log commands,session to file :

python nopo.py -deploy redis -out log.out

Download NoPo

Read More

Pixiewps - Bruteforce Offline the WPS Pin (Pixie Dust Attack)

Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs (pixie dust attack). It is meant for educational purposes only. All credits for the research go to Dominique Bongard.

DEPENDENCIES

Pixiewps requires libssl. To install it:

    sudo apt-get install libssl-dev

INSTALLATION
Pixiewps can be built and installed by running:

    ~/pixiewps$ cd src
    ~/pixiewps/src$ make
    ~/pixiewps/src$ sudo make install

USAGE

 Usage: pixiewps <arguments>

 Required Arguments:

    -e, --pke           : Enrollee public key
    -r, --pkr           : Registrar public key
    -s, --e-hash1       : Enrollee Hash1
    -z, --e-hash2       : Enrollee Hash2
    -a, --authkey       : Authentication session key

 Optional Arguments:

    -n, --e-nonce       : Enrollee nonce
    -m, --r-nonce       : Registrar nonce
    -b, --e-bssid       : Enrollee BSSID
    -S, --dh-small      : Small Diffie-Hellman keys (PKr not needed)   [No]
    -f, --force         : Bruteforce the whole keyspace                [No]
    -v, --verbosity     : Verbosity level 1-3, 1 is quietest            [3]

    -h, --help          : Display this usage screen

USAGE EXAMPLE
A common usage example is:

    pixiewps --pke <pke> --pkr <pkr> --e-hash1 <e-hash1> --e-hash2 <e-hash2> --authkey <authkey> --e-nonce <e-nonce>

which requires a modified version of Reaver or Bully which prints AuthKey. The recommended version is reaver-wps-fork-t6x.

If the following message is shown:

[!] The AP /might be/ vulnerable. Try again with --force or with another (newer) set of data.

then the AP might be vulnerable and Pixiewps should be run again with the same set of data along with the option --force or alternatively with a newer set of data.

DESCRIPTION OF ARGUMENTS

    -e, --pke

        Enrollee's DH public key, found in M1.

    -r, --pkr

        Registrar's DH public key, found in M2 or can be avoided by specifying
        --dh-small in both Reaver and Pixiewps.

    -s, --e-hash1

        Enrollee Hash-1, found in M3.

    -z, --e-hash2

        Enrollee Hash-2, found in M3.

    -a, --authkey

        Registration Protocol authentication session key. Although for this parameter a
        modified version of Reaver or Bully is needed, it can be avoided by specifying
        small Diffie-Hellman keys in both Reaver and Pixiewps and supplying --e-nonce,
        --r-nonce and --e-bssid.

    -n, --e-nonce

        Enrollee's nonce, found in M1.

    -m, --r-nonce

        Registrar's nonce, found in M2.

    -b, --e-bssid

        Enrollee's BSSID.

    -S, --dh-small

        Small Diffie-Hellman keys. The same option MUST be specified in Reaver
        (1.3 or later versions) too. This option should be avoided when possible.

    -f, --force

        Force Pixiewps to bruteforce the whole keyspace (only for one type of PRNG).
        It could take up to several minutes to complete.

    -v, --verbosity

        Verbosity level (1-3). Level 3 displays the most information.

    -h, --help

        Display usage screen.

Download Pixiewps

Read More

PyPhisher - A Simple Python Tool for Phishing

If you are looking to make a phishing testing or demonstration you can check PyPhisher. This tool was created for the purpose of phishing during a penetration test. This tool is python based that provide user a way to send emails with a customized template that he design. you can have an html format that is similar to any organization and replace the links that you want to send.

This was inspired by SpearPhiser beta by Dave Kennedy from Trustedsec and a feature found in Cobalt Strike by Rapheal Mudge from Strategic Cyber

Usage:

PyPhisher.py --server mail.server.com --port 25 --username user --password password --html phish.txt --url_replace phishlink.com --subject Read!! --sender important@phish.com --sendto target@company.com

Available options:

--server          The SMTP server that you are going to be using to send the email
--port            The port number that is setup for SMTP
--html            The pre-crafted html that will be used in the email
--url_replace     The url that will be used to replace all links in the email
--subject         The subject that will appear in the email message
--sender          The sender that will appear on the email example
--sendto          Who you would like to send the email to

Download PyPhisher

Read More

AsHttp - Shell Command to Expose any other Command as HTTP

ashttp provide a simple way to expose any shell command by HTTP. For example, to expose top by HTTP, try : ashttp -p8080 top ; then try http://localhost:8080.

Dependencies

ashttp depends on hl_vt100, a headless VT100 emulator.
To get and compile hl_vt100 :

$ git clone https://github.com/JulienPalard/vt100-emulator.git
$ aptitude install python-dev
$ make python_module
$ python setup.py install

Usage

ashttp can serve any text application over HTTP, like :

$ ashttp -p 8080 top

to serve a top on port 8080

$ ashttp -p 8080 watch -n 1 ls -lah /tmp

to serve an actualized directory listing of /tmp

Download AsHttp

Read More

Plecost - Wordpress Vulnerabilities Finder

Plecost is a vulnerability fingerprinting and vulnerability finder for Wordpress blog engine.

Why?

There are a huge number of Wordpress around the world. Most of them are exposed to be attacked and be converted into a virus, malware or illegal porn provider, without the knowledge of the blog owner.

This project try to help sysadmins and blog's owners to make a bit secure their Wordpress.

What's new?

This Plecost 3 version, add a lot of new features and fixes, like:

• Fixed a lot of bugs.
• New engine: without threads or any dependencies, but run more faster. We'll used python 3 asyncio and non-blocking connections. Also consume less memory. Incredible, right? :)
• Changed CVE update system and storage: Now Plecost get vulnerabilities directly from NIST and create a local SQLite data base with filtered information for Wordpress and theirs plugins.
• Wordpress vulnerabilities: Now Plecost also manage Wordpress Vulnerabilities (not only for the Plugins).
• Add local vulnerability database are queryable. You can consult the vulnerabilities for a concrete wordpress or plugins without, using the local database.

You can read entire list in CHANGELOG file.

Installation
Install Plecost is so easy:

$ python3 -m pip install plecost

Remember that Plecost3 only runs in Python 3.

Quick start
Scan a web site si so simple:

$ plecost http://SITE.com

A bit complex scan: increasing verbosity exporting results in JSON format and XML:
JSON

$ plecost -v http://SITE.com -o results.json

XML

$ plecost -v http://SITE.com -o results.xml

Advanced scan options
No check WordPress version, only for plugins:

$ plecost -nc http://SITE.com 

Force scan, even if not Wordpress was detected:

$ plecost -f http://SITE.com

Display only the short banner:

$ plecost -nb http://SITE.com

List available wordlists:

$ plecost -nb -l 

// Plecost - Wordpress finger printer Tool - v1.0.0

Available word lists:
   1 - plugin_list_10.txt
   2 - plugin_list_100.txt
   3 - plugin_list_1000.txt
   4 - plugin_list_250.txt
   5 - plugin_list_50.txt
   6 - plugin_list_huge.txt

Select a wordlist in the list:

$ plecost -nb -w plugin_list_10.txt http://SITE.com

Increasing concurrency (USE THIS OPTION WITH CAUTION. CAN SHUTDOWN TESTED SITE!)

$ plecost --concurrency 10 http://SITE.com

Or...

$ plecost -c 10 http://SITE.com

For more options, consult the --help command:

$ plecost -h

Updating
New versions and vulnerabilities are released diary, you can upload the local database writing:
Updating vulnerability database:

$ plecost --update-cve

Updating plugin list:

$ plecost --update-plugins

ScreenShots

Download Plecost

Read More