Waldo - Multithreaded Directory and Subdomain Bruteforcer

Waldo is a lightweight and multithreaded directory and subdomain bruteforcer implemented in Python. It can be used to locate hidden web resources and undiscovered subdomains of the specified target.

Key Features

• Quickly and easily generate a list of all subdomains of target domain
• Discover hidden web resources that can be potentially leveraged as part of an attack
• Written in Python and very portable
• Fast, multithreaded design

Setup
Dependencies can be installed by running:

$ pip install -r pip.req

To run the waldo:

$ python waldo.py

Usage To enumerate subdomains at some-fake-site.example, execute the following:

$ python waldo.py -m s -d some-fake-site.example

To enumerate directories at some-fake-site.example, execute the following:

$ python waldo.py -m d -d some-fake-site.example

By default, output will be logged to waldo-output.txt. To specify a custom output file, use the -l flag:

$ python waldo.py -m s -l my-log-file.txt -d some-fake-site.example

Waldo uses 4 threads by default. To specify a custom threadpool size, use the -t flag:

$ python waldo.py -m s -d some-fake-site.example -t 15

Download Waldo

Read More

oclHashcat v2.01 - Worlds Fastest Password Cracker

oclHashcat is the world's fastest and most advanced GPGPU-based password recovery utility, supporting five unique modes of attack for over 170 highly-optimized hashing algorithms. oclHashcat currently supports AMD (OpenCL) and Nvidia (CUDA) graphics processors on GNU/Linux and Windows 7/8/10, and has facilities to help enable distributed password cracking.

Features

• Worlds fastest password cracker
• Worlds first and only GPGPU based rule engine
• Free
• Open-Source
• Multi-GPU (up to 128 gpus)
• Multi-Hash (up to 100 million hashes)
• Multi-OS (Linux & Windows native binaries)
• Multi-Platform (OpenCL & CUDA support)
• Multi-Algo (see below)
• Low resource utilization, you can still watch movies or play games while cracking
• Focuses highly iterated modern hashes
• Focuses dictionary based attacks
• Supports distributed cracking
• Supports pause / resume while cracking
• Supports sessions
• Supports restore
• Supports reading words from file
• Supports reading words from stdin
• Supports hex-salt
• Supports hex-charset
• Built-in benchmarking system
• Integrated thermal watchdog
• ... and much more

Attack-Modes

• Straight ^*
• Combination
• Brute-force
• Hybrid dict + mask
• Hybrid mask + dict

^* accept Rules

Algorithms

• MD4
• MD5
• Half MD5 (left, mid, right)
• SHA1
• SHA-256
• SHA-384
• SHA-512
• SHA-3 (Keccak)
• SipHash
• RipeMD160
• Whirlpool
• GOST R 34.11-94
• GOST R 34.11-2012 (Streebog) 256-bit
• GOST R 34.11-2012 (Streebog) 512-bit
• Double MD5
• Double SHA1
• md5($pass.$salt)
• md5($salt.$pass)
• md5(unicode($pass).$salt)
• md5($salt.unicode($pass))
• md5(sha1($pass))
• md5($salt.md5($pass))
• md5($salt.$pass.$salt)
• md5(strtoupper(md5($pass)))
• sha1($pass.$salt)
• sha1($salt.$pass)
• sha1(unicode($pass).$salt)
• sha1($salt.unicode($pass))
• sha1(md5($pass))
• sha1($salt.$pass.$salt)
• sha256($pass.$salt)
• sha256($salt.$pass)
• sha256(unicode($pass).$salt)
• sha256($salt.unicode($pass))
• sha512($pass.$salt)
• sha512($salt.$pass)
• sha512(unicode($pass).$salt)
• sha512($salt.unicode($pass))
• HMAC-MD5 (key = $pass)
• HMAC-MD5 (key = $salt)
• HMAC-SHA1 (key = $pass)
• HMAC-SHA1 (key = $salt)
• HMAC-SHA256 (key = $pass)
• HMAC-SHA256 (key = $salt)
• HMAC-SHA512 (key = $pass)
• HMAC-SHA512 (key = $salt)
• PBKDF2-HMAC-MD5
• PBKDF2-HMAC-SHA1
• PBKDF2-HMAC-SHA256
• PBKDF2-HMAC-SHA512
• MyBB
• phpBB3
• SMF
• vBulletin
• IPB
• Woltlab Burning Board
• osCommerce
• xt:Commerce
• PrestaShop
• Mediawiki B type
• Wordpress
• Drupal
• Joomla
• PHPS
• Django (SHA-1)
• Django (PBKDF2-SHA256)
• EPiServer
• ColdFusion 10+
• Apache MD5-APR
• MySQL
• PostgreSQL
• MSSQL
• Oracle H: Type (Oracle 7+)
• Oracle S: Type (Oracle 11+)
• Oracle T: Type (Oracle 12+)
• Sybase
• hMailServer
• DNSSEC (NSEC3)
• IKE-PSK
• IPMI2 RAKP
• iSCSI CHAP
• Cram MD5
• MySQL Challenge-Response Authentication (SHA1)
• PostgreSQL Challenge-Response Authentication (MD5)
• SIP Digest Authentication (MD5)
• WPA
• WPA2
• NetNTLMv1
• NetNTLMv1 + ESS
• NetNTLMv2
• Kerberos 5 AS-REQ Pre-Auth etype 23
• Netscape LDAP SHA/SSHA
• LM
• NTLM
• Domain Cached Credentials (DCC), MS Cache
• Domain Cached Credentials 2 (DCC2), MS Cache 2
• MS-AzureSync PBKDF2-HMAC-SHA256
• descrypt
• bsdicrypt
• md5crypt
• sha256crypt
• sha512crypt
• bcrypt
• scrypt
• OSX v10.4
• OSX v10.5
• OSX v10.6
• OSX v10.7
• OSX v10.8
• OSX v10.9
• OSX v10.10
• AIX {smd5}
• AIX {ssha1}
• AIX {ssha256}
• AIX {ssha512}
• Cisco-ASA
• Cisco-PIX
• Cisco-IOS
• Cisco $8$
• Cisco $9$
• Juniper IVE
• Juniper Netscreen/SSG (ScreenOS)
• Android PIN
• GRUB 2
• CRC32
• RACF
• Radmin2
• Redmine
• Citrix Netscaler
• SAP CODVN B (BCODE)
• SAP CODVN F/G (PASSCODE)
• SAP CODVN H (PWDSALTEDHASH) iSSHA-1
• PeopleSoft
• Skype
• 7-Zip
• RAR3-hp
• PDF 1.1 - 1.3 (Acrobat 2 - 4)
• PDF 1.4 - 1.6 (Acrobat 5 - 8)
• PDF 1.7 Level 3 (Acrobat 9)
• PDF 1.7 Level 8 (Acrobat 10 - 11)
• MS Office <= 2003 MD5
• MS Office <= 2003 SHA1
• MS Office 2007
• MS Office 2010
• MS Office 2013
• Lotus Notes/Domino 5
• Lotus Notes/Domino 6
• Lotus Notes/Domino 8
• Bitcoin/Litecoin wallet.dat
• Blockchain, My Wallet
• 1Password, agilekeychain
• 1Password, cloudkeychain
• Lastpass
• Password Safe v2
• Password Safe v3
• eCryptfs
• Android FDE <= 4.3
• TrueCrypt 5.0+

Download oclHashcat v2.01

Read More

0d1n - Tool For Automating Customized Attacks Against Web Applications

Web security tool to make fuzzing at HTTP inputs, made in C with libCurl.

You can do:

• brute force passwords in auth forms
• directory disclosure ( use PATH list to brute, and find HTTP status code )
• test list on input to find SQL Injection and XSS vulnerabilities

To run:

require libcurl-dev or libcurl-devel(on rpm linux based)

$ git clone https://github.com/CoolerVoid/0d1n/

need libcurl to run

$ sudo apt-get install libcurl-dev

if rpm distro

$ sudo yum install libcurl-devel
$ make
$./0d1n

Download 0d1n

Read More

SpiderFoot v2.6.1 - Open Source Intelligence Automation

SpiderFoot is an open source intelligence automation tool. Its goal is to automate the process of gathering intelligence about a given target.

Purpose 

There are three main areas where SpiderFoot can be useful:

1. If you are a pen-tester, SpiderFoot will automate the reconnaisance stage of the test, giving you a rich set of data to help you pin-point areas of focus for the test.
   
2. Understand what your network/organisation is openly exposing to the outside world. Such information in the wrong hands could be a significant risk.
   
3. SpiderFoot can also be used to gather threat intelligence about suspected malicious IPs you might be seeing in your logs or have obtained via threat intelligence data feeds.

Features

• Utilises a shedload of data sources; over 40 so far and counting, including SHODAN, RIPE, Whois, PasteBin, Google, SANS and more.
  
• Designed for maximum data extraction; every piece of data is passed on to modules that may be interested, so that they can extract valuable information. No piece of discovered data is saved from analysis.
  
• Runs on Linux and Windows. And fully open-source so you can fork it on GitHub and do whatever you want with it.
  
• Visualisations. Built-in JavaScript-based visualisations or export to GEXF/CSV for use in other tools, like Gephi for instance.
  
• Web-based UI. No cumbersome CLI or Java to mess with. Easy to use, easy to navigate. Take a look through the gallery for screenshots.
  
• Highly configurable. Almost every module is configurable so you can define the level of intrusiveness and functionality.
  
• Modular. Each major piece of functionality is a module, written in Python. Feel free to write your own and submit them to be incorporated!
  
• SQLite back-end. All scan results are stored in a local SQLite database, so you can play with your data to your heart’s content.
  
• Simultaneous scans. Each footprint scan runs as its own thread, so you can perform footprinting of many different targets simultaneously.
  
• So much more.. check out the documentation for more information.

Download SpiderFoot v2.6.1

Read More

Katana - Framework for Hackers, Professional Security and Developers

Katana is a framework written in python for making penetration testing, based on a simple and comprehensive structure for anyone to use, modify and share, the goal is to unify tools serve for professional when making a penetration test or simply as a routine tool, The current version is not completely stable, not complete.

MAIN FILES

--core
  ¬Setting.py         --- Setting variables
  ¬design.py          --- Design template
  ¬Errors.py          --- Error Debug
  ¬ping.py            --- Funcitons
--scripts
  ¬__init__.py        --- Modules List

REQUIREMENTS

OS requirement: Kali Linux

INSTALLATION 

Installation of Katana framework:

git clone https://github.com/RedToor/katana.git
cd Katana
chmod 777 install.py
python install.py

USAGE Commands

Stable ------------------------------------------------------------------
./sudo ktf.console                                   98% Builded - Enabled
./sudo ktf.run -m net/arpspoof                       95% Builded - Enabled
Building ----------------------------------------------------------------
ktf.lab                                              30% Builded - No yet.
ktf.linker -m web/whois -t google.com -p 80          80% Builded - No yet.

MODULES (SCRIPTS)

Code Name	Description	Autor	Version
web/httpbt	Brute force to http 403	Redtoor	1.0
web/formbt	Brute force to form-based	Redtoor	1.0
web/cpfinder	Admin panel finder	Redtoor	1.0
web/joomscan	Scanner vul's cms joomla	Redtoor	1.0
web/dos	Denial of service web	Redtoor	1.0
web/whois	Who-is web	Redtoor	1.0
net/arpspoof	ARP-Spoofing attack	Redtoor	1.0
net/arplook	ARP-Spoofing detector	cl34r	1.0
net/portscan	Port Scanner	RedToor	1.0
set/gdreport	Getting information with web	RedToor	3.0
set/mailboom	E-mail boombing SPAM	RedToor	3.0
set/facebrok	facebook phishing plataform	RedToor	1.7
fle/brutezip	Brute force to zip files	LeSZO ZerO	1.0
fle/bruterar	Brute force to rar files	LeSZO ZerO	1.0
clt/ftp	Console ftp client	Redtoor	1.0
clt/sql	Console sql client	Redtoor	1.0
clt/pop3	Console pop3 client	Redtoor	1.0
clt/ftp	Console ftp client	Redtoor	1.0
ser/sql	Start SQL server	Redtoor	1.0
ser/apache	Start Apache server	Redtoor	1.0
ser/ssh	Start SSH server	Redtoor	1.0
fbt/ftp	Brute force to ftp	Redtoor	1.0
fbt/ssh	Brute force to ssh	Redtoor	1.0
fbt/sql	Brute force to sql	Redtoor	1.0
fbt/pop3	Brute force to pop3	Redtoor	1.0

LINKS

Project in SF : http://sourceforge.net/projects/katanas/files/
Documentation: https://github.com/RedToor/Katana/tree/master/doc
Blog of project[ES]: http://cave-rt.blogspot.com.co/2015/07/instalacion-y-uso-katana-framework.html

Download Katana

Read More

Xplico v1.1.1 - Open Source Network Forensic Analysis Tool (NFAT)

The goal of Xplico is extract from an internet traffic capture the applications data contained.

For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).

Features

• Protocols supported: HTTP, SIP, IMAP, POP, SMTP, TCP, UDP, IPv6, …;
• Port Independent Protocol Identification (PIPI) for each application protocol;
• Multithreading;
• Output data and information in SQLite database or Mysql database and/or files;
• At each data reassembled by Xplico is associated a XML file that uniquely identifies the flows and the pcap containing the data reassembled;
• Realtime elaboration (depends on the number of flows, the types of protocols and by the performance of computer -RAM, CPU, HD access time, …-);
• TCP reassembly with ACK verification for any packet or soft ACK verification;
• Reverse DNS lookup from DNS packages contained in the inputs files (pcap), not from external DNS server;
• No size limit on data entry or the number of files entrance (the only limit is HD size);
• IPv4 and IPv6 support;
• Modularity. Each Xplico component is modular. The input interface, the protocol decoder (Dissector) and the output interface (dispatcher) are all modules;
• The ability to easily create any kind of dispatcher with which to organize the data extracted in the most appropriate and useful to you;

Download Xplico

Read More

Bohatei - Flexible and Elastic DDoS Defense

Bohatei is a first of its kind platform that enables flexible and elastic DDoS defense using SDN and NFV.

The repository contains a first version of the components described in the Bohatei paper, as well as a web-based User Interface. The backend folder consists of :

• an implementation of the FlowTags framework for the OpenDaylight controller
• an implementation of the resource management algorithms
• a topology file that was used to simulate an ISP topology
• scripts that facilitate functions such as spawning, tearing down and retrieving the topology.
• scripts that automate and coordinate the components required for the usecases examined.

The frontend folder contains the required files for the web interface.

For the experiments performed, we used a set of VM images that contain implementations of the strategy graphs for each type of attack (SYN Flood, UDP Flood, DNS Amplification and Elephant Flow). Those images will become available at a later stage. The tools that were used for those strategy graphs are the following:

• Bro
• Snort
• Balancer
• Iptables
• Iperf
• Custom scripts to simulate the attacks

Bohatei Paper

Bohatei Slides

Video

Download Bohatei

Read More

REXT - Router Exploitation Toolkit

Small toolkit for easy creation and usage of various python scripts that work with embedded devices.

• core - contains most of toolkits basic functions
• databases - contains databases, like default credentials etc.
• interface - contains code that is being used for the creation and manipulation with interface
• modules - contains structure of modules, that can be loaded, every module contains vendor specific sub-modules where scripts are stored.
  • decryptors
  • exploits
  • harvesters
  • misc
  • scanners
• output - output goes here

This is still heavy work-in progress

Requirements
I am trying to keep the requirements minimal:

• requests

Download REXT

Read More

Aircrack-ng 1.2 RC 3 - WEP and WPA-PSK Keys Cracking Program

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.

Third release candidate and hopefully this should be the last one. It contains a ton of bug fixes, code cleanup, improvements and compilation fixes everywhere. Some features were added: AppArmor profiles, better FreeBSD support, including an airmon-ng for FreeBSD.

Aircrack-ng Changelog

Version 1.2-rc3 (changes from aircrack-ng 1.2-rc2) - Released 21 Nov 2015:

• Airodump-ng: Prevent sending signal to init which caused the system to reboot/shutdown.
• Airbase-ng: Allow to use a user-specified ANonce instead of a randomized one when doing the 4-way handshake
• Aircrack-ng: Fixed compilation warnings.
• Aircrack-ng: Removed redundant NULL check and fixed typo in another one.
• Aircrack-ng: Workaround for segfault when compiling aircrack-ng with clang and gcrypt and running a check.
• Airmon-ng: Created version for FreeBSD.
• Airmon-ng: Prevent passing invalid values as channel.
• Airmon-ng: Handle udev renaming interfaces.
• Airmon-ng: Better handling of rfkill.
• Airmon-ng: Updated OUI URL.
• Airmon-ng: Fix VM detection.
• Airmon-ng: Make lsusb optional if there doesn't seem to be a usb bus. Improve pci detection slightly.
• Airmon-ng: Various cleanup and fixes (including wording and typos).
• Airmon-ng: Display iw errors.
• Airmon-ng: Improved handling of non-monitor interfaces.
• Airmon-ng: Fixed error when running 'check kill'.
• Airdrop-ng: Display error instead of stack trace.
• Airmon-ng: Fixed bashism.
• Airdecap-ng: Allow specifying output file names.
• Airtun-ng: Added missing parameter to help screen.
• Besside-ng-crawler: Removed reference to darkircop.org (non-existent subdomain).
• Airgraph-ng: Display error when no graph type is specified.
• Airgraph-ng: Fixed make install.
• Manpages: Fixed, updated and improved airodump-ng, airmon-ng, aircrack-ng, airbase-ng and aireplay-ng manpages.
• Aircrack-ng GUI: Fixes issues with wordlists selection.
• OSdep: Add missing RADIOTAP_SUPPORT_OVERRIDES check.
• OSdep: Fix possible infinite loop.
• OSdep: Use a default MTU of 1500 (Linux only).
• OSdep: Fixed compilation on OSX.
• AppArmor: Improved and added profiles.
• General: Fixed warnings reported by clang.
• General: Updated TravisCI configuration file
• General: Fixed typos in various tools.
• General: Fixed clang warning about 'gcry_thread_cbs()' being deprecated with gcrypt > 1.6.0.
• General: Fixed compilation on cygwin due to undefined reference to GUID_DEVCLASS_NET
• General: Fixed compilation with musl libc.
• General: Improved testing and added test cases (make check).
• General: Improved mutexes handling in various tools.
• General: Fixed memory leaks, use afer free, null termination and return values in various tools and OSdep.
• General: Fixed compilation on FreeBSD.
• General: Various fixes and improvements to README (wording, compilation, etc).
• General: Updated copyrights in help screen.

Download Aircrack-ng 1.2 RC 3

Read More