Mosca - Static Analysis Tool To Find Bugs

Just another Simple static analysis tool to find bugs like a grep unix command, at mosca have a modules, that was call egg, each egg is a simple config to find bug at especific language like PHP,Ruby,ASP etc... Example of egg config at directory "egg", If Mosca read a line with vunerability of egg in source code, then, mosca have alert about vulnerability and save at logs.

Download Mosca

Read More

Joomlavs - A Black Box, Joomla Vulnerability Scanner

JoomlaVS is a Ruby application that can help automate assessing how vulnerable a Joomla installation is to exploitation. It supports basic finger printing and can scan for vulnerabilities in components, modules and templates as well as vulnerabilities that exist within Joomla itself.

How to install

JoomlaVS has so far only been tested on Debian, but the installation process should be similar across most operating systems.

1. Ensure Ruby [2.0 or above] is installed on your system
2. Clone the source code using git clone https://github.com/rastating/joomlavs.git
3. Install bundler and required gems using sudo gem install bundler && bundle install

How to use
The only required option is the -u / --url option, which specifies the address to target. To do a full scan, however, the --scan-all option should also be specified, e.g. ruby joomlavs.rb -u yourjoomlatarget.com --scan-all .
A full list of options can be found below:

usage: joomlavs.rb [options]
Basic options
    -u, --url              The Joomla URL/domain to scan.
    --basic-auth           <username:password> The basic HTTP authentication credentials
    -v, --verbose          Enable verbose mode
Enumeration options
    -a, --scan-all         Scan for all vulnerable extensions
    -c, --scan-components  Scan for vulnerable components
    -m, --scan-modules     Scan for vulnerable modules
    -t, --scan-templates   Scan for vulnerable templates
    -q, --quiet            Scan using only passive methods
Advanced options
    --follow-redirection   Automatically follow redirections
    --no-colour            Disable colours in output
    --proxy                <[protocol://]host:port> HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported. If no protocol is given, HTTP will be used
    --proxy-auth           <username:password> The proxy authentication credentials
    --threads              The number of threads to use when multi-threading requests
    --user-agent           The user agent string to send with all requests

Download Joomlavs

Read More

MassBleed - Mass SSL Vulnerability Scanner

USAGE

 sh massbleed.sh [CIDR|IP] [single|port|subnet] [port] [proxy]

ABOUT
This script has four main functions with the ability to proxy all connections:

1. To mass scan any CIDR range for OpenSSL vulnerabilities via port 443/tcp (https) (example: sh massbleed.sh 192.168.0.0/16)
2. To scan any CIDR range for OpenSSL vulnerabilities via any custom port specified (example: sh massbleed.sh 192.168.0.0/16 port 8443)
3. To individual scan every port (1-10000) on a single system for vulnerable versions of OpenSSL (example: sh massbleed.sh 127.0.0.1 single)
4. To scan every open port on every host in a single class C subnet for OpenSSL vulnerabilities (example: sh massbleed.sh 192.168.0. subnet)

PROXY: A proxy option has been added to scan via proxychains. You'll need to configure /etc/proxychains.conf for this to work.

PROXY USAGE EXAMPLES: (example: sh massbleed.sh 192.168.0.0/16 0 0 proxy) (example: sh massbleed.sh 192.168.0.0/16 port 8443 proxy) (example: sh massbleed.sh 127.0.0.1 single 0 proxy) (example: sh massbleed.sh 192.168.0. subnet 0 proxy)

VULNERABILITIES:

1. OpenSSL HeartBleed Vulnerability (CVE-2014-0160)
2. OpenSSL CCS (MITM) Vulnerability (CVE-2014-0224)
3. Poodle SSLv3 vulnerability (CVE-2014-3566)

Download MassBleed

Read More

Tor Messenger - Chat over Tor, Easily

Tor Messenger is a cross-platform chat program that aims to be secure by default and sends all of its traffic over Tor. It supports a wide variety of transport networks, including Jabber (XMPP), IRC, Google Talk, Facebook Chat, Twitter, Yahoo, and others; enables Off-the-Record (OTR) Messaging automatically; and has an easy-to-use graphical user interface localized into multiple languages.

What it isn't...

Tor Messenger builds on the networks you are familiar with, so that you can continue communicating in a way your contacts are willing and able to do. This has traditionally been in a client-server model, meaning that your metadata (specifically the relationships between contacts) can be logged by the server. However, your route to the server will be hidden because you are communicating over Tor.

We are also excited about systems like Pond and Ricochet, which try to solve this problem, and would encourage you to look at their designs and use them too.

Why Instantbird?

We considered a number of messaging clients: Pidgin, Adam Langley's xmpp-client, and Instantbird. Instantbird was the pragmatic choice -- its transport protocols are written in a memory-safe language (JavaScript); it has a graphical user interface and already supports many natural languages; and it's a XUL application, which means we can leverage both the code (Tor Launcher) and in-house expertise that the Tor Project has developed working on Tor Browser with Firefox. It also has an active and vibrant software developer community that has been very responsive and understanding of our needs. The main feature it lacked was OTR support, which we have implemented and hope to upstream to the main Instantbird repository for the benefit of all Instantbird (and Thunderbird) users.

Instructions

• On Linux, extract the bundle(s) and then run: ./start-tor-messenger.desktop
• On OS X, copy the Tor Messenger application from the disk image to your local disk before running it.
On all platforms, Tor Messenger sets the profile folder for Firefox/Instantbird to the installation directory.
• Note that as a policy, unencrypted one-to-one conversations are not allowed and your messages will not be transmitted if the person you are talking with does not have an OTR-enabled client. You can disable this option in the preferences to allow unencrypted communication but doing so is not recommended.

Download Tor Messenger:
Linux (32-bit)
Linux (64-bit)
Windows
OS X (Mac)

Read More

Xiaopan OS - Pentesting Distribution for Wireless Security Enthusiasts

Xiaopan OS is an easy to use software package for beginners and experts that includes a number of advanced tools to penetrate wireless networks. Based on the Tiny Core Linux (TCL) operating system (OS), it has a slick graphical user interface (GUI) requiring no need for typing Linux commands. Xiaopan OS is Windows, Mac and Linux compatible and users can simply install and boot this ~70mb OS through a USB pen drive or in a virtual machine (VM) environment.

Alternatives

There are a number of professional operating systems that have been developed specifically for pentesting and security auditing which all are based on Linux. These include Kali, BackTrack and WiFiway. What sets Xiaopan OS apart from its competitors is that it Xiaopan OS is simple to use and just works, depending on a number of variables and providing you have all the right hardware of course.

Tools

Xiaopan OS includes a number of tools to hack WiFi Protected Setup (WPS), WiFI Protected Access (WPA) and Wireless Equivalent Privacy (WEP) encrypted networks:

• Reaver: newly developed application with the ability to brute force crack WPS (WPA / WPA2) pins.
• Inflator: this is the GUI version of command line reaver.
• Aircrack-ng: the major backbone of many other Xiaopan tools including FeedingBottle (FB) and Minidwep with the ability to attack WPA networks through a dictionary attack and WEP networks through collecting and injecting packets.
• FeedingBottle: so easy a baby could use it! FB is essentially the Aircrack-ng GUI and was created by Beini.
• Minidwep: is similar to FB but has a better and similar GUI that is even easier to use than FB. The added advantage of Minidwep is that you can also run Reaver and Inflator from here as well.
• Xfe: this is a simple file manager similar to say windows explorer

Download Xiaopan OS

Read More

Waldo - Multithreaded Directory and Subdomain Bruteforcer

Waldo is a lightweight and multithreaded directory and subdomain bruteforcer implemented in Python. It can be used to locate hidden web resources and undiscovered subdomains of the specified target.

Key Features

• Quickly and easily generate a list of all subdomains of target domain
• Discover hidden web resources that can be potentially leveraged as part of an attack
• Written in Python and very portable
• Fast, multithreaded design

Setup
Dependencies can be installed by running:

$ pip install -r pip.req

To run the waldo:

$ python waldo.py

Usage To enumerate subdomains at some-fake-site.example, execute the following:

$ python waldo.py -m s -d some-fake-site.example

To enumerate directories at some-fake-site.example, execute the following:

$ python waldo.py -m d -d some-fake-site.example

By default, output will be logged to waldo-output.txt. To specify a custom output file, use the -l flag:

$ python waldo.py -m s -l my-log-file.txt -d some-fake-site.example

Waldo uses 4 threads by default. To specify a custom threadpool size, use the -t flag:

$ python waldo.py -m s -d some-fake-site.example -t 15

Download Waldo

Read More

oclHashcat v2.01 - Worlds Fastest Password Cracker

oclHashcat is the world's fastest and most advanced GPGPU-based password recovery utility, supporting five unique modes of attack for over 170 highly-optimized hashing algorithms. oclHashcat currently supports AMD (OpenCL) and Nvidia (CUDA) graphics processors on GNU/Linux and Windows 7/8/10, and has facilities to help enable distributed password cracking.

Features

• Worlds fastest password cracker
• Worlds first and only GPGPU based rule engine
• Free
• Open-Source
• Multi-GPU (up to 128 gpus)
• Multi-Hash (up to 100 million hashes)
• Multi-OS (Linux & Windows native binaries)
• Multi-Platform (OpenCL & CUDA support)
• Multi-Algo (see below)
• Low resource utilization, you can still watch movies or play games while cracking
• Focuses highly iterated modern hashes
• Focuses dictionary based attacks
• Supports distributed cracking
• Supports pause / resume while cracking
• Supports sessions
• Supports restore
• Supports reading words from file
• Supports reading words from stdin
• Supports hex-salt
• Supports hex-charset
• Built-in benchmarking system
• Integrated thermal watchdog
• ... and much more

Attack-Modes

• Straight ^*
• Combination
• Brute-force
• Hybrid dict + mask
• Hybrid mask + dict

^* accept Rules

Algorithms

• MD4
• MD5
• Half MD5 (left, mid, right)
• SHA1
• SHA-256
• SHA-384
• SHA-512
• SHA-3 (Keccak)
• SipHash
• RipeMD160
• Whirlpool
• GOST R 34.11-94
• GOST R 34.11-2012 (Streebog) 256-bit
• GOST R 34.11-2012 (Streebog) 512-bit
• Double MD5
• Double SHA1
• md5($pass.$salt)
• md5($salt.$pass)
• md5(unicode($pass).$salt)
• md5($salt.unicode($pass))
• md5(sha1($pass))
• md5($salt.md5($pass))
• md5($salt.$pass.$salt)
• md5(strtoupper(md5($pass)))
• sha1($pass.$salt)
• sha1($salt.$pass)
• sha1(unicode($pass).$salt)
• sha1($salt.unicode($pass))
• sha1(md5($pass))
• sha1($salt.$pass.$salt)
• sha256($pass.$salt)
• sha256($salt.$pass)
• sha256(unicode($pass).$salt)
• sha256($salt.unicode($pass))
• sha512($pass.$salt)
• sha512($salt.$pass)
• sha512(unicode($pass).$salt)
• sha512($salt.unicode($pass))
• HMAC-MD5 (key = $pass)
• HMAC-MD5 (key = $salt)
• HMAC-SHA1 (key = $pass)
• HMAC-SHA1 (key = $salt)
• HMAC-SHA256 (key = $pass)
• HMAC-SHA256 (key = $salt)
• HMAC-SHA512 (key = $pass)
• HMAC-SHA512 (key = $salt)
• PBKDF2-HMAC-MD5
• PBKDF2-HMAC-SHA1
• PBKDF2-HMAC-SHA256
• PBKDF2-HMAC-SHA512
• MyBB
• phpBB3
• SMF
• vBulletin
• IPB
• Woltlab Burning Board
• osCommerce
• xt:Commerce
• PrestaShop
• Mediawiki B type
• Wordpress
• Drupal
• Joomla
• PHPS
• Django (SHA-1)
• Django (PBKDF2-SHA256)
• EPiServer
• ColdFusion 10+
• Apache MD5-APR
• MySQL
• PostgreSQL
• MSSQL
• Oracle H: Type (Oracle 7+)
• Oracle S: Type (Oracle 11+)
• Oracle T: Type (Oracle 12+)
• Sybase
• hMailServer
• DNSSEC (NSEC3)
• IKE-PSK
• IPMI2 RAKP
• iSCSI CHAP
• Cram MD5
• MySQL Challenge-Response Authentication (SHA1)
• PostgreSQL Challenge-Response Authentication (MD5)
• SIP Digest Authentication (MD5)
• WPA
• WPA2
• NetNTLMv1
• NetNTLMv1 + ESS
• NetNTLMv2
• Kerberos 5 AS-REQ Pre-Auth etype 23
• Netscape LDAP SHA/SSHA
• LM
• NTLM
• Domain Cached Credentials (DCC), MS Cache
• Domain Cached Credentials 2 (DCC2), MS Cache 2
• MS-AzureSync PBKDF2-HMAC-SHA256
• descrypt
• bsdicrypt
• md5crypt
• sha256crypt
• sha512crypt
• bcrypt
• scrypt
• OSX v10.4
• OSX v10.5
• OSX v10.6
• OSX v10.7
• OSX v10.8
• OSX v10.9
• OSX v10.10
• AIX {smd5}
• AIX {ssha1}
• AIX {ssha256}
• AIX {ssha512}
• Cisco-ASA
• Cisco-PIX
• Cisco-IOS
• Cisco $8$
• Cisco $9$
• Juniper IVE
• Juniper Netscreen/SSG (ScreenOS)
• Android PIN
• GRUB 2
• CRC32
• RACF
• Radmin2
• Redmine
• Citrix Netscaler
• SAP CODVN B (BCODE)
• SAP CODVN F/G (PASSCODE)
• SAP CODVN H (PWDSALTEDHASH) iSSHA-1
• PeopleSoft
• Skype
• 7-Zip
• RAR3-hp
• PDF 1.1 - 1.3 (Acrobat 2 - 4)
• PDF 1.4 - 1.6 (Acrobat 5 - 8)
• PDF 1.7 Level 3 (Acrobat 9)
• PDF 1.7 Level 8 (Acrobat 10 - 11)
• MS Office <= 2003 MD5
• MS Office <= 2003 SHA1
• MS Office 2007
• MS Office 2010
• MS Office 2013
• Lotus Notes/Domino 5
• Lotus Notes/Domino 6
• Lotus Notes/Domino 8
• Bitcoin/Litecoin wallet.dat
• Blockchain, My Wallet
• 1Password, agilekeychain
• 1Password, cloudkeychain
• Lastpass
• Password Safe v2
• Password Safe v3
• eCryptfs
• Android FDE <= 4.3
• TrueCrypt 5.0+

Download oclHashcat v2.01

Read More

0d1n - Tool For Automating Customized Attacks Against Web Applications

Web security tool to make fuzzing at HTTP inputs, made in C with libCurl.

You can do:

• brute force passwords in auth forms
• directory disclosure ( use PATH list to brute, and find HTTP status code )
• test list on input to find SQL Injection and XSS vulnerabilities

To run:

require libcurl-dev or libcurl-devel(on rpm linux based)

$ git clone https://github.com/CoolerVoid/0d1n/

need libcurl to run

$ sudo apt-get install libcurl-dev

if rpm distro

$ sudo yum install libcurl-devel
$ make
$./0d1n

Download 0d1n

Read More

SpiderFoot v2.6.1 - Open Source Intelligence Automation

SpiderFoot is an open source intelligence automation tool. Its goal is to automate the process of gathering intelligence about a given target.

Purpose 

There are three main areas where SpiderFoot can be useful:

1. If you are a pen-tester, SpiderFoot will automate the reconnaisance stage of the test, giving you a rich set of data to help you pin-point areas of focus for the test.
   
2. Understand what your network/organisation is openly exposing to the outside world. Such information in the wrong hands could be a significant risk.
   
3. SpiderFoot can also be used to gather threat intelligence about suspected malicious IPs you might be seeing in your logs or have obtained via threat intelligence data feeds.

Features

• Utilises a shedload of data sources; over 40 so far and counting, including SHODAN, RIPE, Whois, PasteBin, Google, SANS and more.
  
• Designed for maximum data extraction; every piece of data is passed on to modules that may be interested, so that they can extract valuable information. No piece of discovered data is saved from analysis.
  
• Runs on Linux and Windows. And fully open-source so you can fork it on GitHub and do whatever you want with it.
  
• Visualisations. Built-in JavaScript-based visualisations or export to GEXF/CSV for use in other tools, like Gephi for instance.
  
• Web-based UI. No cumbersome CLI or Java to mess with. Easy to use, easy to navigate. Take a look through the gallery for screenshots.
  
• Highly configurable. Almost every module is configurable so you can define the level of intrusiveness and functionality.
  
• Modular. Each major piece of functionality is a module, written in Python. Feel free to write your own and submit them to be incorporated!
  
• SQLite back-end. All scan results are stored in a local SQLite database, so you can play with your data to your heart’s content.
  
• Simultaneous scans. Each footprint scan runs as its own thread, so you can perform footprinting of many different targets simultaneously.
  
• So much more.. check out the documentation for more information.

Download SpiderFoot v2.6.1

Read More