Revolution OS - Documentary about the Linux System (legended in portuguese)

Synopsis

The film begins with glimpses of Raymond, a Linux IPO, Torvalds, the idea of Open Source, Perens, Stallman, then sets the historical stage in the early days of hackers and computer hobbyists when code was shared freely. It discusses how change came in 1978 as Bill Gates, in his Open Letter to Hobbyists, pointedly prodded hobbyists to pay up. Stallman relates his struggles with proprietary software vendors at the MIT Artificial Intelligence Lab, leading to his departure to focus on the development of free software, and the GNU project.

Torvalds describes the development of the Linux kernel, the GNU/Linux naming controversy, Linux's further evolution, and its commercialization.

Raymond and Stallman clarify the philosophy of free software versus communism and capitalism, as well as the development stages of Linux.

Michael Tiemann discusses meeting Stallman in 1987, getting an early version of Stallman's GCC, and founding Cygnus Solutions.

Larry Augustin describes combining GNU software with a normal PC to create a Unix-like workstation at one third the price and twice the power of a Sun workstation. He relates his early dealings with venture capitalists, the eventual capitalization and commodification of Linux for his own company, VA Linux, and its IPO.

Brian Behlendorf, one of the original developers of the Apache HTTP Server, explains that he started to exchange patches for the NCSA web server daemon with other developers, which led to the release of "a patchy" webserver, dubbed Apache.

Frank Hecker of Netscape discusses the events leading up to Netscape's executives releasing the source code for Netscape's browser, one of the signal events which made open source a force to be reckoned with by business executives, the mainstream media, and the public at large.[1] This point was validated further after the film's release as the Netscape source code eventually became the Firefox web browser, reclaiming a large percentage of market share from Microsoft's Internet Explorer.

The film also documents the scope of the first full-scale LinuxWorld Summit conference, with appearances by Linus Torvalds and Larry Augustin on the keynote stage.


Much of the footage for the film was shot in Silicon Valley.

By OffensiveSec

Read More

SimplyEmail - Email Recon Made Fast And Easy, With A Framework To Build On

What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.

Scrape EVERYTHING - Simply

Current Platforms Supported:

• Kali Linux 2.0
• Kali Linux 1.0

A few small benefits:

• Easy for you to write modules (All you need is 1 required Class option and you're up and running)
• Use the built in Parsers for most raw results
• Multiprocessing Queue for modules and Result Queue for easy handling of Email data
• Simple intergration of theHarvester Modules and new ones to come
• Also the ability to change major settings fast without diving into the code

API Based Searches:

• When API based searches become avaliable, no need to add them to the Command line
• API keys will be auto pulled from the SimpleEmail.ini, this will activate the module for use

Get Started

Please RUN the simple Setup Bash script!!!

root@kali:~/Desktop/SimplyEmail# sh Setup.sh
or
root@kali:~/Desktop/SimplyEmail# ./Setup.sh

Standard Help

 ============================================================
 Curent Version: 0.5 | Website: CyberSyndicates.com
 ============================================================
 Twitter: @real_slacker007 |  Twitter: @Killswitch_gui
 ============================================================
------------------------------------------------------------
   ______  ________                       __ __
 /      \/        |                     /  /  |
/$$$$$$  $$$$$$$$/ _____  ____   ______ $$/$$ |
$$ \__$$/$$ |__   /     \/    \ /      \/  $$ |
$$      \$$    |  $$$$$$ $$$$  |$$$$$$  $$ $$ |
 $$$$$$  $$$$$/   $$ | $$ | $$ |/    $$ $$ $$ |
/  \__$$ $$ |_____$$ | $$ | $$ /$$$$$$$ $$ $$ |
$$    $$/$$       $$ | $$ | $$ $$    $$ $$ $$ |
 $$$$$$/ $$$$$$$$/$$/  $$/  $$/ $$$$$$$/$$/$$/

------------------------------------------------------------
usage: SimplyEmail.py [-all] [-e company.com] [-l] [-t html / flickr / google]
                      [-v]

Email enumeration is a important phase of so many operation that a pen-tester
or Red Teamer goes through. There are tons of applications that do this but I
wanted a simple yet effective way to get what Recon-Ng gets and theHarvester
gets. (You may want to run -h)

optional arguments:
  -all                  Use all non API methods to obtain Emails
  -e company.com        Set required email addr user, ex ale@email.com
  -l                    List the current Modules Loaded
  -t html / flickr / google
                        Test individual module (For Linting)
  -v                    Set this switch for verbose output of modules

Run SimplyEmail

Let's say your target is cybersyndicates.com

./SimplyEmail.py -all -e cybersyndicates.com  or in verbose  ./SimplyEmail.py -all -v -e cybersyndicates.com

This will run ALL modules that are have API Key placed in the SimpleEmail.ini file and will run all non-API based modules.

List Modules SimpleEmail

root@vapt-kali:~/Desktop/SimplyEmail# ./SimplyEmail.py -l

 ============================================================
 Curent Version: 0.5 | Website: CyberSyndicates.com
 ============================================================
 Twitter: @real_slacker007 |  Twitter: @Killswitch_gui
 ============================================================
------------------------------------------------------------
   ______  ________                       __ __
 /      \/        |                     /  /  |
/$$$$$$  $$$$$$$$/ _____  ____   ______ $$/$$ |
$$ \__$$/$$ |__   /     \/    \ /      \/  $$ |
$$      \$$    |  $$$$$$ $$$$  |$$$$$$  $$ $$ |
 $$$$$$  $$$$$/   $$ | $$ | $$ |/    $$ $$ $$ |
/  \__$$ $$ |_____$$ | $$ | $$ /$$$$$$$ $$ $$ |
$$    $$/$$       $$ | $$ | $$ $$    $$ $$ $$ |
 $$$$$$/ $$$$$$$$/$$/  $$/  $$/ $$$$$$$/$$/$$/

------------------------------------------------------------
 [*] Available Modules are:

  1)  Modules/GooglePDFSearch.py
  2)  Modules/HtmlScrape.py   
  3)  Modules/GitHubUserSearch.py
  4)  Modules/Whoisolgy.py    
  5)  Modules/CanaryBinSearch.py
  6)  Modules/YahooSearch.py  
  7)  Modules/GitHubCodeSearch.py
  8)  Modules/OnionStagram.py 
  9)  Modules/AskSearch.py    
  10) Modules/EmailHunter.py  
  11) Modules/WhoisAPISearch.py
  12) Modules/SearchPGP.py    
  13) Modules/GoogleSearch.py 
  14) Modules/GitHubGistSearch.py
  15) Modules/RedditPostSearch.py
  16) Modules/FlickrSearch.py 

Understanding Reporting Options:

One of the most frustrating aspects of Pen-testing is the tools' ability to report the findings and make those easily readable. This may be for the data provided to a customer or just the ability to report on source of the data.
So I'm making it my goal for my tools to take that work off your back and make it as simple as possible! Let's cover the two different reports generated.

Text Output:

With this option results are generated and appended to a running text file called Email_List.txt. this makes it easy to find past searches or export to tool of choice. 

Example:

    ----------------------------------

    Email Recon: 11/11/2015 05:13:32
    ----------------------------------
bo@mandiant.com
in@mandiant.com
sc@mandiant.com
je@mandiant.com
su@mandiant.com
----------------------------------
    Email Recon: 11/11/2015 05:15:42
    ----------------------------------
bo@mandiant.com
in@mandiant.com
sc@mandiant.com
je@mandiant.com
su@mandiant.com

HTML Output:

As I mentioned before a powerful function that I wanted to integrate was the ability to produce a visually appealing and rich report for the user and potentially something that could be part of data provided to a client. Please let me know with suggestions!

Email Source:

Email Section:

• Html report now shows Alerts for Canary Search Results! 

Current Email Evasion Techniques

• The following will be built into the Parser Soon:
• shinichiro.hamaji at gmail.com
• shinichiro.hamaji AT gmail.com
• simohayha.bobo at gmail.com
• "jeffreytgilbert" => "gmail.com"
• felix021 # gmail.com
• hirokidaichi[at]gmail.com
• hirokidaichi[@]gmail.com
• hirokidaichi[#]gmail.com
• xaicron{ at }gmail.com
• xaicron{at}gmail.com
• xaicron{@}gmail.com
• xaicron(@)gmail.com
• xaicron + gmail.com
• xaicron ++ gmail.com
• xaicron ## gmail.com
• bekt17[@]gmail.com
• billy3321 -AT- gmail.com
• billy3321[AT]gmail.com
• ybenjo.repose [[[at]]] gmail.com
• sudhindra.r.rao (at) gmail.com
• sudhindra.r.rao nospam gmail.com
• shinichiro.hamaji (.) gmail.com
• shinichiro.hamaji--at--gmail.com

Build Log:

Changelog (Current v0.6):

===================================
Framework Improvements v0.7:
-----------------------------
(x) Add unicode / UT8 Decoding to the parser options
(x) Added Version Check

Modules Added in v0.7
-----------------------------
(x) Google Docx Search

Issues Fixed in v0.7:
-----------------------------
(x) Fixed issues with Except statement in a few modules
(x) Fixed Case Mathcing Issues with target Domain

===================================
Modules Added in v0.6
-----------------------------
(x) Google Doc Search
(x) Google Xlsx Search

===================================
Modules Added in v0.5
-----------------------------
(x) Reddit Post Search added
(x) Google PDF search

===================================
Modules Added in v0.4
-----------------------------
(x) GitHubUser added

Issues Fixed in v0.4:
-----------------------------
(x) Setup File Fix
(x) issues with strip in Html

Framework Improvements v0.4:
-----------------------------
(x) Added Source of email collection
    to final report in bootstrap.
(x) Added Verbose options for Modules
    to handle Vebose printing.
(x) Added Alerts to HTML report
    when emails are gathered from canary.

===================================
Modules Added in v0.3:
-----------------------------
(x) OnionStagram (Instagram User Search)
(x) AskSearch - Port from theHarvester

Issues Fixed in v0.3:
----------------------------
(x) Added Parser to GitHubCode Search
(x) Moved wget to 2 sec timeout

===================================
Modules Added in v0.2:
-----------------------------
(x) EmailHunter Trial API

Issues Fixed in v0.2:
-----------------------------
(x) Fixed Issues with SetupScript 
(x) Changes Output Text file name

===================================
Modules Added in v0.1:
-----------------------------
(x) HtmlScrape Added to Modules 
(x) SearchPGP Added to Modules - Port form theHarvester
(x) Google Search - Port form theHarvester
(x) Flickr Page Search
(x) GitHub Code Search
(x) GitHubGist Code Search
(x) Whois Non-Auth API Search
(x) Whoisology Search
(x) Yahoo Search - Port from theHarvester
(x) Canary (Non-API) PasteBin Search for Past Data Dumps!

Issues Fixed in v0.1:
-----------------------------
(x) Wget fails to follow redirects in some cases
(x) Fixed Issues with google search
(x) Major change with how the Framework Handles Consumer and Producred Model
(x) Fix Issues with Join() and Conducter

Imprrovements in v0.1:
-----------------------------
(x) Added in valid UserAgents and headers
(x) HTML Scrape now has opption to save or remove is mirror
(x) HTML Scrape UTF-8 issues fixed

Build out Path:

Modules Under Dev:
-----------------------------
( ) StartPage Search (can help with captcha issues)
( ) Searching SEC Data
( ) Exalead Search - Port from theHarvester
( ) PwnBin Search 
( ) PasteBin Searches 
( ) Past Data Dumps
( ) psbdmp API Based and non Alert

Framework Under Dev:
-----------------------------
( ) New Parsers to clean results
( ) Fix import errors with Glob
( ) Add in "[@]something.com" to search Regex and engines
( ) Add errors for Captcha limit's
( ) Add Threading/Multi to GitHub Search
( ) Add Source of collection to HTML Output

Download SimplyEmail

Read More

RootHelper - A Bash Script That Downloads And Unzips Scripts That Will Aid With Privilege Escalation On A Linux System

RootHelper

Roothelper will aid in the process of privilege escalation on a Linux system that has been compromised, by fetching a number of enumeration and exploit suggestion scripts. The latest version downloads four scripts. Two enumeration shellscripts and two exploit suggesters, one written in perl and the other one in python.

The credits for the scripts it fetches go to the original authors.

Priv-Esc scripts

LinEnum  

Shellscript that enumerates the system configuration.

unix-privesc-check  

Shellscript that enumerates the system configuration and runs some privilege escalation checks as well.

linuxprivchecker  

A python implementation to suggest exploits particular to the system that's been compromised.

Linux_Exploit_Suggester  

A perl script that that does the same as the one mentioned above.

Usage

To use the script you will need to get it on the system you've compromised, from there you can simply run it and it will show you the options available and an informational message regarding the options. For clarity i will post it below as well.

The 'Help' option displays this informational message.    The 'Download' option fetches the relevant files and places them in the /tmp/ directory.    The option 'Download and unzip' downloads all files and extracts the contents of zip archives to their individual subdirectories respectively, please  note; if the 'mkdir' command is unavailable however, the operation will not succeed and the 'Download' option should be used instead    The 'Clean up' option removes all downloaded files and 'Quit' exits roothelper.  

Credits for the other scripts go to their original authors.

https://github.com/rebootuser/LinEnum
https://github.com/PenturaLabs/Linux_Exploit_Suggester
http://www.securitysift.com/download/linuxprivchecker.py
https://github.com/pentestmonkey/unix-privesc-check

Download Roothelper

Read More

Antitrust - (Ameaça Virtual)

A computer programmer's dream job at a hot Portland-based firm turns nightmarish when he discovers his boss has a secret and ruthless means of dispatching anti-trust problems.

By OffensiveSec

Read More

Killchain - A Unified Console To Perform The "Kill Chain" Stages Of Attacks

“Kill Chain” is a unified console with an anonymizer that will perform these stages of attacks:


º Reconnaissance 
º Weaponization 
º Delivery 
º Exploit 
º Installation 
º Command & Control 
º And Actions 

Dependant tool sets are:

1) Tor -- For the console build in anonymizer.
2) Set -- Social-Engineer Toolkit (SET), attacks against humans.
3) OpenVas -- Vulnerability scanning and vulnerability management.
4) Veil-Evasion -- Generate metasploit payloads bypass anti-virus.
5) Websploit -- WebSploit Advanced MITM Framework.
6) Metasploit -- Executing exploit code against target.
7) WiFite -- Automated wireless auditor, designed for Linux.

Download Killchain

Read More

squitch pentest – A simple and small pentesting linux distro

Features

º ubuntu based
º gnome 2 desktop
º kernel 3.0.0.15
º pentesting tools

Download squitch

Read More

CAINE 7.0 - DeepSpace 64bit

CAINE (Computer Aided INvestigative Environment) is a Linux distribution specifically designed for digital forensics. It is based on Ubuntu.

The latest edition is CAINE 7, code-named DeepSpace. It is based on Ubuntu 14.04 LTS and, therefore, UEFI and Secure Boot ready.

It comes with some new features, including booting into a read-only mode whereby all block devices are not writable, and a VNC server and client that allows remote control of a Caine 7 installation.

This post offers screenshots from a test installation of CAINE 7 in a virtual environment.

This is the installation boot menu. If you want to install CAINE in a virtual environment (using VirtualBox) on Ubuntu, select the Boot Live in safe graphics mode. Booting using the default will only give you a garbled display.

Download CAINE 7.0

Read More

F.H.C - FORENSIC LIVE CD IMAGER

Forensic Hard Copy, is a Linux distribution, bootable CD (LiveCD), exclusively created to automate and speed up the copy of the storage devices. These procedures of copy are commonly in use in computer forensics. In computer science is orthodox practice, acquire data from the offending media in order to protect them from any alteration or damage, then later analyze the identical copy. The project was created to meet the operational needs of the police involved in investigations, the technical consultants (CTU) and part IT(CTU), ensuring the durability and the use of evidence in computer science criminal trial.


Has been used open source software, open-source scripts and to give all users the ability to understand, if necessary, the actual operation of the software in the process of copying or image acquisition. The process has been automated through a script-wizard that guides you step by step in the copy of a support. The new release has a 2.6.32 kernel which has a wide compatibility with controllers and disks. The recognition is done through media connections IDE, SATA, Firewire and USB, so you can also copy data to external media to the machine being analyzed.

Download F.H.C

Read More

OWASP - Droid Fusion

OWASP Droid Fusion is a platform for android mobile or any other mobile for doing Malware Analysis, Development, Application Pentesting and Forensics. You can use it in any mobile security research, and if you have Droid Fusion, you don’t need to worry about finding tools. There are more then 60 tools and scripts and it is free.

Tool Features

º SBFlash
º Heimdall CLI
º Heimdall Gui
º Fastboot

Android Exploitation

º Mercury
º Android Framework For Exploitation
º Smartphone Pentest Framework
º Metasploit

Pentest Application

º Burpsuite
º Wireshark
º Zap
º Ettermap
º W3af
º Zenmap

Device Forensic

º Aflogical
º Dc 3dd
º iPhone Backup Analyzer
º Scalpel
º Sleuthkit

Miscellaneous

º Android Kitchen
º Android Bruteforce
º iPhone Bruteforce
º Fastboot
º HconSTF
º Arduino IDE
º Record my desktop

Download Droid Fusion

Read More