Joomla Security Scanner - Joomscan

Joomla is probably the most widely-used CMS out there due to its flexibility, user-friendliness, extensibility to name a few.So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity.It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites. No web security scanner is dedicated only one CMS.

The following features are currently available.

ºExact version Probing (the scanner can tell whether a target is running version 1.5.12)
ºCommon Joomla! based web application firewall detection
ºSearching known vulnerabilities of Joomla! and its components
ºReporting to Text & HTML output
ºImmediate update capability via scanner or svn


JoomscanJoomla Security Scanner: Joomscan

Advantage over a Generic Vulnerability Scanner

ºFaster because it won’t fuzz all requests like a generic scanner
ºDetect the application version when a generic scanner knows nothing
ºDetect all possible published vulnerabilities when a generic scanner cannot
ºRequirement
ºPerl 5.6 or up

Download Joomscan

Read More

Post Exploitation Framework - Intersect

Post Exploitation Framework: Intersect

Intersect 2.5 is the second major release in the project line. This release is much different from the previous, in that it gives the user complete control over which features the Intersect script includes and lets them easily import their own features, among other new functionality.

This release focuses mainly on the individual modules(features) and the capability to generate your own customized Intersect scripts. By using the Create.py application, the user is guided through a menu-driven process which allows them to select which modules they would like to include, import their own custom modules and ultimately create an Intersect script that is built around the specific modules they choose.

Modules

A module is simply a specific post-exploitation function. Each individual module itself is not capable of stand-alone execution until it is imported with the Create application and built into a custom script. With Intersect 2.5, there is the arrival of many new modules and some changes to the original features that were included in version 2.0.

The modules are broken down into two categories. The first category, Standard Modules, includes all of the original Intersect 2.0 features and tasks but they are separated into individual modules to provide more control over the finalized custom script. For example, the credential gathering feature is now it’s own module called “creds” and the network information gathering feature is a separate module called “network”.

The second category is the Custom modules and includes anything that was not part of Intersect 2.0 and is also where any new, additional or custom modules that the user imports will be stored. While the user can import any module functionality they wish, the Custom modules packaged with Intersect 2.5 focus on post-exploitation automation, remote shell access and various data exfiltration functions.

Creation Process 

The Create.py application is used to generate the actual Intersect script that you will be using on the target system. There is no final Intersect script until you make one!

When you start Create, you will be presented with a series of menus that provides the following features:

ºGenerate custom Intersect scripts
  ºchoose as many or as few modules as you want
  ºdefine specific variables (i.e., shell ports and hosts, crypto keys, proxy ports, etc)
  ºview, add or remove modules from the queue
  ºview description and information on any given module
ºImport custom modules
  ºdownload and import from a url
  ºimport from a local directory
ºDownload Intersect 2.5 updates
  ºrequires Git to be installed locally
  ºuseful for bug fixes, new features, etc
ºVarious help menus and lots of other commands


You will be asked to give your newly created script a name. Enter the filename, without the Python file extension, when you are prompted. Your final script will be saved in the Scripts directory.

Download  Intersect

Read More

Exploring Android Platform - Mercury

The Heavy Metal That Poisoned  the Droid

Mercury is a framework for exploring the Android platform; to find vulnerabilities and share proof-of-concept exploits.

A number of published security assessment methodologies currently exist to support researchers reviewing the security of Android applications and devices. The majority of these methodologies include static analysis methods and require the use of custom scripts and tools to perform single tasks. The general process of assessing the security of Android applications typically involves the following steps:


 ºDownload the target application packages
 ºExtract the application manifests
 ºDecompile the application into readable source code or byte code representations
 ºAnalyse the application manifests and code
 ºWrite a custom application to test anomalies in the entry points of the applications
 ºExploring Android Platform: Mercury documentation


This general process often requires a separate approach for each step, many different tools and lots of time, especially when a large number of applications need to be assessed as part of a project. If the process can be  simplified and tools provided to automate the repetitive parts, it would enable a security researcher to assess applications and devices in a more consistent manner and ultimately perform more comprehensive assessments.  This could also be done in less time whilst providing more assurance. Mercury is a framework that solves this problem by providing interactive tools that allow for dynamic interactions  with the target applications running on a device. This dynamic interaction greatly benefits vulnerability hunters and auditors who are under time constraints. At the time of writing, there were no known frameworks for performing dynamic analysis on Android, making Mercury unique in its space.

This paper will lay the foundations for performing dynamic analysis and finding ways to automate some of the tasks that are needed when assessing the security of Android applications and devices. It will also delve into some  techniques that could be used by malicious applications with minimal permissions to steal information from devices.

Exploring Android Platform

Mercury allows you to assume the role of a low-privileged Android app, and to interact with both other apps and the system.

Use dynamic analysis on Android applications and devices for quicker security assessments
Share publicly known methods of exploitation on Android and proof-of-concept exploits for applications and devices
Write custom tests and exploits, using the easy extensions interface

Mercury allows you to:

1. Interact with the 4 IPC endpoints – activities, broadcast receivers, content providers and services
2. Use a proper shell that allows you to play with the underlying Linux OS from the point of view of an unprivileged application (you will be amazed at how much you can still see)
3. Find information on installed packages with optional search filters to allow for better control
4. Built-in commands that can check application attack vectors on installed applications
5. Transfer files between the Android device and your computer
6. Create new modules to exploit your latest finding on Android, and playing with those that others have found


Mercury does all of this over the network: it does not require ADB.

Download Mercury

Read More

Python Script Searching - Dark D0rk3r

Dark D0rk3r

Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.

Download Dark D0rk3r 

Read More

SQLi and Web Attack Framework - Enema SQLi

Enema is not auto-hacking software for script kiddies.This is dynamic tool for professional pentesters

Enema SQLi Features:

1. Multi-platform.
2. User-friendly graphical interface.
3. Multithreaded.
4. Dump.
5. Customise your queries
6. Create your custom plugins to automate attacks

Supported for today:

1. POST, GET, Headers (User-Agent, Cookie, Referer, X-Forwarded-For, Custom Header …)
2. MSSQL >=2000 and MySQL>=5.0

Injection methods supported for today:

1. Error based injection.
2. Union based injection (using subquery).
3. Blind (time and boolean based)


SQLi and Web Attack Framework

SQLi and Web Attack Framework: Enema SQLi usage

Latest development version:

 svn checkout http://enema.googlecode.com/svn/trunk/ enema

 svn checkout http://enema-plugins.googlecode.com/svn/trunk/ plugins

Download Enema SQLi

Read More

Linux Live USB Creator - LiLi

LinuxLive USB Creator is a free and open-source software for Windows. It will help you in your journey of discovery with Linux. For you, LiLi creates portable, bootable and virtualized USB stick running Linux.

 LiLi is designed to be used by both beginners and geeks.  If you are a beginner, LiLi will let you try Linux for the first time, keeping Windows clean of any modifications. And if you are a geek, LiLi will allow you to test almost any Linux distributions directly from Windows, or just install them from a USB flash drive instead of CDs.


Linux Live USB Creator

Free and Open-source

LinuxLive USB Creator is a completely free and open-sourcesoftware for Windows only. It has been built with simplicity in mind and it can be used by anyone. All you have to do is to pick up a Linux in the list and give it a try.



No reboot needed

Are you sick of having to reboot your PC to try Linux? No need with LinuxLive USB Creator. It has a built-in virtualization feature that lets you run your Linux within Windows just out of the box!


Supports many Linux distributions

Wow! Did you see that never-ending list? They are almost all there: Ubuntu, Fedora, Debian, OpenSUSE, Mint, Slax, CentOS, ArchLinux, Gentoo, PCLinuxOS, Sabayon, BackTrack, Puppy Linux



Persistence

Having a Live USB key is better than just using a Live CD because you can even save your data and install software. This feature is called persistence (available only on selected Linux).
Read the FAQ for more information.


SmartClean & SmartDownload

SmartClean uninstalls properly any previous Live USB installations and SmartDownload lets you download any supported Linux in 2 clicks automatically selecting the best mirror to download from.
SmartClean also lets you clean your USB key in 1 click.


And a lot more !

ºIntelligent processing: LiLi works with many Linux, even if they are not officially supported
ºHidden installation: LiLi hides the Linux installation, your USB key stays clean
ºFile integrity: tells you if your ISO is corrupted
ºKeeps your data on your USB device (formats only if needed)
ºIntelligent formatting: can format disks bigger than 32 GB
ºAuto-update: automatic updates when new Linux distributions are available
ºAlso works with .IMG files (experimental)

Download  LiLi

Read More

Backup and Recovery - ReDo

First and foremost, Redo Backup & Recovery is free. Based on xPUD and partclone, this open source tool not only works with Windows but also supports Linux. Then, contrary to what most popular backup and recovery programs do, Redo provides a bare-metal restore, meaning that even if your hard drive melts, you can have an up and running system (on a new hard drive, of course) in no longer than 10 minutes.

Redo is a disaster recovery tool, hence it works outside of any OS environment. The downloaded package comes as an ISO file which you can easily burn to a CD-ROM or USB drive, and Redo’s GUI will boot in less than a minute. There are no installation requirements, and it can automatically find local network shares as well. You also get a healthy choice between which language to use

The team behind Redo Backup can’t argue that their tool is the most comprehensive on the market, but they can argue that it’s the easiest to use. Boot up with a Live CD or Live USB copy of Redo Backup and you’re only a few clicks away from backing up your system—or restoring it if your hard drive went to the great data center in the sky.

You can easily copy your files to a local drive but where Redo Backup really shines is support for network shares. When you run Redo Backup it seeks out available shared folders on your network so you can use them for remote backup of individual files or an entire disk image. Redo Backup also includes a web browser so you can access the web to download drivers and troubleshoot your computer problems. It’s a great backup and disk recovery solution, especially if you’d like to skip learning arcane commands or keeping a bulky manual on hand

Easy rescue system with GUI tools for full system backup, bare metal recovery, partition editing, recovering deleted files, data protection, web browsing, and more. Uses partclone (like Clonezilla) with a UI like Ghost or Acronis. Runs from CD/USB.

All your documents and settings will be restored to the exact same state they were in when the last snapshot was taken. Redo Backup and Recovery is a live CD, so it does not matter if you use Windows or Linux. You can use the same tool to backup and restore every machine. And because it is open source released under the GPL, it is completely free for personal and commercial use.

More Features, Less Complex

Redo Backup has the most features coupled with the simplest, most user-friendly interface:

ºEasy graphical user interface boots from CD in less than a minute
ºNo installation needed; runs from a CD-ROM or a USB stick
ºSaves and restores Windows and Linux machines
ºAutomatically finds local network shares
ºAccess your files even if you can’t log in
ºRecover deleted pictures, documents, and other files
ºInternet access with a full-featured browser to download drivers
ºLive CD download size is only about 250MB
ºOver 750,000 downloads

Download ReDo

Read More

Yet Another Man in The Middle Automation Script - Yamas

Yamas is a tool that aims at facilitating mitm attacks by automating the whole process from setting up ip forwarding and modifying iptables, to the ARP cache poisoning (either using ettercap or arpspoof).

Yet Another Man in The Middle Automation Script


The traffic is stripped off ssl with the famous sslstrip 0.9. If any mitm script does that, Yamas has a unique and appreciated feature: it parses the logs as the attack keeps running, so that credentials are displayed just as they are sniffed. The parsing method is a home-made 100% pure bash script that -so far- never missed anything. And if it did, just report it to me and I’ll update the file used to parse the logs. This update is independent from the whole update process, making it a very flexible parser.

Download  Yamas

Read More

Wi-Fi network scanner - inSSIDer

The free inSSIDer software utility for Windows, iOS, and Android is one of the most useful and easy-to-interpret wireless networking tools I’ve encountered. InSSIDer displays information about the wireless networks in proximity to you, including an access point’s MAC address, encryption type, signal strength, and channel. InSSIDer is a great tool for wireless networking novices, because it has an easy-to-understand interface and includes an abundance of help and tutorials. Experienced Wi-Fi professionals may find the software a bit too light and might be more interested in a more robust program such as WiFiBuilder or Wireshark. But home power users looking to tweak their networks and those managing smaller business Wi-Fi networks would benefit by getting acquainted with inSSIDer.

What’s great about inSSIDer is that you can use it for several real-world purposes for your wireless network. For instance, say you are trying to find the best location to place an access point or router. Position the device and then fire up inSSIDER to see what  signal strength the software reports. This is really useful if you are trying to setup a Wi-Fi network in a place with lots of thick walls, glass or mirrors or multiple levels.

You can also use inSSIDer to tweak your wireless channel. In the U.S, there are 11 wi-fi channels. The channels recommended to set access points on are 1, 6, and 11, because they don’t overlap. So if you see many wireless networks in your area using channel 11 for example, by using inSSIDer you can change your access point or router to operate on channel 6 to tweak performance.


Yes, it may be lightweight for those who deploy wireless networks professionally. But anyone managing a home or small business wireless network will certainly benefit from the information inSSIDer provides. It earns a 4.5 out of 5 star rating and is easily a PCMag Editors’ Choice for networking utilities.

Download inSSIDer

Read More