VoIP Sniffer - UCSniff

UCSniff is a Proof of Concept tool to demonstrate the risk of unauthorized recording of VoIP and Video – it can help you understand who can eavesdrop, and from what parts of your network. It is intended for next generation enterprise VoIP/UC Infrastructures that rely on Voice VLANs to segment UC applications for QoS requirements.

UCSniff was born from pentesting and the “VoIP Hopper” tool as an idea to combine automated Voice VLAN Discovery and VLAN Hop with MitM, along with targeted VoIP attacks against users in the VoIP Corporate Directory. Eavesdropping is one of many potential UC-specific attacks that can take place, and UCSniff can be used by other researchers and security professionals as a base tool to explore this idea. UCSniff is a text and GUI application, written in C/C++, that runs in the Linux and Windows OS environment. It is freely available under the GPLv3 license for anyone to download and use.

UCSniff bundles a hodgepodge of previously available open-source applications into a single software package that helps penetration testers assess the security of VoIP calls carried over a client’s network. It also introduces several new features that make eavesdropping on specific targets a point-and-click undertaking.

UCSniff runs on a laptop that can be plugged in to the ethernet port of the organization being probed. From there, a VLAN hopper automatically traverses the virtual local area network until it accesses the part that carries VoIP calls. Once the tool has gained unauthorized access, UCSniff automatically injects spoofed ARP, or address resolution protocol, packets into the network, allowing all voice traffic to be routed to the laptop.

UCSniff streamlines eavesdropping by allowing an attacker to zero in on the conversations of particular users. Targets can be selected by extension number or dial-by-name features, making it easy to listen to all calls made by a specific individual – such as an organization’s CEO. Eavesdropping can be further fine-tuned by listening only to calls


“It’s silently intercepting all the traffic and forwarding it to the phone, so a regular phone user would not be able to tell the difference,”

VoIP Sniffer: UCSniff Features

ºUC Sniffer with VoIP and IP Video Support
ºRealtime Video and VoIP Monitor (SIP)
ºAutomated Voice VLAN Discovery (CDP)
ºVLAN Hop Support
ºSniffing across Ethernet Switches
ºAutomatic creation of forward and reverse RTP audio streams into a single wav file
ºAutomatic creation of two avi files (forward and reverse video) for H.264 Video codec
ºAutomatic recording and saving of conversations using G.711 u-law and a-law codecs
ºAutomatic recording and saving of conversations using G.722, G.729, G.726, G.723 and ºWebRTC iSAC codecs (Note: G.729, G.723, G.726 codecs only work with a 32-bit Linux OS)
ºMitM ARP Poisoning and host management support
ºMonitor Mode (Span Session, Hub)
ºTracking and tracing of users, with logging
ºSupport for Cisco SIP, Cisco Skinny, RFC 3261 SIP
ºSupport for Cisco UCM 6.1, 7.0, 7.1, 8.0.2 Skinny (SCCP)
ºTarget Mode (Target User)
ºCorporate Directory Tool and functions (ACE)
ºARP Saver Tool to restore network in emergencies
ºGratuitous ARP Disablement Bypass
ºTFTP MitM Modification of IP Phone Settings
ºGUI Support in Windows and Linux
ºGUI Skin or Theme selection
ºOnly requires 1 phone (not both) in source VLAN in order to capture entire conversation
ºNew VideoSnarf tool outputs media files (audio, video) from pcap
ºSniffing and logging of Microsoft OCS IM Conversations
ºSupport for eavesdropping on Avaya SIP, Avaya H.323 media re-construction
ºUC Keystroke logger, for interception of dialed keypad digits (SCCP only)
ºAbility to enable/disable audio/video file mixing via checkbox in GUI
ºSupport for user specified command to mix audio and video files

Download UCSniff

Read More

Bluetooth scanner - Bluelog

Bluelog is a Linux Bluetooth scanner written to do a single task, log devices that are in discoverable mode. It is intended to be used as a site survey tool, determining how many discoverable Bluetooth devices there are in the area. It has also proven to be very well suited to Bluetooth traffic monitoring applications.

Bluetooth scanner

While there are many different Bluetooth scanners available, none I found did exactly what I wanted, most seemed focused on pulling down various bits of information from the target devices (like SDP records). I was also having trouble locating a scanner that didn’t have a UI of some sort, which was a problem since I wanted to scan continuously without user intervention. After trying out all of the Linux Bluetooth scanners I could find, I eventually decided to simply write my own.

Bluelog is a Linux Bluetooth scanner with optional daemon mode and web front-end, designed for site surveys and traffic monitoring. It’s intended to be run for long periods of time in a static location to determine how many discoverable Bluetooth devices there are in the area.

Since Bluelog is meant to be run unattended, it doesn’t have a user interface or require any interaction once started. It features a fully configurable log file format, as well as the ability to log to syslog for centralized logging over the network.


Bluelog was meant to be lean and portable (its only requirement is BlueZ), and runs well on x86, MIPS, and ARM architectures. Bluelog is included in Kali Linux (www.kali.org), and on the Pwn Pad and Pwn Plug penetration testing devices from Pwnie Express (www.pwnieexpress.com). It’s also available in the official OpenWRT repository and Arch Linux AUR community repository.

Download Bluelog

Read More

A Guerra que a Televisão não Mostra - Um Documentário Revelador - (DUBLADO).

A Guerra que a Televisão não Mostra - Um Documentário Revelador

Este filme é sobre a guerra que você não vê. Baseado na experiência pessoal de John Pilger, como correspondente de guerra, vai abordar principalmente a televisão, tentando se concentrar nos canais mais populares nos EUA e Grã-Bretanha. O filme vai indagar acerca do papel da mídia em guerras de rapina como a do Iraque e a do Afeganistão. Como os crimes de guerra foram narrados e justificados se são crimes?

Source: Oculto Revelado

By OffensiveSec

Read More

Open Source Vulnerability Scanner - OpenVAS

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.The powerful and comprehensive OpenVAS solution is available as Free Software and maintained on a daily basis.

Open Source Vulnerability Scanner: OpenVAS

The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.

The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs), over 30,000 in total (as of April 2013).


Features

ºOpenVAS Scanner
ºMany target hosts are scanned concurrently
ºOpenVAS Transfer Protocol (OTP)
ºSSL support for OTP (always)
ºWMI support (optional)
ºOpenVAS Manager
ºOpenVAS Management Protocol (OMP)
ºSQL Database (sqlite) for configurations and scan results
ºSSL support for OMP (always)
ºMany concurrent scans tasks (many OpenVAS Scanners)
ºNotes management for scan results
ºFalse Positive management for scan results
ºScheduled scans
ºFlexible escalators upon status of a scan task
ºStop, Pause and Resume of scan tasks
ºMaster-Slave Mode to control many instances from a central one
ºReports Format Plugin Framework with various plugins for: XML, HTML, LateX, etc.
ºUser Management
ºFeed status view
ºFeed synchronisation
ºGreenbone Security Assistant (GSA)
ºClient for OMP and OAP
ºHTTP and HTTPS
ºWeb server on its own (microhttpd), thus no extra web server required
ºIntegrated online-help system
ºMulti-language support
ºOpenVAS CLI
ºClient for OMP
ºRuns on Windows, Linux, etc.
ºPlugin for Nagios


All OpenVAS products are Free Software. Most components are licensed under the GNU General Public License (GNU GPL).

Download OpenVAS

Read More

Passive DNS Network Mapper - dnsmap

dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, domain names, phone numbers, etc …

Subdomain brute-forcing is another technique that should be used in the enumeration stage, as it’s especially useful when other domain enumeration techniques such as zone transfers don’t work (I rarely see zone transfers being publicly allowed these days by the way).

Passive DNS Network Mapper:

ºIPv6 support
ºMakefile included
ºdelay option (-d) added. This is useful in cases where dns map is killing your bandwidth
ºignore IPs option (-i) added. This allows ignoring user-supplied IPs from the results. Useful for domains which cause dns map to produce false positives
ºchanges made to make it compatible with OpenDNS
ºdisclosure of internal IP addresses (RFC 1918) are reported
ºupdated built-in wordlist
ºincluded a standalone three-letter acronym (TLA) subdomains wordlist
ºdomains susceptible to “same site” scripting are reported
ºcompletion time is now displayed to the user
ºmechanism to attempt to bruteforce wildcard-enabled domains
ºunique filename containing timestamp is now created when no specific output filename is supplied by user
ºvarious minor bugs fixed


Installation

$ cd /data/src/
$ wget http://dnsmap.googlecode.com/files/dnsmap-0.30.tar.gz
$ tar xzvf dnsmap-0.30.tar.gz
$ mkdir -p /pentest/enumeration/dns/
$ mv dnsmap-0.30/ /pentest/enumeration/dns/dnsmap/

Compile:

$ cd /pentest/enumeration/dns/dnsmap/
$ gcc -Wall dnsmap.c -o dnsmap

You should now have executable in your directory

Then test that you don’t have any error:

$ ./dnsmap -h

Usage

Basic syntax

$ ./dnsmap <target-domain> [options]

Options

º-w <wordlist-file>Input file to use for brute force
º-r <regular-results-file>Export results as text format
º-c <csv-results-file>Save files as csv format
º-d <delay-millisecs>Maximum delay (in ms) between 2 DNS lookups(default: 10 ms)
º-i <ips-to-ignore>Useful if you’re obtaining false positives

Download dnsmap

Read More

Admin Page Finder Script

This python script looks for a large amount of possible administrative interfaces on a given site

Admin Page Finder Script

Download Admin Finder

Read More

TrueCrypt brute-force password cracker - TrueCrack

TrueCrack is a brute-force password cracker for TrueCrypt volume files. It works on Linux and it is optimized for Nvidia Cuda technology

Algorithms:

ºPBKDF2 (defined in PKCS5 v2.0) is based on RIPEMD160 Key derivation function.
ºXTS block cipher mode for hard disk encryption based on AES.


TrueCrypt brute-force password cracker:

ºDictionary attack: reads the passwords from a file of only words (one password for line).
ºCharset attack: generates the passwords from a set of symbols defined from the user (for example: all possible strings of n characters from the charset “abc” ).


Performance

The execution time of TrueCrack for a dictionary attack is (average word length 10 characters):

        CPU  3.00GHz   GTX650    GTX680
1000     0m  12.031s 0m  3.771s 0m 2.693s
10000    2m   0.421s 0m 15.893s 0m 5.628s
100000  20m   3.811s 2m 20.379s 0m 37.610s


Dictionary attack:

truecrack -t truecrypt_file -w passwords_file [-k ripemd160 | -k sha512 | -k whirlpool] [-e aes | -e serpent | -e twofish] [-a blocks] [-b] [-H] [-r number]


Alphabet attack:

truecrack -t truecrypt_file -c alphabet [-s minlength] -m maxlength [-k ripemd160 | -k sha512 | -k whirlpool] [-e aes | -e serpent | -e twofish] [-a blocks] [-b] [-H] [-r number]


Usage

-h --help Display this information.
-t --truecrypt <truecrypt_file> Truecrypt volume file.
-k --key <ripemd160 | sha512 | whirlpool> Key derivation function (default ripemd160).
-e --encryption <aes | serpent | twofish> Encryption algorithm (default aes).
-a --aggressive <blocks> Number of parallel computations (board dependent).
-w --wordlist <wordlist_file> File of words, for Dictionary attack.
-c --charset <alphabet> Alphabet generator, for Alphabet attack.
-m --maxlength <maxlength> Maximum length of passwords, for Alphabet attack.
-s --startlength <minlength> Starting length of passwords, for Alphabet attack (default 1).
-r --restore <number> Restore the computation.
-b --backup Backup header instead of volume header.
-H --hidden Hidden Truecrypt volume.
-v --verbose Show verbose messages.


How To Install

cd truecrack
./configure
make
sudo make install


How To Configure ?

./configure
--enable-debug : enable nVidia CUDA debug mode [default=no]
--enable-cpu : disable cuda nvidia GPU and use CPU [default=no]
--with-cuda=PATH : prefix where cuda is installed [default=auto]

Download TrueCrack

Read More

Automatic Database Dump - sqlcake

Automatic Database Dump: sqlcake
What is sqlcake?

ºsqlcake is an automatic SQL injection exploitation kit written in Ruby. It’s designed for system administration and penetration testing.
ºsqlcake offers a few useful functions to gather database information easily by SQL injection usage.
ºsqlcake also allows you to bypass magic quotes, dump tables and columns and gives you the possibility to run an interactive MySQL shell.
ºsqlcake supports union stacked queries for real fast processing and blind injections with logarithmic techniques for saving time.

Download sqlcake

Read More

Open Source Intelligence - Maltego

What is Maltego?

With the continued growth of your organization, the people and hardware deployed to ensure that it remains in working order is essential, yet the threat picture of your “environment” is not always clear or complete. In fact, most often it’s not what we know that is harmful – it’s what we don’t know that causes the most damage. This being stated, how do you develop a clear profile of what the current deployment of your infrastructure resembles? What are the cutting edge tool platforms designed to offer the granularity essential to understand the complexity of your network, both physical and resource based?

Maltego is a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates. Maltego’s unique advantage is to demonstrate the complexity and severity of single points of failure as well as trust relationships that exist currently within the scope of your infrastructure.

The unique perspective that Maltego offers to both network and resource based entities is the aggregation of information posted all over the internet – whether it’s the current configuration of a router poised on the edge of your network or the current whereabouts of your Vice President on his international visits, Maltego can locate, aggregate and visualize this information.

Maltego offers the user with unprecedented information. Information is leverage. Information is power. Information is Maltego.

Open Source Intelligence:

Maltego is a program that can be used to determine the relationships and real world links between:

ºPeople
ºGroups of people (social networks)
ºCompanies
ºOrganizations
ºWeb sites
ºInternet infrastructure such as:
  ºDomains
  ºDNS names
  ºNetblocks
  ºIP addresses
ºPhrases
ºAffiliations
ºDocuments and files

What can Maltego do for me?

ºMaltego can be used for the information gathering phase of all security related work. It will save you time and will allow you to work more accurately and smarter.
ºMaltego aids you in your thinking process by visually demonstrating interconnected links between searched items.
ºMaltego provide you with a much more powerful search, giving you smarter results.
ºIf access to “hidden” information determines your success, Maltego can help you discover it.

These entities are linked using open source intelligence. Maltego is easy and quick to install – it uses Java, so it runs on Windows, Mac and Linux. Tool provides you with a graphical interface that makes seeing these relationships instant and accurate – making it possible to see hidden connections. Using the graphical user interface (GUI) you can see relationships easily – even if they are three or four degrees of separation away.


Maltego is unique because it uses a powerful, flexible framework that makes customizing possible. As such, Maltego can be adapted to your own, unique requirements.

Download  Maltego

Read More