Network Forensic Analysis - NetworkMiner

NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files

Network Forensic Analysis Features

ºNetwork Forensics
ºNetwork Sniffing
ºPCAP Parser
ºDigital Forensics
ºPacket Sniffer

NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble/rebuild transmitted files, directory structures and certificates from PCAP files.


The purpose of NetworkMiner is to collect data (such as forensic evidence) about hosts on the network rather than to collect data regarding the traffic on the network. The main view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames). NetworkMiner also comes in very handy when analyzing malware traffic, such as C&C (command-and-control) traffic from a BotNet, since uploaded and downloaded files are extracted to disk.

NetworkMiner performs OS fingerprinting based on TCP SYN and SYN+ACK packet by using OS fingerprinting databases from p0f (by Michal Zalewski) and Ettercap (by Alberto Ornaghi and Marco Valleri). NetworkMiner can also perform OS fingerprinting based on DHCP packets (which usually are broadcast packets) by making use of the Satori (by Eric Kollmann) OS fingerprinting database from FingerBank. NetworkMiner also uses the MAC-vendor list from Nmap (by Fyodor).

NetworkMiner can extract files and certificates transferred over the network by parsing a PCAP file or by sniffing traffic directly from the network. This is a neat function that can be used to extract and save media files (such as audio or video files) which are streamed across a network. Supported protocols for file extraction are FTP, HTTP and SMB.

User credentials (usernames and passwords) for supported protocols are extracted by NetworkMiner and displayed under the “Credentials” tab. Please be considerate when displaying the contents of this tab to the public.

Another very useful feature is that the user can search sniffed or stored data for keywords. NetworkMiner allows the user to insert arbitrary string or byte-patterns that shall be searched for with the keyword search functionality.


Version 0.84 (and newer) of NetworkMiner support sniffing and parsing of WLAN (IEEE 802.11) traffic. NetworkMiner does however currently only support WiFi sniffing with AirPcap adapters.

Download  NetworkMiner

Read More

Blind SQL injection - BBQSQL

Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don’t you have to write something custom. This is time-consuming and tedious. BBQSQL can help you address those issues.

BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast.


Similar to other SQL injection tools you provide certain request information.

Must provide the usual information:

ºURL
ºHTTP Method
ºHeaders
ºCookies
ºEncoding methods
ºRedirect behavior
ºFiles
ºHTTP Auth
ºProxies

HTTP Parameters
BBQSQL has many http parameters you can configure when setting up your attack. At a minimum you must provide the URL, where you want the injection query to run, and the method. The following options can be set:

ºfiles
ºheaders
ºcookies
ºurl
ºallow_redirects
ºproxies
ºdata
ºmethod
ºauth

Blind SQL injection: BBQSQL Install

This should be straight forward, but what ever is. Try running:

sudo pip install bbqsql


If that doesn’t work for you, you can install from source. The tool requires gevent,requests.

Download  BBQSQL

Read More

Wireless Security Auditing - Fern Wifi Cracker

Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks

Fern Wifi Cracker Features:

ºWEP Cracking with Fragmentation,Chop-Chop, Caffe-Latte, Hirte, ARP Request Replay or ºWPS attack
ºWPA/WPA2 Cracking with Dictionary or WPS based attacks
ºAutomatic saving of key in database on successful crack
ºAutomatic Access Point Attack System
ºSession Hijacking (Passive and Ethernet Modes)
ºAccess Point MAC Address Geo Location Tracking
ºInternal MITM Engine
ºBruteforce Attacks (HTTP,HTTPS,TELNET,FTP)
ºUpdate Support>

Operating System Supported

The Software runs on any Linux machine with the programs prerequisites, But the program has been tested on the following Linux based operating systems:

ºUbuntu KDE/GNOME
ºBackTrack Linux
ºBackBox Linux

Prerequisites

The Program requires the following to run properly:
The following dependencies can be installed using the Debian package installer command on Debian based systems using “apt-get install program” or otherwise downloaded and installed manually

ºAircrack-NG
ºPython-Scapy
ºPython Qt4
ºPython
ºSubversion
ºXterm
ºReaver (for WPS Attacks)
ºMacchanger

Downlaod Fern Wifi Cracker

Read More

Local Pentest Transform Package - Sploitego

Sploitego is a local pen-test transform package that uses the Canari Framework for local transform execution in Maltego. The framework was first introduced at DEFCON 20 and has since picked up steam.

Sploitego has currently been tested on Mac OS X and Linux.


Sploitego is only supported on Python version 2.6. The setup script will automatically download and install most of the prerequisite modules, however, some modules will still need to be installed manually.

Some of the transforms require external command-line tools (e.g. nmap, amap, p0f, etc.). The following command-line tools are currently supported:

ºNmap version 5.51: Download
ºP0f version 3.05b: Download
ºAmap version 5.4: Download
ºMetasploit: Download
ºNessus: Download

Download  Sploitego

Read More

Anonymous - A Guerra no Brasil 2016 (The War in Brazil)

ºWe are Anonymous.
ºWe are Legion.
ºWe do not forgive.
ºWe do not forget.
ºExpect us.

By OffensiveSec

Read More

The movie - They Live (Portuguese) 1988

John (Roddy Piper) is a handyman who comes to Los Angeles and finds work in a factory. During an unprecedented crackdown, police destroyed an entire block of the slum where he lives. In the confusion Nothing is seemingly ordinary sunglasses, but using them can see hideous alien creatures disguised as humans, as well as the subliminal messages they convey through the media in general. Nothing realize that the invaders are already controlling the planet and, along with his co-worker Frank ( Keith David ) , decides to engage in the resistance movement, which is persecuted as subversive by the police.

(Update)By OffensiveSec

Read More

Portable Linux Auditing CD

PLAC is a business card sized bootable cdrom running linux. It has network auditing, disk recovery, and forensic analysis tools. ISO will be avialable and scripts to roll you own cd.

Download PLAC

Read More

Bootable Forensics - snarl

snarl is a bootable forensics ISO based on FreeBSD and using @stake's autopsy and task as well as scmoo's list of known good checksums. Once you boot the iso just log in as root there is no password. You will boot into a dialog driven menu. select the first option and choose the checksum set for the OS you are auditing. this will convert the schmoo checksum database into a format that autopsy understands. Then select the second option. this will configure and start autopsy. Then select the third option and links will be launched browsing the autopsy page. You can also select exit and use the large collection of security related ports.

Download snarl

Read More

Data Wiping Software - DBAN

DBAN is free erasure software designed for the home user. It automatically deletes the contents of any hard disk that it can detect. This method prevents identity theft before recycling a computer. DBAN is also a commonly used solution to remove viruses and spyware from Microsoft Windows installations.

DBAN users should be aware of some product limitations, including:

ºNo guarantee of data removal (e.g. DBAN does not detect or securely erase SSDs)
ºNo audit-ready reporting for regulatory compliance
ºLimited hardware support (e.g. no RAID dismantling)
ºNo customer support or regular software updates

Download DBAN

Read More