Platform Independent Network Packet Generator - Hyenae

Hyenae is a highly flexible platform independent network packet generator. It allows you to reproduce several MITM, DoS and DDoS attack scenarios, comes with a clusterable remote daemon and an interactive attack assistant.

Platform Independent Network Packet Generator

Features

ºARP-Request flooding
ºARP-Cache poisoning
ºPPPoE session initiation flooding
ºBlind PPPoE session termination
ºICMP-Echo flooding
ºICMP-Smurf attack
ºICMP based TCP-Connection reset
ºTCP-SYN flooding
ºTCP-Land attack
ºBlind TCP-Connection reset
ºUDP flooding
ºDNS-Query flooding
ºDHCP-Discover flooding
ºDHCP starvation attack
ºDHCP-Release forcing
ºCisco HSRP active router hijacking
ºPattern based packet address configuration
ºIntelligent address and address protocol detection
ºSmart wildcard-based randomization
ºDaemon for setting up remote attack networks
ºHyenaeFE QT-Frontend support

Download Hyenae

Read More

Web Application Security Reconnaissance - Skipfish

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

Key features:

High speed:

pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.

Ease of use:

heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.

Cutting-edge security logic:

high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.

The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.

Download Skipfish

Read More

SQL Injection framework - Seringa

Seringa – SQL Injection framework

Seringa (Romanian for seringe) is an SQL injection framework featuring high customizability and a user-friendly interface. It is completely open source. Uses the .NET 4.0 framework and Windows Presentation Foundation(WPF) for the GUI. With regard to design it utilizes the Strategy Pattern to distinguish between various SQLi strategies whilst storing other relevant data such as exploits, payloads and patterns in xml files so that the framework can be easily customized from the outside(a manifestation of the Open-Closed Principle).

Seringa allows you to:

ºscan Google search results given a search string
ºtest search results for SQLi vulnerability
ºtest a single url for vulnerability
ºextract a database structure(databases,tables,columns) in a tree form
ºexecute given payloads and receive results(some predefined queries include current database name, current database user, current database version etc)
ºsave your penetration testing process to a file(mapping file) and load it later
ºuse a proxy(regular or socks) when testing

Concepts: Injection Strategies

ºways of actually running a SQL injection
ºrequire their own distinct classes in the code
ºnot modifiable without recompiling
ºthe 2 available types at the time of writing are “UNION Based”(referring to the use of the UNION SQL command) and “ERROR Based”(referring to errors being spilled out by the web application)
ºInjection Strategy classes are required to implement the IInjectionStrategy interface DBMSs
ºshort for Database Management System
ºrefer to the underlying DBMS that the web application sends commands to
ºthe DBMS values seen in the GUI are extracted from the exploits file(see the Exploits concept) Exploits
ºthe actual SQL commands that cause a vulnerable system to do what the penetration tester wants
ºthey are configurable in the exploits.xml file that is found in the xml folder each node in sed file represents a single exploit
ºeach exploit works for a particular DBMS as specified by the dbms attribute of the node Payloads
ºwhat the penetration tester wants to do to the system
ºconfigurable in the payloads.xml file
ºalso dependable on the DBMS Patterns
ºused when testing if a particular url is SQL injectable
ºeach pattern is a message that the targeted web application might output when it’s tested if it is vulnerable to SQLi attacks
ºconfigurable in patterns.xml Ipcheckers
ºwhen using a proxy with Seringa you might want to check what your ip actually is from within the application
ºthis can easily be done using a free ip checker site
ºthe ipcheckers.xml file allows for the free site to be configured to your favourite ip checker site

Download Seringa

Read More

Large Scale Brute Force Cryptanalysis - Wisecracker

Large scale brute force cryptanalysis needs a tremendous amount of computational power that government agencies like the NSA and companies like Google have.

An average security researcher might want to have such capabilities as well but they do not have the tools or the computational resources. Moreover, they might not be skilled in writing software that takes advantage of the computational resources provided by commercial-off-the-shelf systems with CUDA and OpenCL capable GPUs and computational clusters provided by Amazon EC2 and Microsoft Azure.

With Wisecracker we bridge this gap by providing an open source framework for security researchers to write their own cryptanalysis tools that can distribute brute force cryptanalysis work across multiple systems with multiple multi-core processors and GPUs. Security researchers can also use the sample tools provided as part of Wisecracker out-of-the-box.The differentiating aspect of Wisecracker is that it uses OpenCL and MPI together to distribute the work across multiple systems each having multiple CPUs and/or GPUs. We support the OpenCL libraries provided by Intel, AMD and NVIDIA, and support multiple operating systems such as Linux, Microsoft Windows and Apple’s Mac OSX.

Large Scale Brute Force Cryptanalysis: Wisecracker documentationLarge Scale Brute Force Cryptanalysis

Wisecracker is licensed under the GNU General Public License version 3 and is free for anyone to use. The source code and latest downloadable version of Wisecracker can be downloaded from Github.

Technical Details

Wisecracker comes with a C and C++ API for the user to write their own custom cryptanalysis software using a combination of OpenCL, C and/or C++.

Wisecracker internally uses a divide and conquer algorithm to distribute work or tasks across multiple systems which then internally use a round-robin style distribution for tasks to be distributed between OpenCL devices on that system.

An example application such as the MD5 password cracker is provided as a demonstration on how to use Wisecracker and also as a ready-to-use application for cracking passwords of up to 8 characters.

A user can download Wisecracker on a GPU cluster virtual machine provided by Amazon EC2 and reverse an MD5 cryptographic hash for a 6 character password in about 20 minutes if using 1 virtual machine or in about 3 minutes if using 2.

More applications for cracking cryptographic hashes such as SHA-1, SHA-256 and others will be added in the near future.

Download Wisecracker

Read More

Search engine that allows computer scientists - Censys

Censys is a search engine that allows computer scientists to ask questions about the devices and networks that compose the Internet. Driven by Internet-wide scanning, Censys lets researchers find specific hosts and create aggregate reports on how devices, websites, and certificates are configured and deployed. [more information]

Access Censys

Read More

Simple FTP Fuzzer - SFTPfuzzer

SFTPfuzzer (Simple FTP Fuzzer) is a very simple software written in Python 2.7 (by 0x8b30cc), that allows you to easily fuzz username and password field in an FTP Server, looking for a buffer overflow vulnerability.

SFTPfuzzer is written in a very simple way, and the code is well commented, allowing you to easily understand what is going on and easily edit the software. The code is licensed under GNU General Public License (GPL v3), if you want to know more read here.

Usage:

You can use SFTPfuzzer.py in two ways, manual mode and arguments mode.

If you want to manually add target ip address (RHOST) and target port (RPORT), you just need to run:

$ python SFTPfuzzer.py

If you want to add command line arguments, then the usage will be like this:

$ python SFTPfuzzer.py -t <rhost> -p <rport>

For example:

$ python SFTPfuzzer.py -t 192.168.1.8 -p 21

Download SFTPfuzzer

Read More

Collaborative Penetration Test and Vulnerability Management Platform - Faraday 1.0.17

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the generated data during the process of a security audit.


The first of many releases in 2016, Faraday v.1.0.17 (Community, Pro & Corp) introduces a new Maltego Plugin, support for Mint 17 and Kali Rolling, and several fixes including installation issues.

Changes:

ºNew Maltego Plugin
ºAdded support for Kali Rolling Edition
ºAdded support for Mint 17
ºAdded user notification when the current Workspace doesn't exist
ºAdded removeBySeverity.py script - as its name describes, it removes all vulns with a 

specific severity value. It supports the following parameters:

-v extended output
-t dry-run, won't connect to DB
-s severity to filter by, required
-d workspace, required

python $FARADAY/helpers/removeBySeverity.py -d WORKSPACE_NAME -s SEVERITY -v 


Bug fixes:

ºFixed bug in pip Debian
ºFixed pip install bug
ºChecks additionals about dependencies in installation
ºWarning about a upgrade to experimental in debian installation
ºFixed small bug in CSV importing
ºFixed styles for Status Report
ºFixed bug on Status Report filter after editing
ºShow all evidence files in Status Report
ºFixed Arachni Plugin bugs


We hope you enjoy it, and let us know if you have any questions or comments.

https://www.faradaysec.com/

https://twitter.com/faradaysec

Download Faraday

Read More

Automatic search for GitHub - GitMiner

 + Autor: Danilo Vaz a.k.a. UNK
 + Blog: http://unk-br.blogspot.com
 + Github: http://github.com/danilovazb
 + Twitter: https://twitter.com/danilovaz_unk

DESCRIPTION

Advanced search tool and automation in Github.
This tool aims to facilitate research by code or code 
snippets on github through the site's search page.

MOTIVATION

Demonstrates the fragility of trust in public repositories to store codes with sensitive information.

REQUERIMENTS

argparse
requests
json
lxml

INSTALL

git clone http://github.com/danilovazb/GitMiner

sudo apt-get install python-requests python-lxml 

OR

pip install lxml requests

HELP

Automatic search for GitHub.                                                            
 + Autor: Danilo Vaz a.k.a. UNK
 + Blog: http://unk-br.blogspot.com
 + Github: http://github.com/danilovazb
 + Gr33tz: l33t0s, RTFM


[-h] [-q 'filename:shadown path:etc']
       [-m wordpress] [-o result.txt]

optional arguments:
  -h, --help            show this help message and exit
  -q 'filename:shadown path:etc', --query 'filename:shadown path:etc'
                        Specify search term
  -m wordpress, --module wordpress
                        Specify the search module
  -o result.txt, --output result.txt
                        Specify the output file where it will be

                        saved

EXAMPLE

Searching for wordpress configuration files with passwords:


$:> python git_miner.py -q 'filename:wp-config extension:php FTP_HOST in:file ' -m wordpress -o result.txt

Looking for brasilian government files containing passwords:

$:> python git_miner.py --query 'extension:php "root" in:file AND "gov.br" in:file' -m senhas

Looking for shadow files on the etc paste:

$:> python git_miner.py --query 'filename:shadow path:etc' -m root

Searching for joomla configuration files with passwords:


$:> python git_miner.py --query 'filename:configuration extension:php "public password" in:file' -m joomla

Download GitMiner

Read More

Android Pentesting Portable Integrated Environment - Appie v3

Appie is a software package that has been pre-configured to function as an Android Pentesting Environment on any windows based machine without the need of a Virtual Machine(VM) or dualboot.

It is completely portable and can be carried on USB stick or your smartphone. It is one of its kind Android Security Analysis Tool and is a one stop answer for all the tools needed in Android Application Security Assessment, Android Forensics, Android Malware Analysis.

Difference between Appie and existing environments ?

• Tools contained in Appie are running on host machine instead of running on virtual machine.
• Less Space Needed(Only around 1.5GB required compared to atleast 10 GB of Virual Machine)
• As the name suggests it is completely Portable i.e it can be carried on USB Stick or on your own smartphone and your pentesting environment will go wherever you go without any configuring changes.
• Awesome Interface

Below are some of changes which have been made from previous version:

• It now have Python 2.7.11(32 bit) so that even 32 bit systems have no problem with usage.
• Also updated the Conemu framework which i use as a base terminal.
• Although all the tools are now updated in Appie, but in this version i have introduced a simple update script through which you can update all the tools inside Appie without downloading new version of Appie. So at the end this saves your lot of time.
• It is lot more faster now, if you are an existing user of Appie than you will notice that.
• Some new tools have been included in this version:-
  • I have replaced Sublime Text with open-source Atom text editor.
  • ByteCodeViewer
  • jadx
  • SQLite Database Browser
  • SQLmap
  • Included Mozilla Firefox with some security addons.
  • AndroBugs Framework
  • And finally Appie has a logo.

Demo Video

Below is short demonstration video of Appie.

More: https://manifestsecurity.com/appie-version-3-released/

Download Appie v3

Read More