Security Layer for Arch Linux - ArchStrike

An Arch Linux repository for security professionals and enthusiasts.

Done the Arch Way and optimized for i686, x86_64, ARMv6, and ARMv7.

ArchStrike is a penetration testing and security layer on top of Arch Linux. We follow the Arch Linux standards very closely in order to keep our packages clean, proper and easy to maintain.

The team is working very hard to maintain the repository and give you the best ArchStrike experience.

Twitter: https://twitter.com/ArchStrike

Send us a pull request: https://github.com/ArchStrike/ArchStrike

FAQ

Q: What difference does ArchStrike have from other penetration distributions?

A: We are a layer on top of ArchLinux that you can install and remove easily. We try and follow the Arch Linux standards when making our packages.

Q: Do you have an ISO?

A: As of yet, we do not have an ISO, although our team is working on an ISO to be released as you are reading this. Updates on the ISO will be made on twitter and our website.

Download ArchStrike

Read More

The Amnesic Incognito Live System - Tails 2.4

Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly.

It is a complete operating system designed to be used from a DVD, USB stick, or SD card independently of the computer's original operating system. It is Free Software and based on Debian GNU/Linux.

Tails comes with several built-in applications pre-configured with security in mind: web browser, instant messaging client, email client, office suite, image and sound editor, etc.

New features

• We enabled the automatic account configuration of Icedove which discovers the correct parameters to connect to your email provider based on your email address. We improved it to rely only on secure protocol and we are working on sharing these improvements with Mozilla so that users of Thunderbird outside Tails can benefit from them as well.

Upgrades and changes

• Update Tor Browser to 6.0.1, based on Firefox 45.
• Remove the preconfigured #tails IRC channel. Join us on XMPP instead!
• Always display minimize and maximize buttons in titlebars. (#11270)
• Remove GNOME Tweak Tool and hledger. You can add them back using the Additional software packages persistence feature.
• Use secure HKPS OpenPGP key server in Enigmail.
• Harden our firewall by rejecting RELATED packets and restricting Tor to only send NEW TCP syn packets. (#11391)
• Harden our kernel by:
  • Setting various security-related kernel options: slab_nomerge slub_debug=FZ mce=0 vsyscall=none. (#11143)
  • Removing the .map files of the kernel. (#10951)

Fixed problems

• Update the DRM and Mesa graphical libraries. This should fix recent problems with starting Tails on some hardware. (#11303)
• Some printers that stopped working in Tails 2.0 should work again. (#10965)
• Enable Packetization Layer Path MTU Discovery for IPv4. This should make the connections to obfs4 Tor bridges more reliable. (#9268)
• Fix the translations of Tails Upgrader. (#10221)
• Fix displaying the details of a circuit in Onion Circuits when using Tor bridges. (#11195)

For more details, read our changelog.

Known issues

• The automatic account configuration of Icedove freezes when connecting to some email providers. (#11486)
• In some cases sending an email with Icedove results in the error: "The message could not be sent using Outgoing server (SMTP) mail.riseup.net for an unknown reason." When this happens, simply click "Ok" and try again and it should work. (#10933)
• The update of the Mesa graphical library introduce new problems at least on AMD HD 7770 and nVidia GT 930M.

See the list of long-standing issues.

Download Tails 2.4

Read More

Everything you Need to Safely Browse the Internet - Tor Browser 6.0

The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.

The Tor Browser lets you use Tor on Windows, Mac OS X, or Linux without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained.

The Tor Browser Team is proud to announce the first stable release in the 6.0 series. This release is available from the Tor Browser Project page and also from our distribution directory.

This release brings us up to date with Firefox 45-ESR, which should mean a better support for HTML5 video on Youtube, as well as a host of other improvements.

Beginning with the 6.0 series code-signing for OS X systems is introduced. This should help our users who had trouble with getting Tor Browser to work on their Mac due to Gatekeeper interference. There were bundle layout changes necessary to adhere to code signing requirements but the transition to the new Tor Browser layout on disk should go smoothly.

The release also features new privacy enhancements and disables features where we either did not have the time to write a proper fix or where we decided they are rather potentially harmful in a Tor Browser context.

On the security side this release makes sure that SHA1 certificate support is disabled and our updater is not only relying on the signature alone but is checking the hash of the downloaded update file as well before applying it. Moreover, we provide a fix for a Windows installer related DLL hijacking vulnerability.

The full changelog since Tor Browser 5.5.5 is

Tor Browser 6.0 

• All Platforms
  • Update Firefox to 45.1.1esr
  • Update OpenSSL to 1.0.1t
  • Update Torbutton to 1.9.5.4
    • Bug 18466: Make Torbutton compatible with Firefox ESR 45
    • Bug 18743: Pref to hide 'Sign in to Sync' button in hamburger menu
    • Bug 18905: Hide unusable items from help menu
    • Bug 16017: Allow users to more easily set a non-tor SSH proxy
    • Bug 17599: Provide shortcuts for New Identity and New Circuit
    • Translation updates
    • Code clean-up
  • Update Tor Launcher to 0.2.9.3
    • Bug 13252: Do not store data in the application bundle
    • Bug 18947: Tor Browser is not starting on OS X if put into /Applications
    • Bug 11773: Setup wizard UI flow improvements
    • Translation updates
  • Update HTTPS-Everywhere to 5.1.9
  • Update meek to 0.22 (tag 0.22-18371-3)
    • Bug 18371: Symlinks are incompatible with Gatekeeper signing
    • Bug 18904: Mac OS: meek-http-helper profile not updated
  • Bug 15197 and child tickets: Rebase Tor Browser patches to ESR 45
  • Bug 18900: Fix broken updater on Linux
  • Bug 19121: The update.xml hash should get checked during update
  • Bug 18042: Disable SHA1 certificate support
  • Bug 18821: Disable libmdns support for desktop and mobile
  • Bug 18848: Disable additional welcome URL shown on first start
  • Bug 14970: Exempt our extensions from signing requirement
  • Bug 16328: Disable MediaDevices.enumerateDevices
  • Bug 16673: Disable HTTP Alternative-Services
  • Bug 17167: Disable Mozilla's tracking protection
  • Bug 18603: Disable performance-based WebGL fingerprinting option
  • Bug 18738: Disable Selfsupport and Unified Telemetry
  • Bug 18799: Disable Network Tickler
  • Bug 18800: Remove DNS lookup in lockfile code
  • Bug 18801: Disable dom.push preferences
  • Bug 18802: Remove the JS-based Flash VM (Shumway)
  • Bug 18863: Disable MozTCPSocket explicitly
  • Bug 15640: Place Canvas MediaStream behind site permission
  • Bug 16326: Verify cache isolation for Request and Fetch APIs
  • Bug 18741: Fix OCSP and favicon isolation for ESR 45
  • Bug 16998: Disable <link rel="preconnect"> for now
  • Bug 18898: Exempt the meek extension from the signing requirement as well
  • Bug 18899: Don't copy Torbutton, TorLauncher, etc. into meek profile
  • Bug 18890: Test importScripts() for cache and network isolation
  • Bug 18886: Hide pocket menu items when Pocket is disabled
  • Bug 18703: Fix circuit isolation issues on Page Info dialog
  • Bug 19115: Tor Browser should not fall back to Bing as its search engine
  • Bug 18915+19065: Use our search plugins in localized builds
  • Bug 19176: Zip our language packs deterministically
  • Bug 18811: Fix first-party isolation for blobs URLs in Workers
  • Bug 18950: Disable or audit Reader View
  • Bug 18886: Remove Pocket
  • Bug 18619: Tor Browser reports "InvalidStateError" in browser console
  • Bug 18945: Disable monitoring the connected state of Tor Browser users
  • Bug 18855: Don't show error after add-on directory clean-up
  • Bug 18885: Disable the option of logging TLS/SSL key material
  • Bug 18770: SVGs should not show up on Page Info dialog when disabled
  • Bug 18958: Spoof screen.orientation values
  • Bug 19047: Disable Heartbeat prompts
  • Bug 18914: Use English-only label in <isindex/> tags
  • Bug 18996: Investigate server logging in esr45-based Tor Browser
  • Bug 17790: Add unit tests for keyboard fingerprinting defenses
  • Bug 18995: Regression test to ensure CacheStorage is disabled
  • Bug 18912: Add automated tests for updater cert pinning
  • Bug 16728: Add test cases for favicon isolation
  • Bug 18976: Remove some FTE bridges
• Windows
  • Bug 13419: Support ICU in Windows builds
  • Bug 16874: Fix broken https://sports.yahoo.com/dailyfantasy page
  • Bug 18767: Context menu is broken on Windows in ESR 45 based Tor Browser
• OS X
  • Bug 6540: Support OS X Gatekeeper
  • Bug 13252: Tor Browser should not store data in the application bundle
  • Bug 18951: HTTPS-E is missing after update
  • Bug 18904: meek-http-helper profile not updated
  • Bug 18928: Upgrade is not smooth (requires another restart)
• Build System
  • All Platforms
    • Bug 18127: Add LXC support for building with Debian guest VMs
    • Bug 16224: Don't use BUILD_HOSTNAME anymore in Firefox builds
    • Bug 18919: Remove unused keys and unused dependencies
  • Windows
    • Bug 17895: Use NSIS 2.51 for installer to avoid DLL hijacking
    • Bug 18290: Bump mingw-w64 commit we use
  • OS X
    • Bug 18331: Update toolchain for Firefox 45 ESR
    • Bug 18690: Switch to Debian Wheezy guest VMs
  • Linux
    • Bug 18699: Stripping fails due to obsolete Browser/components directory
    • Bug 18698: Include libgconf2-dev for our Linux builds
    • Bug 15578: Switch to Debian Wheezy guest VMs (10.04 LTS is EOL)

Download Tor Browser 6.0

Read More

Advanced Pentest System - Parrot OS 3.0 (Lithium)

Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, privacy/anonimity and cryptography. Based on Debian and developed by Frozenbox network.

Who can use it

Parrot is designed for everyone, from the Pro pentester to the newbie, because it provides the most professional tools combined in a easy to use, fast and lightweight pentesting environment, and it can be used also for an everyday use.

Features:

System Specs

• Debian jessie core
• Custom hardened linux 4.5 kernel
• Rolling release upgrade line
• MATE desktop environment
• Lightdm Dislpay Manager
• Custom themes, icons and wallpapers

System Requirements

• CPU: at least 1Ghz dual core cpu
• ARCH: 32bit, 64bit and ARMhf
• RAM: 256Mb - 512Mb suggested
• GPU: No graphic acceleration required
• HDD Standard: 6Gb used - 8Gb suggested
• HDD Full: 8Gb used - 16Gb suggested
• BOOT: Legacy bios or UEFI (testing)

Cloud

• Parrot Server Edition
• Parrot Cloud Controller
• Parrot VPS Service
• Custom installation script for Debian VPS

Digital Forensic

• "Forensic" boot option to avoid boot automounts
• Most famous Digital Forensic tools and frameworks out of the box
• Reliable acquisition and imaging tools
• Top class analysis softwares
• Evidence management and reporting tools
• Disabled automount
• Software blockdev write protection system

Cryptography

• Custom Anti Forensic tools
• Custom interfaces for GPG
• Custom interfaces for cryptsetup
• Support for LUKS, Truecrypt and VeraCrypt
• NUKE patch for cryptsetup LUKS disks
• Encrypted system installation

Anonymity

• AnonSurf
• Entire system anonymization
• TOR and I2P out of the box
• DNS requests anonymization
• "Change Identity" function for AnonSurf
• BleachBit system cleaner
• NoScript plugin
• UserAgentOverrider plugin
• Browser profile manager
• RAM-only browser profile
• Pandora's Box - RAM cleaner
• Hardened system behaviour

Programming

• FALCON Programming Language (1.0)
• System editor tuned for programming
• Many compilers and debuggers available
• Reverse Engineering Tools
• Programming Template Files
• Pre-installed most-used libs
• Full Qt5 development framework
• Full .net/mono development framework
• Development frameworks for embedded devices

Download Parrot Security OS 3.0

Read More

Identifies and Fingerprints Web Application Firewall (WAF) Products - WAFW00F

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

How does it work?

To do its magic, WAFW00F does the following:

• Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions
• If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is
• If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks

For further details, check out the source code on the main site, github.com/sandrogauci/wafw00f .

What does it detect?

It detects a number of WAFs. To view which WAFs it is able to detect run WAFW00F with the -l option. At the time of writing the output is as follows:

$ ./wafw00f -l

                                 ^     ^
        _   __  _   ____ _   __  _    _   ____
       ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
      | V V // o // _/ | V V // 0 // 0 // _/
      |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
                                <
                                 ...'

    WAFW00F - Web Application Firewall Detection Tool

    By Sandro Gauci && Wendel G. Henrique

Can test for these WAFs:

Anquanbao
Juniper WebApp Secure
IBM Web Application Security
Cisco ACE XML Gateway
F5 BIG-IP APM
360WangZhanBao
ModSecurity (OWASP CRS)
PowerCDN
Safedog
F5 FirePass
DenyALL WAF
Trustwave ModSecurity
CloudFlare
Imperva SecureSphere
Incapsula WAF
Citrix NetScaler
F5 BIG-IP LTM
Art of Defence HyperGuard
Aqtronix WebKnight
Teros WAF
eEye Digital Security SecureIIS
BinarySec
IBM DataPower
Microsoft ISA Server
NetContinuum
NSFocus
ChinaCache-CDN
West263CDN
InfoGuard Airlock
Barracuda Application Firewall
F5 BIG-IP ASM
Profense
Mission Control Application Shield
Microsoft URLScan
Applicure dotDefender
USP Secure Entry Server
F5 Trafficshield

How do I use it?

For help please make use of the --help option. The basic usage is to pass it a URL as an argument. 

Example:

$./wafw00f https://www.ibm.com/

                                 ^     ^
        _   __  _   ____ _   __  _    _   ____
       ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
      | V V // o // _/ | V V // 0 // 0 // _/
      |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/
                                <
                                 ...'

    WAFW00F - Web Application Firewall Detection Tool

    By Sandro Gauci && Wendel G. Henrique

Checking https://www.ibm.com/
The site https://www.ibm.com/ is behind a Citrix NetScaler
Number of requests: 6

How do I install it?

The following should do the trick:

python setup.py install

or

pip install wafw00f

Download WAFW00F

Read More

the Nmap Project's packet sniffing library for Windows - Npcap

Npcap is an update of WinPcap to NDIS 6 Light-Weight Filter (LWF) technique. It supports Windows Vista, 7, 8 and 10 . It is sponsored by the Nmap Project and developed by Yang Luo under Google Summer of Code 2013 and 2015 . It also received many helpful tests from Wireshark and NetScanTools .

Features

1. NDIS 6 Support : Npcap makes use of new NDIS 6 Light-Weight Filter (LWF) API in Windows Vista and later (the legacy driver is used on XP). It's faster than the deprecated NDIS 5 API, which Microsoft could remove at any time.
2. Extra Security : Npcap can be restricted so that only Administrators can sniff packets. If a non-Admin user tries to utilize Npcap through software such as Nmap or Wireshark, the user will have to pass a User Account Control (UAC) dialog to utilize the driver. This is conceptually similar to UNIX, where root access is generally required to capture packets.
3. WinPcap Compatibility : If you choose WinPcap Compatible Mode at install-time, Npcap will use the WinPcap-style DLL directories c:\Windows\System32 and servcie name npf , allowing software built with WinPcap in mind to transparently use Npcap instead. If compatability mode is not selected, Npcap is installed in a different location C:\Windows\System32\Npcap with a different service name npcap so that both drivers can coexist on the same system. In this case, applications which only know about WinPcap will continue using that, while other applications can choose to use the newer and faster Npcap driver instead.
4. Loopback Packet Capture : Npcap is able to sniff loopback packets (transmissions between services on the same machine) by using the Windows Filtering Platform (WFP) . After installation, Npcap will create an adapter named Npcap Loopback Adapter for you. If you are a Wireshark user, choose this adapter to capture, you will see all loopback traffic the same way as other non-loopback adapters. Try it by typing in commands like ping 127.0.0.1 (IPv4) or ping ::1 (IPv6).
5. Loopback Packet Injection : Npcap is also able to send loopback packets using the Winsock Kernel (WSK) technique. User-level software such as Nping can just send the packets out using Npcap Loopback Adapter just like any other adapter. Npcap then does the magic of removing the packet's Ethernet header and injecting the payload into the Windows TCP/IP stack.
6. Raw 802.11 Packet Capture : Npcap is able to see 802.11 packets instead of fake Ethernet packets on ordinary wireless adapters. You need to select the Support raw 802.11 traffic (and monitor mode) for wireless adapters option in the installation wizard to enable this feature. When your adapter is in Monitor Mode , Npcap will supply all 802.11 data + control + management packets with radiotap headers. When your adapter is in Managed Mode , Npcap will only supply 802.11 data packets with radiotap headers. Moreover, Npcap provides the WlanHelper.exe tool to help you switch to Monitor Mode on Windows. See more details about this feature in section For softwares that use Npcap raw 802.11 feature . See more details about radiotap here: http://www.radiotap.org/

Documentation

Npcap Users' Guide

Build

Run installer\Build.bat : build all DLLs and the driver. The DLLs need to be built using Visual Studio 2013 . And the driver needs to be built using Visual Studio 2015 with Windows SDK 10 10586 & Windows Driver Kit 10 10586 .

Packaging

Run installer\Deploy.bat : copy the files from build directories to deployment directories and sign the files. Generate an installer named npcap-nmap-%VERSION%.exe using NSIS large strings build with the SysRestore plug-in (special build for Npcap) and sign the installer.

Generating debug symbols (optional)

Run installer\Deploy_Symbols.bat : copy the debug symbol files (.PDB) from build directories to deployment directories and package them into a zip file named npcap-nmap-<VERSION>-DebugSymbols.zip using 7-Zip .

Download Npcap

Read More

Monitor APs and Wifi clients on selected channel (Monitor Mode) for Window - WifiChannelMonitor

WifiChannelMonitor is a utility for Windows that captures wifi traffic on the channel you choose, using Microsoft Network Monitor capture driver in monitor mode, and displays extensive information about access points and the wifi clients connected to them. WifiChannelMonitor also allows you to view the information about wifi clients that are not connected to any access points, including the list of SSIDs (network names) that they are trying to connect.

For every access point, the following information is displayed: SSID, MAC Address, Device Manufacturer , PHY Type, Channel, RSSI, Security, Beacons Count, Probe Responses Count, Data Bytes, Retransmitted Data Bytes, and more...

For every client, the following information is displayed: MAC Address, Device Manufacturer, SSID list that the client tries to connect, Sent Data Bytes, Received Data Bytes, Probe Requests Count, and more...

System Requirements

• Windows 10/Vista/7/8/2012 - 32-bit or 64-bit. (In previous version of Windows , there is no support for wifi monitor mode)
• Microsoft Network Monitor 3.x - You can download and install it from this Web page or from this Web page .
• Wireless network adapter and a driver that works properly in 'monitor mode' under Windows. See the remarks about that in the 'Known Problems' section below, it's very important !!

You can also use WifiChannelMonitor to watch wifi information offline by importing a capture pcap file created under Linux with airodump-ng or wireshark. In this case, there is no need for capture driver and you can also use it under Windows XP.

WifiChannelMonitor vs Other Tools

Capturing data using monitor mode allows WifiChannelMonitor to show information that other wifi tools cannot get:

• Detect and show all wifi clients (Tablets, Smartphones, computers with wifi adapter, and so on... ), Including wifi clients that are not connected to any access point, but only tries to connect...
• For wifi clients that try to connect to one or more APs - WifiChannelMonitor displays the list of network names (SSIDs) that the wifi client tries to connect.
• WifiChannelMonitor can also detect clients with a wired connection to the router.
• WifiChannelMonitor shows the number of sent/received data bytes for every access point and for every wifi client connected to the access point.
• WifiChannelMonitor can show the name of hidden network. (The name is detected only when somebody connects this wireless network)

Start Using WifiChannelMonitor

Before you start capturing wifi data with WifiChannelMonitor, you have to install the Microsoft Network Monitor 3.x from this Web page or from this Web page. Except of the Microsoft Network Monitor driver, there is no need for any installation process or additional dll files.

In order to start using WifiChannelMonitor, simply run the executable file - WifiChannelMonitor.exe

After running WifiChannelMonitor, press F6 to start capturing in wifi monitor mode. On the 'Capture Options' window, you have to choose the correct wireless network adapter and the channel number you want to monitor. It's recommended to start monitoring with one of the 3 major wifi channels - 1, 6, or 11.

After choosing the channel and adapter, click the Ok button to start monitoring. After a few seconds, you should see the access points information in the upper pane. If you don't see any information , stop the capture (F7) , go to the 'Capture Options' window (F9) and try to change from 802.11n to 802.11g. After that press F6 to start the capture again.

Wifi Clients Modes (Lower Pane)

There are 3 different modes that you can view the wifi clients in the lower pane:

• Show Clients Of Selected AP:In this mode, WifiChannelMonitor only displays the wifi clients that are connected to the access point you select in the upper pane.
• Show All Clients:In this mode, WifiChannelMonitor displays all detected clients.
• Show All Clients Without AP:In this mode, WifiChannelMonitor displays all clients that are not connected to any access point.
• Show All Clients With AP:In this mode, WifiChannelMonitor displays all clients that are connected to access point.
• Show Only Clients+APs In My List:In this mode, WifiChannelMonitor displays only the clients and APs that appear in the MAC Addresses List (Ctrl+F8)

AP Columns Description

• SSID:The name of the wireless network
• MAC Address:MAC address of the access point.
• Company:Company that manufactured this access point, determined according to the MAC address.
• PHY Type:802.11g, 802.11n, and so on...
• Frequency:Channel frequency in MHz.
• Channel:Channel number.
• RSSI:Specifies the signal strength, in dBm. Some drivers don't provide the correct RSSI values in monitor mode.
• Security:None, WPA-PSK, WPA2-PSK, WPA-PSK + WPA2-PSK, WPA-EAP, WPA2-EAP, WPA-EAP + WPA2-EAP, or WEP.
• Cipher:None, WEP, TKIP, CCMP, TKIP+CCMP.
• Beacons:The total number of beacons sent by the access point. Beacon is a packet sent frequently by the access point and contains essential information that the wifi client need to identify and connect it.
• Probe Responses:The total number of times that the access point responded to a probe request sent by a wifi client.
• Data Bytes:Total number of data bytes sent and received by this access point.
• Retransmitted Data:Total number of retransmitted data bytes sent and received by this access point.
• Device Name:The name of the device. This value is displayed only for devices that support WPS.
• Device Model:The device model. This value is displayed only for devices that support WPS.
• WPS:Specifies the WPS status: No (No WPS Support), Configured, Not Configured, or Locked.
• Start Time:Displays the last time that access point was possibly started/restarted/rebooted. Be aware that some access points reset their timestamp periodically without restart/reboot action, and thus for these APs, the time value displayed on this column doesn't represent the correct start time.
• First Data Detected On:The first time that sent/received data was detected for this AP.
• Last Data Detected On:The last time that sent/received data was detected for this AP.

Wifi Client Columns Description

• MAC Address:MAC address of the wifi client.
• Company:Company that manufactured this wifi client, determined according to the MAC address. For example, if the wifi client is iPhone or iPad, you'll see 'Apple' in this column.
• RSSI:Specifies the signal strength, in dBm. Some drivers don't provide the correct RSSI values in monitor mode.
• SSID List:When wifi client tries to connect one or more access points, this field will display the list of network names (SSIDs) that this client tries to connect.
• Sent Data Bytes:Total number of data bytes sent by the client.
• Received Data Bytes:Total number of data bytes received by the client.
• Retransmitted Sent:Total number of retransmitted data bytes sent by the client.
• Retransmitted Received:Total number of retransmitted data bytes received by the client.
• Client Type:Wifi Client, Router, or Unknown. 
  Wifi Client means that this client uses wireless connection. 
  Router means that this client is the router (Yes... the router is also displayed as a client in the network). 
  Unknown means that this client uses wired connection or wireless connection.
• Device Name:The name of the device. This value is displayed only for devices that support WPS.
• Device Model:The device model. This value is displayed only for devices that support WPS.
• WPS:Specifies the WPS status: No (No WPS Support), Configured, Not Configured, or Locked.
• PHY Type:802.11g, 802.11n, and so on...
• Security:None, WPA-PSK, WPA2-PSK, WPA-EAP, WPA2-EAP, or WEP. This field is filled only when the client tries to connect the access point.
• Cipher:None, WEP, TKIP, CCMP, TKIP+CCMP. This field is filled only when the client tries to connect the access point.
• Probe Requests:Total number of probe requests sent by this client.
• First Detected On:The first date/time that this client was detected.
• Last Detected On:The last date/time that this client was detected.
• Association Status Code:Specifies the last Association Status Code that might be useful to disgnose wifi connection problems. You can find the meaning of these codes in this Web page.
• Deauthentication Code:Specifies the last Deauthentication Code that might be useful to disgnose wifi connection problems. You can find the meaning of these codes in this Web page.
• Association Requests:Specifies the number of association requests sent by the client.
• Device DescriptionIf the MAC address of the device is identical a MAC address in your MAC Addresses List (Ctrl+F8), then the description of the device in this list is displayed in this column.

Meaning of Icons

• Green Icon - The AP or wifi client sent or received data in the last 10 seconds. (You can change the number of seconds in the 'Advanced Options' window)
• Orange Icon - The AP or wifi client sent or received data in the last 60 seconds. (You can change the number of seconds in the 'Advanced Options' window)
• Red Icon - No sent/received data in the last 60 seconds.

Command-Line Options

/cfg <Filename>

Start WifiChannelMonitor with the specified configuration file. For example: WifiChannelMonitor.exe /cfg "c:\config\wf.cfg" WifiChannelMonitor.exe /cfg "%AppData%\WifiChannelMonitor.cfg"

Download WifiChannelMonitor

Read More

Multifunctional Network Toolkit for Android - Intercepter-NG v1.9

Intercepter-NG is a multifunctional network toolkit for various types of IT specialists. It has functionality of several famous separate tools and more over offers a good and unique alternative of Wireshark for android.

The main features are:

• Network discovery with OS detection
• Network traffic analysis
• Passwords recovery
• Files recovery

WARNING! You need ROOT access (SUPERSU ONLY) and BUSYBOX to use this application. Please you Google to learn how to get it on your device!
Also, if you face any problems reinstall busybox and supersu!

What's New

1.9 New:

• + Port Scanner (long click on IP)
• + DNS Spoofing
• + Improvements and fixes

1.8b New:

• + 'Gateway not found' fixed
• + Support for intel\arm x32\x64 devices
• + Clipboard usage for Cookies
• + Improvements and fixes

1.7 New:

• + Netmask bug fixed
• + Subnet scanning improved
• + Address bar in Cookie Viewer
• + Data view in Raw Mode

1.6 New:

• + Updated scanning engine
• + Android 5 support
• + Portrait mode compatibility
• + Fixed sdcard issues
• + Cookie Killer
• + Forced Download
• + Fast poisoning

ScreenShots

Download Intercepter-NG

Read More