#Three Seconds

...

By OffSec 

Read More

AutoBrowser Screenshot of HTTP/s Based Ports - AutoBrowser 4.0

AutoBrowser is a tool written in python for penetration testers. The purpose of this tool is to create report(Json file) and screenshots of http/s based ports on the network. you can choose between analyze Nmap report(XML file -oX ) or scan with Nmap, then the tool automaticly Check the results with http/s request on each host using headless web browser, then it would take a screenshot of the response page content.

• This tool is designed for IT professionals to perform penetration testing.

Documentation:

positional arguments: * analyze - Analyze and browse (Require argument: nmap report location) ** scan - Scan and browse (Require argument: target host or file)

optional arguments: * -h, --help - show this help message and exit * **-p PROJECT, --project PROJECT * - project name (folder which contain all the data. default: project) * **-t TIMEOUT, --timeout TIMEOUT * - http request timeout period * **-w MAX_WORKERS, --max-workers MAX_WORKERS * - Max worker processes (Default: 4) * **--useragent USERAGENT * - Set specific user agent * **--java-enabled * - Display Java enviroment * **--verbose * - Show all checks verbosly * **--proxy PROXY * - Relay connections through HTTP/socks5 proxy (Example: socks5://127.0.0.1:8080) * **--proxy-auth PROXY_AUTH * - Set proxy credentials. (Example: username:password)

Examples:
You must to delimiting the values on the CLI arguments via double quotes only!

• Get argument details of scan method:

    python AutoBrowser.py scan --help   

• Scan with Nmap, checks the results and create folder by name project_name verbose via 10 workers:

    python AutoBrowser.py scan "192.168.1.1/24" -a="-sT -sV -T3" -p project_name --workers=10   

• Scan a host list via Nmap(like -iL Nmap flag), checks the results and create folder by name project_name and enabling java environment:

    python AutoBrowser.py scan file_path.txt -a="-sT -sV -T3" -p project_name --verbose --java-enabled   

• Get the argument details of analyze method:

    python AutoBrowser.py analyze --help   

• Analyzing Nmap XML report and create folder by name report_analyze trough a Proxy:

    python AutoBrowser.py analyze nmap_file.xml --project report_analyze --proxy="socks5://127.0.0.1:8080"   

• Analyzing Nmap XML report and create folder by name report_analyze trough a Proxy with credentials:

    python AutoBrowser.py analyze nmap_file.xml --project report_analyze --proxy="http://127.0.0.1:8080" --proxy-auth="username:password"   

• Analyzing Nmap XML report and create folder by name report_analyze with specify user agent:

    python AutoBrowser.py analyze nmap_file.xml --project report_analyze --user-agent="My New UserAgent"   

Requirements:

Linux Installation:

1. sudo apt-get install python-pip python2.7-dev libxext-dev python-qt4 qt4-dev-tools build-essential nmap
2. sudo pip install -r requirements.txt

MacOSx Installation:

1. Install Xcode Command Line Tools (AppStore)

2.      ruby -e "$(curl -fsSL https://raw.github.com/mxcl/homebrew/go)"    

3. brew install pyqt nmap
4. sudo easy_install pip
5. sudo pip install -r requirements.txt

Windows Installation:

1. Install setuptools
2. Install pip
3. Install PyQt4
4. install Nmap
5. Open Command Prompt(cmd) as Administrator -> Goto python folder -> Scripts (cd c:\Python27\Scripts)
6. pip install -r (Full Path To requirements.txt)

Download AutoBrowser

Read More

SSH Server Auditing - ssh-audit

ssh-audit is a tool for ssh server auditing.

Features

• SSH1 and SSH2 protocol server support;
• grab banner, recognize device or software and operating system, detect compression;
• gather key-exchange, host-key, encryption and message authentication code algorithms;
• output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);
• output algorithm recommendations (append or remove based on recognized software version);
• output security information (related issues, assigned CVE list, etc);
• analyze SSH version compatibility based on algorithm information;
• historical information from OpenSSH, Dropbear SSH and libssh;
• no dependencies, compatible with Python 2.6+, Python 3.x and PyPy;

Usage

usage: ssh-audit.py [-bnv] [-l <level>] <host[:port]>

   -1,  --ssh1             force ssh version 1 only
   -2,  --ssh2             force ssh version 2 only
   -b,  --batch            batch output
   -n,  --no-colors        disable colors
   -v,  --verbose          verbose output
   -l,  --level=<level>    minimum output level (info|warn|fail)

• batch flag -b will output sections without header and without empty lines (implies verbose flag).
  
• verbose flag -v will prefix each line with section type and algorithm name. 

ChangeLog

v1.6.0 (2016-10-14)

• implement algorithm recommendations section (based on recognized software)
• implement full libssh support (version history, algorithms, security, etc)
• fix SSH-1.99 banner recognition and version comparison functionality
• do not output empty algorithms (happens for misconfigured servers)
• make consistent output for Python 3.x versions
• add a lot more tests (conf, banner, software, SSH1/SSH2, output, etc)
• use Travis CI to test for multiple Python versions (2.6-3.5, pypy, pypy3)

v1.5.0 (2016-09-20)

• create security section for related security information
• match and output assigned CVE list and security issues for Dropbear SSH
• implement full SSH1 support with fingerprint information
• automatically fallback to SSH1 on protocol mismatch
• add new options to force SSH1 or SSH2 (both allowed by default)
• parse banner information and convert it to specific sofware and OS version
• do not use padding in batch mode
• several fixes (Cisco sshd, rare hangs, error handling, etc)

v1.0.20160902

• implement batch output option
• implement minimum output level option
• fix compatibility with Python 2.6

v1.0.20160812

• implement SSH version compatibility feature
• fix wrong mac algorithm warning
• fix Dropbear SSH version typo
• parse pre-banner header
• better errors handling

v1.0.20160803

• use OpenSSH 7.3 banner
• add new key-exchange algorithms

v1.0.20160207

• use OpenSSH 7.2 banner
• additional warnings for OpenSSH 7.2
• fix OpenSSH 7.0 failure messages
• add rijndael-cbc failure message from OpenSSH 6.7

v1.0.20160105

• multiple additional warnings
• support for none algorithm
• better compression handling
  
• ensure reading enough data (fixes few Linux SSH)
  

v1.0.20151230

• Dropbear SSH support
  

v1.0.20151223

• initial version
  

Download ssh-audit

Read More

Automated Brute-Force Login Attacks Against EAP Networks - Auto_EAP

Auto_EAP.py is a script designed to perform automated brute-force authentication attacks against various types of EAP networks. These types of wireless networks provide an interface to facilitate password guessing of domain credentials as radius servers check authentication against Active Directory. Using the python library wpaspy, created by Jouni Malinen j@w1.fi to interact with the wpa_supplicant daemon, automated authentication attacks can be preformed with the intent of not causing account lock-outs.

Demo

---

./Auto_EAP.py -s HoneyPot -K WPA-EAP -E PEAP -U test.txt -p Summer2016 -i wlan0
Initialized...
Trying Username Alice with Password test: SUCCESS
Trying Username Bob with Password test: FAILED
Trying Username Charles with Password test: FAILED
Trying Username David with Password test: SUCCESS
Completed

Installation

---

Run 'RunMeFirst.py' within the root directory of Auto_EAP. This will compile the wpaspy library as well as setup a stand alone wpa_supplicant.conf file that Auto_EAP.py will use for testing, leaving the system’s wpa_supplicant config file untouched.

Help

---

./Auto_EAP.py -h
usage: Auto_EAP.py [-h] -i Interface -s SSID -U Usernamefile -p Password -K
                   Key_mgmt -E Eap_type

optional arguments:
  -h, --help            show this help message and exit
  -i Interface, --interface Interface
                        The Interface to use
  -s SSID, --ssid SSID  The SSID to attack
  -U Usernamefile, --User Usernamefile
                        Path to username file
  -p Password, --password Password
                        Password to use
  -K Key_mgmt, --key_mgmt Key_mgmt
                        Key_Management type to use
  -E Eap_type, --eap_type Eap_type
                        Eap type to use

Todo list

---

• [✓] Resoved bug with .a type wireless cards (Shout out to Havok0x90 for his help in resolving this issue)
• [-] Add multi-threading functionality
• [-] Add support for password lists

Download Auto_EAP

Read More

Phishing Campaign Toolkit - King Phisher 1.5.2

King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness training to more complicated scenarios in which user aware content is served for harvesting credentials.

King Phisher is only to be used for legal applications when the explicit permission of the targeted organization has been obtained.

Get the latest stable version from the GitHub Releases Page or use git to checkout the project from source.

For instructions on how to install, please see the INSTALL.md file. After installing, for instructions on how to get started please see the wiki .

Feature Overview

• Run multiple phishing campaigns simultaneously
• Send email with embedded images for a more legitimate appearance
• Optional Two-Factor authentication
• Credential harvesting from landing pages
• SMS alerts regarding campaign status
• Web page cloning capabilities
• Integrated Sender Policy Framework (SPF) checks
• Geo location of phishing visitors
• Send email with calendar invitations

Plugins

Both the client and server can be extended with functionality provided by plugins. A small number of plugins are packaged with King Phisher and additional ones are available in the Plugins repository .

Template Files

Template files for both messages and server pages can be found in the separate King Phisher Templates repository . Any contributions regarding templates should also be submitted via a pull request to the templates repository.

Message Template Variables

The client message templates are formatted using the Jinja2 templating engine and support a number of variables. These are included here as a reference, check the templates wiki page for comprehensive documentation.

Variable Name	Variable Value
client.company_name	The target's company name
client.email_address	The target's email address
client.first_name	The target's first name
client.last_name	The target's last name
client.message_id	The unique tracking identifier (this is the same as uid)
sender.email	The email address in the "Source Email (MIME)" field
sender.friendly_alias	The value of the "Friendly Alias" field
sender.reply_to	The value of the "Reply To" field
url.tracking_dot	URL of an image used for message tracking
url.webserver	Phishing server URL with the uid parameter
url.webserver_raw	Phishing server URL without any parameters
tracking_dot_image_tag	The tracking image in a preformatted <img /> tag
uid	The unique tracking identifier (this is the same as client.message_id)

The uid is the most important, and must be present in links that the messages contain.

Documentation

Documentation for users of the application is provided on the project's wiki page . This includes steps to help new users get started with their first campaigns. Additional technical documentation intended for developers is kept seperate as outlined in section below.

Code Documentation

King Phisher uses Sphinx for internal technical documentation. This documentation can be generated from source with the command sphinx-build -b html docs/source docs/html . The latest documentation is kindly hosted on ReadTheDocs at king-phisher.readthedocs.io .

License

King Phisher is released under the BSD 3-clause license, for more details see the LICENSE file.

Credits

Special Thanks (QA / Beta Testing):

• Jake Garlie - jagar
• Jeremy Schoeneman - Shad0wman
• Ken Smith - p4tchw0rk
• Brianna Whittaker

King Phisher Development Team:

• Erik Daguerre - wolfthefallen ( @wolf_thefallen )
• Brandan Geise - coldfusion ( @coldfusion39 )
• Jeff McCutchan - jamcut ( @jamcut )
• Spencer McIntyre - zeroSteiner ( @zeroSteiner )

Download King Phisher 1.5.2

Read More

The Ultimate WordPress Audit Trail Plugin - WP Security Audit Log

The WP Security Audit Log plugin is a WordPress plugin that keeps an audit trail of everything that happens on your WordPress and WordPress multisite network. There are several WordPress audit trail / log plugins available, tough we chose to review WP Security Audit Log because it is has the most comprehensive logging and the best coverage of WordPress changes. It is also the most complete and mature WordPress audit trail solution. 

Why Do You Need a WordPress Audit Trail?

First things first, why would you need a WordPress audit trail? A WordPress audit trail is a record, or better a log of every change that happened on your WordPress, similar to Syslog on Linux/Unix or the Events Viewer on Microsoft Windows. The WordPress audit trail can be used to:

• Keep track of users’ productivity (ideal for multi-users setups),
• Ease the troubleshooting in case something is wrong with the WordPress website,
• Identify any possible malicious WordPress hack attacks before they actually happen,
• Catch hackers red handed if they manage to hack into your WordPress,
• Do all the forensics to track back which security hole the hackers exploited so you can close it down.

The above are just a few reasons mostly related to WordPress security of why you would need to keep a record of all the changes that happen on your WordPress. There are many other reasons related to business and operations, for example to ensure that your business WordPress website meets today’s stringent regulatory compliance regulations, in case you’re using WordPress for your business website.

Getting Started with the WP Security Audit Log Plugin

Install the WP Security Audit Log plugin from your Plugins page in your WordPress dashboard and activate it. By default the WP Security Audit Log will keep track of all these changes on your WordPress. You can also watch the short video below for a quick introduction.

Comprehensive Tracking of WordPress Changes

The comprehensive WordPress audit trail is what sets this plugin apart from the competition. For example while the other audit log plugins simply record that a post was updated, WP Security Audit Log tells you what exactly changed in the post. For example in the screenshot below we can see that the plugin kept a record when all of the below changes happened:

• User opened the post in the editor,
• Author of the post was changed,
• Title of the post was changed,
• URL of the post was changed

In case the content is changed the alert reporting the change in the plugin will allow you to see the revision of changes, as per the below screenshot.

Fully Configurable WordPress Audit Trail Plugin

WP Security Audit Log is also a fully configurable WordPress plugin, therefore it allows you to customize the plugin’s functionality to suite your own needs. Below is an overview of what you can configure.

Enable / Disable Alerts

The plugin keeps a record of all these WordPress changes. If for example you do not want to keep a record each time a logged in user, or a website visitor requests a non-existing page (HTTP 404 Error) navigate to the Enable/Disable Alerts > System Activity tab and disable Alert 6007 as shown in the below screenshot.

Browse through the different categories to find the change you would like to disable or enable back.

Generic Plugin Settings

You can also configure things such as:

• Support for WAFs and reverse proxy (more information on this option),
• Specify who can access the plugin’s settings and manage it,
• Enable logging, developer options,
• And much more.

Audit Trail Settings

In the Audit Log / Trail settings you can configure settings related to the WordPress audit trail, such as:

• Automatic pruning of alerts from the audit trail,
• Who can view the WordPress audit trial,
• The time zone the plugin uses to timestamp the WordPress changes etc.

Exclude Objects from Monitoring

You can also exclude the below from being recorded in the WordPress audit trial:

• Specific users or roles,
• Custom fields,
• IP addresses.

Beefing Up the WordPress Audit Trail

Keeping an audit trail of all the changes that happen is a WordPress security best practice but who has the time to check the log every few minutes? The good news is that you do not need to. WP Security Audit Log has a number of premium add-ons so you can:

• Configure email notifications so you are alerted instantly via email of important changes on your WordPress,
• Do free text based searches so you can find that specific change when troubleshooting an issue,
• Generate reports for managers, to monitor users’ productivity and for regulatory compliance reasons,
• See who is logged in and block multiple sessions from the same username.

 You can add all of the above functionality to get the best out of your WordPress audit trail solution by purchasing the All Add-Ons bundle. Prices start from as low as $89.

Read More

Lightweight and Powerful Penetration Testing OS - DracOS

Dracos Linux ( www.dracos-linux.org ) is the Linux operating system from Indonesian , open source is built based on the Linux From Scratch under the protection of the GNU General Public License v3.0. This operating system is one variant of Linux distributions, which is used to perform security testing (penetration testing). Dracos linux in Arm by hundreds hydraulic pentest, forensics and reverse engineering. Does not use a GUI-based tools-tools and just have the software using the CLI (command line interface) to perform its operations. Now Dracos currently already up to version 2.0 with the code name "Leak".

Screenshot

Teaser

As the target of development

Education
Dracos Linux is purposed as an educational,especially to recognize the operation system of linux and we respect ethical hacking.

Build from source
had always been built from codes instead of installer,this will stimulate users in indonesia to stay creative and to build the spirit of opensource.

Repository
even though proportionally based on codes,Dracos Linux still intends to construct the repository to build up the processes Like Venomizer

Heavy Control
We need to recognize this operating system Very Dificult Because Dracos in build from source code, thus forcing us to compile when installing a package or software, which of course will arise the possibility of system failure and other system vulnerabilities.

Always from terminal
None of every singel tool that was installed inside the OS uses GUI. CLI will always consider to particularly openbox to ease the users in need of multi terminal in applying Penetration Testing

Penetration Tools List
Link : http://dev.dracos-linux.org/projects/dracoslinux/wiki/Penetration_Testing

• Information Gathering
• Vulnerability Assessment
• Web Attack
• Exploitation Testing
• Privilege Escalation
• Password Attack
• Social Engineering
• Man In The Middle Attack
• Stress Testing
• Wireless Attack
• Maintaining Access
• Forensics Tools
• Reverse Engineering
• Malware Analysis
• Covering Track

Download DracOS

Read More

Mirai Source Code Released

The IoT Botnet Mirai’s source code has been published online by its author along with configuration and set-up details. Naturally, web security analysts are expecting a series of online attacks from malicious threat actors. The reason behind their concerns is that this code can easily convert any hackable, that is, unsecured or unprotected devices like the routers, web cameras and phone, etc., into DDoS Bots. These bots can then be used to attack websites and to take them offline.

Source IoT Botnet Mirai’s

Read More

Modern mass media manipulation methods are types of distraction - Media Manipulation

Media manipulation is a series of related techniques in which partisans create an image or argument that favours their particular interests. Such tactics may include the use of logical fallacies and propaganda techniques, and often involve the suppression of information or points of view by crowding them out, by inducing other people or groups of people to stop listening to certain arguments, or by simply diverting attention elsewhere. In Propaganda: The Formation of Men's Attitudes, Jacques Ellul writes that public opinion can only express itself through channels which are provided by the mass media of communication – without which there could be no propaganda. It is used within public relations, propaganda, marketing, etc. While the objective for each context is quite different, the broad techniques are often similar.

watch the video

By OffSec

Read More