Wednesday, April 30, 2014

Wireshark v1.11.3 - The world’s foremost network protocol analyzer

Wireshark is the world’s foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions.

Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

Changelog v1.11.3

New and Updated Features
The following features are new (or have been significantly updated) since version 1.11.1:
  • Qt port:
    • The About dialog has been added
    • The Capture Interfaces dialog has been added.
    • The Decode As dialog has been added. It managed to swallow up the User Specified Decodes dialog as well.
    • The Export PDU dialog has been added.
    • Several SCTP dialogs have been added.
    • The statistics tree (the backend for many Statistics and Telephony menu items) dialog has been added.
    • The I/O Graph dialog has been added.
    • French translation has updated.
The following features are new (or have been significantly updated) since version 1.11.1:
  • Mac OS X packaging has been improved.
The following features are new (or have been significantly updated) since version 1.11.0:
  • Dissector output may be encoded as UTF-8. This includes TShark output.
  • Qt port:
    • The Follow Stream dialog now supports packet and TCP stream selection.
    • A Flow Graph (sequence diagram) dialog has been added.
    • The main window now respects geometry preferences.
The following features are new (or have been significantly updated) since version 1.10:
  • Wireshark now uses the Qt application framework. The new UI should provide a significantly better user experience, particularly on Mac OS X and Windows.
  • The Windows installer now uninstalls the previous version of Wireshark silently. You can still run the uninstaller manually beforehand if you wish to run it interactively.
  • Expert information is now filterable when the new API is in use.
  • The “Number” column shows related packets and protocol conversation spans (Qt only).
  • When manipulating packets with editcap using the -C <choplen> and/or -s <snaplen> options, it is now possible to also adjust the original frame length using the -L option.
  • You can now pass the -C <choplen> option to editcap multiple times, which allows you to chop bytes from the beginning of a packet as well as at the end of a packet in a single step.
  • You can now specify an optional offset to the -C option for editcap, which allows you to start chopping from that offset instead of from the absolute packet beginning or end.
  • “malformed” display filter has been renamed to “_ws.malformed”. A handful of other filters have been given the “_ws.” prefix to note they are Wireshark application specific filters and not dissector filters.

RAWR - Rapid Assessment of Web Resources


Introducing RAWR (Rapid Assessment of Web Resources). There’s a lot packed in this tool that will help you get a better grasp of the threat landscape that is your client’s web resources. It has been tested from extremely large network environments, down to 5 node networks. It has been fine-tuned to promote fast, accurate, and applicable results in usable formats. RAWR will make the mapping phase of your next web assessment efficient and get you producing positive results faster!

Features
  • A customizable CSV containing ordered information gathered for each host, with a field for making notes/etc.
  • An elegant, searchable, JQuery-driven HTML report that shows screenshots, diagrams, and other information.
  • a CSV Treat Matrix for an easy view of open ports across all provided hosts. (Use -a to show all ports.)
  • Default password suggestions using a list compiled from several online sources.
  • Supports the use of a proxy (Burp, Zap, W3aF)
  • Captures/stores SSL Certificates, Cookies, and Cross-domain.xml
  • Customizable crawl of links within the host’s domain.
  • PNG Diagram of all pages found during crawl
  • List of links crawled in tiered format.
  • List of documents seen for each site.
  • Automation-Friendly output (JSON strings)
Requirements
  • nmap – at least 6.00 – required for SSL strength assessment
  • graphviz – site diagram from crawl (optional)
  • python-lxml – parsing xml & html
  • python-pygraphviz – site layout from crawl (optional)
  • phantomJS – tested with 1.9.1, can be downloaded/installed in local folder during –check-install

Tuesday, April 29, 2014

BlackArch Linux v2014.04.21 - Lightweight expansion to Arch Linux for pentesters and security researchers


BlackArch Linux is an Arch-based GNU/Linux distribution for pentesters and security researchers. The BlackArch package repository is compatible with existing Arch installs.

Changelog v2014.04.21

  • added new system packages: mplayer, abs, ack, bc, bridge-utils, darkhttpd, flashplugin, inotify-tools, irssi, makepasswd, mercurial, mplayer, rtorrent, scrot, strace, tor-browser-en
  • added .Xresources with entries for xterm
  • added wicd to system start (systemctl)
  • added wicd and wicd-gtk networkmanager
  • removed ‘xset r rate 150 100′ entry for X
  • updated menu entries
  • added more than 150 new tools
  • replaced zathura pdf reader with mupdf
Main Features
  • Support for i686, x86_64, armv6h and armv7h architectures
  • Over 750 tools (constantly increasing)
  • Modular package groups
  • A live ISO with multiple window managers, including dwm, fluxbox, openbox, awesome, wmii, i3 and spectrwm.
  • An installer with the ability to build from source.

BluetoothLogView - Creates a log of Bluetooth devices activity around you


BluetoothLogView is a small utility that monitors the activity of Bluetooth devices around you, and displays a log of Bluetooth devices on the main window. Every time that a new Bluetooth device arrives to your area and when the device leaves your area, a new log line is added with the following information: Device Name, Device Address, Event Time, Event Type ('Device Arrival' or 'Device Left'), Device Type, and the company that created the device. BluetoothLogView also allows you to specify a description for every device (according to its MAC address) that will appear under the 'Description' column.


OWASP ZAP v2.3.0 - An easy to use integrated penetration testing tool for finding vulnerabilities in web applications



OWASP Zed Attack Proxy (ZAP) An easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.

Changelog v2.3.0, highlights

  • A ZAP ‘lite’ version in addition to the existing ‘full’ version
  • View, intercept, manipulate, resend and fuzz client-side (browser) events
  • Enhanced authentication support
  • Support for non standard apps
  • Input Vector scripts
  • Scan policy – fine grained control
  • Advanced Scan dialog
  • Extended command line options
  • More API support
  • Internationalized help file
  • Keyboard shortcuts
  • New UI options
  • More functionality moved to add-ons
  • New and improved active and passive scanning rules

oclHashcat v1.20 - Worlds fastest password cracker


oclHashcat is a GPGPU-based multi-hash cracker using a brute-force attack (implemented as mask attack), combinator attack, dictionary attack, hybrid attack, mask attack, and rule-based attack.

This GPU cracker is a fusioned version of oclHashcat-plus and oclHashcat-lite.


GPU Driver requirements:
  • NV users require ForceWare 331.67 or later
  • AMD users require Catalyst 14.4 or later

Changelog v1.20

  • Added algorithms
  • AMD Catalyst v14.x (Mantle) driver
  • Improved distributed cracking support
  • Added outfiles directory
  • Rewrote restore system from scratch
  • Rewrote multihash structure
  • Added debugging support for rules
  • Added support for $HEX[]
  • Added tweaks for AMD OverDrive 6 and better fan speed control
  • Adding new password candidates on-the-fly
  • Rewrote weak-hash check
  • Reload previously-cracked hashes from potfile
Full Changelog: here
Features
  • Worlds fastest password cracker
  • Worlds first and only GPGPU based rule engine
  • Free
  • Multi-GPU (up to 128 gpus)
  • Multi-Hash (up to 100 million hashes)
  • Multi-OS (Linux & Windows native binaries)
  • Multi-Platform (OpenCL & CUDA support)
  • Multi-Algo (see below)
  • Low resource utilization, you can still watch movies or play games while cracking
  • Focuses highly iterated modern hashes
  • Focuses dictionary based attacks
  • Supports distributed cracking
  • Supports pause / resume while cracking
  • Supports sessions
  • Supports restore
  • Supports reading words from file
  • Supports reading words from stdin
  • Supports hex-salt
  • Supports hex-charset
  • Built-in benchmarking system
  • Integrated thermal watchdog
  • 100+ Algorithms implemented with performance in mind

Attack-Modes
  • Straight (accept Rules)
  • Combination
  • Brute-force
  • Hybrid dict + mask
  • Hybrid mask + dict

Algorithms
  • MD4
  • MD5
  • SHA1
  • SHA-256
  • SHA-512
  • SHA-3 (Keccak)
  • RipeMD160
  • Whirlpool
  • GOST R 34.11-94
  • HMAC-MD5 (key = $pass)
  • HMAC-MD5 (key = $salt)
  • HMAC-SHA1 (key = $pass)
  • HMAC-SHA1 (key = $salt)
  • HMAC-SHA256 (key = $pass)
  • HMAC-SHA256 (key = $salt)
  • HMAC-SHA512 (key = $pass)
  • HMAC-SHA512 (key = $salt)
  • LM
  • NTLM
  • DCC
  • DCC2
  • NetNTLMv1
  • NetNTLMv1 + ESS
  • NetNTLMv2
  • Kerberos 5 AS-REQ Pre-Auth etype 23
  • AIX {smd5}
  • AIX {ssha1}
  • AIX {ssha256}
  • AIX {ssha512}
  • FreeBSD MD5
  • OpenBSD Blowfish
  • descrypt
  • md5crypt
  • bcrypt
  • sha256crypt
  • sha512crypt
  • DES(Unix)
  • MD5(Unix)
  • SHA256(Unix)
  • SHA512(Unix)
  • OSX v10.4
  • OSX v10.5
  • OSX v10.6
  • OSX v10.7
  • OSX v10.8
  • OSX v10.9
  • Cisco-ASA
  • Cisco-IOS
  • Cisco-PIX
  • GRUB 2
  • Juniper Netscreen/SSG (ScreenOS)
  • RACF
  • Samsung Android Password/PIN
  • MSSQL
  • MySQL
  • Oracle
  • Postgres
  • Sybase
  • DNSSEC (NSEC3)
  • IKE-PSK
  • IPMI2 RAKP
  • iSCSI CHAP
  • WPA
  • WPA2
  • 1Password, cloudkeychain
  • 1Password, agilekeychain
  • Lastpass
  • Password Safe SHA-256
  • TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES
  • TrueCrypt 5.0+ PBKDF2 HMAC-SHA512 + AES
  • TrueCrypt 5.0+ PBKDF2 HMAC-Whirlpool + AES
  • TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES + boot-mode
  • TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES + hidden-volume
  • TrueCrypt 5.0+ PBKDF2 HMAC-SHA512 + AES + hidden-volume
  • TrueCrypt 5.0+ PBKDF2 HMAC-Whirlpool + AES + hidden-volume
  • TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES + hidden-volume + boot-mode
  • SAP CODVN B (BCODE)
  • SAP CODVN F/G (PASSCODE)
  • Citrix Netscaler
  • Netscape LDAP SHA/SSHA
  • Apache MD5-APR
  • hMailServer
  • EPiServer
  • Drupal
  • IPB
  • Joomla
  • MyBB
  • osCommerce
  • Redmine
  • SMF
  • vBulletin
  • Woltlab Burning Board
  • xt:Commerce
  • WordPress
  • phpBB3
  • Half MD5 (left, mid, right)
  • Double MD5
  • Double SHA1
  • md5($pass.$salt)
  • md5($salt.$pass)
  • md5(unicode($pass).$salt)
  • md5($salt.unicode($pass))
  • md5(sha1($pass))
  • sha1($pass.$salt)
  • sha1($salt.$pass)
  • sha1(unicode($pass).$salt)
  • sha1($salt.unicode($pass))
  • sha1(md5($pass))
  • sha256($pass.$salt)
  • sha256($salt.$pass)
  • sha256(unicode($pass).$salt)
  • sha256($salt.unicode($pass))
  • sha512($pass.$salt)
  • sha512($salt.$pass)
  • sha512(unicode($pass).$salt)
  • sha512($salt.unicode($pass))

Hashcat-Utils - Set of small utilities that are useful in advanced password cracking


Hashcat-utils are a set of small utilities that are useful in advanced password cracking. They all are packed into multiple stand-alone binaries.

All of these utils are designed to execute only one specific function. Since they all work with STDIN and STDOUT you can group them into chains.

The programs are available for Linux and Windows on both 32 bit and 64 bit architectures. The programs are also available as open source.

List of Utilities

  • combinator: This program is a stand-alone implementation of the Combinator Attack.
    Each word from file2 is appended to each word from file1 and then printed to STDOUT.
    Since the program is required to rewind the files multiple times it cannot work with STDIN and requires real files.
  • cutb: This program (new in hashcat-utils-0.6) is designed to cut up a wordlist (read from STDIN) to be used in Combinator attack. Suppose you notice that passwords in a particular dump tend to have a common padding length at the beginning or end of the plaintext, this program will cut the specific prefix or suffix length off the existing words in a list and pass it to STDOUT.
  • expander: This program has no parameters to configure. Each word going into STDIN is parsed and split into all its single chars, mutated and reconstructed and then sent to STDOUT.

    There are a couple of reconstructions generating all possible patterns of the input word by applying the following iterations:


    All possible lengths of the patterns within a maximum of 7 (defined in LEN_MAX macro, which you can increase in the source).
    All possible offsets of the word.
    Shifting the word to the right until a full cycle.
    Shifting the word to the left until a full cycle.
  • gate: Each wordlist going into STDIN is parsed and split into equal sections and then passed to STDOUT based on the amount you specify. The reason for splitting is to distribute the workload that gets generated.The two important parameters are “mod” and “offset”.
    The mod value is the number of times you want to split your dictionary.
    The offset value is which section of the split is getting that feed.
  • hcstatgen: Tool used to generate .hcstat files for use with the statsprocessor.
  • len: Each word going into STDIN is parsed for its length and passed to STDOUT if it matches a specified word-length range.
  • morph: Basically morph generates insertion rules for the most frequent chains of characters from the dictionary that you provide and that, per position.
Dictionary = Wordlist used for frequency analysis.
Depth = Determines what “top” chains that you want. For example 10 would give you the top 10 (in fact, it seems to start with value 0 so that 10 would give the top 11).Width = Max length of the chain. With 3 for example, you will get up to 3 rules per line for the most frequent 3 letter chains.pos_min = Minimum position where the insertion rule will be generated. For example 5 would mean that it will make rule to insert the string only from position 5 and up.pos_max = Maximum position where the insertion rule will be generated. For example 10 would mean that it will make rule to insert the string so that it’s end finishes at a maximum of position 10.
  • permute: This program is a stand-alone implementation of the Permutation Attack. It has no parameters to configure. Each word going into STDIN is parsed and run through “The Countdown QuickPerm Algorithm” by Phillip Paul Fuchs.
  • prepare: This program is made as an dictionary optimizer for the Permutation Attack. Due to the nature of the permutation algorithm itself, the input words “BCA” and “CAB” would produce exactly the same password candidates.
  • req: Each word going into STDIN is parsed and passed to STDOUT if it matches an specified password group criteria. Sometimes you know that some password must include a lower-case char, a upper-case char and a digit to pass a specific password policy. That means checking passwords that do not match this policy will definitely not result in a cracked password. So we should skip it. This program is not very complex and it can not fully match all the common password policy criteria, but it does provide a little help.
  • rli: compares a single file against another file(s) and removes all duplicates. rli can be very useful to clean your dicts and to have one unique set of dictionaries.
  • rli2: Unlike rli, rli2 is not limited. But it requires infile and removefile to be sorted and uniqued before, otherwise it won’t work as it should.
  • splitlen: This program is designed to be a dictionary optimizer for oclHashcat. oclHashcat has a very specific way of loading dictionaries, unlike hashcat or oclHashcat. The best way to organize your dictionaries for use with oclHashcat is to sort each word in your dictionary by its length into specific files, into a specific directory, and then to run oclHashcat in directory mode.

Download Hashcat-Utils

Monday, April 28, 2014

NetworkTrafficView - Monitor the traffic on your network adapter


NetworkTrafficView is a network monitoring tool that captures the packets pass through your network adapter, and displays general statistics about your network traffic. The packets statistics is grouped by the Ethernet Type, IP Protocol, Source/Destination Addresses, and Source/Destination ports. For every statistics line, the following information is displayed: Ethernet Type (IPv4, IPv6, ARP), IP Protocol (TCP, UDP, ICMP), Source Address, Destination Address, Source Port, Destination Port, Service Name (http, ftp, and so on), Packets Count, Total Packets Size, Total Data Size, Data Speed, Maximum Data Speed, Average Packet Size, First/Last Packet Time, Duration, and process ID/Name (For TCP connections).


Saturday, April 26, 2014

IronWASP 2014 - One of the world's best web security scannners


Find security issues on your website automatically using IronWASP, one of the world's best web security scannners.

Here's what is new:

1) Login recording
Now you can easily just record a login sequence and use it in vulnerability scans and other automated tests. See video tutorial.

2) Automatically testing for CSRF, Broken Authentication, Privilege Escalation and Hidden Parameters
Now IronWASP has a new section called Interactive Testing tools that let you automatically discover vulnerabilities that could only be discovered by manual testing.

3) Browser pre-configured for Manual Crawling
The most common problem with intercepting proxies is that you have to change your browser's proxy settings and import the tool's certificate as a trusted CA for SSL traffic. Even after doing this there is change that traffic from your regular browsing will get mixed with your test traffic. IronWASP solves all of these problems, it comes with a browser pre-configured to use IronWASP as proxy, it handles SSL certificate errors automatically (no need to import as CA) and since this is a separate browser it does not affect the regular browsing that you are doing in your other browser. See video.

4) DOM XSS Analyzer
If you understand what DOM XSS sources and sinks are and have the ability to understand and analyse JavaScript code then you will find this new utility really useful. It makes the process of discovering DOM XSS really easy for manual testers. See video tutorial.

5) XmlChor - XPATH Injection Exploitation tool
This version comes with a new Module called XmlChor written by Harshal Jamdade. This module can be used to automatically exploit XPATH Injection vulnerabilities and extract the backend XML file from the server. See video tutorial.

6) WiHawk - WiFi Router Vulnerability Scanner
There version has one more awesome module called WiHawk written by Anamika Singh. This module can be used to scan a range of IP addresses for WiFi routers that have default password and authentication bypass vulnerabilities. It also supports Shodan API to scan large number of devices on the internet. See video tutorial.


NetworkLatencyView - Calculates the network latency (in milliseconds)


NetworkLatencyView is a simple tool for Windows that listens to the TCP connections on your system and calculates the network latency (in milliseconds) for every new TCP connection detected on your system. For every IP address, NetworkLatencyView displays up to 10 network latency values, and their average. The latency value calculated by NetworkLatencyView is very similar to the result you get from pinging to the same IP address.

NetworkLatencyView also allows you to easily export the latency information to text/csv/tab-delimited/html/xml file, or copy the information to the clipboard and then paste it to Excel or other application.


Friday, April 25, 2014

Dll Hijack Auditor v3.5 - Smart Tool to Audit the DLL Hijack Vulnerability


DLL Hijack Auditor is the smart tool to Audit against the Dll Hijacking Vulnerability in any Windows application.

This is one of the critical security issue affecting almost all Windows systems. Though most of the apps have been fixed, but still many Windows applications are susceptible to this vulnerability which can allow any attacker to completely take over the system.

DllHijackAuditor helps in discovering all such Vulnerable Dlls in a Windows application which otherwise can lead to successful exploitation resulting in total compromise of the system.

With its simple GUI interface DllHijackAuditor makes it easy for anyone to instantly perform the auditing operation. It also presents detailed technical Audit report which can help the developer in fixing all vulnerable points in the application.

Dll Hijack Auditor is a fully portable and works on wide range of platforms starting from Windows XP to Windows 8.


Pyrasite - Inject arbitrary code into a running Python process


Pyrasite is a library and a set of tools for injecting code into running Python programs.
usage: pyrasite [-h] [--gdb-prefix GDB_PREFIX] [--verbose] pid [filename]

pyrasite - inject code into a running python process

positional arguments:
pid The ID of the process to inject code into
filename The second argument must be a filename

optional arguments:
-h, --help show this help message and exit
--gdb-prefix GDB_PREFIX
GDB prefix (if specified during installation)
--verbose Verbose mode

For updates, visit https://github.com/lmacken/pyrasite


Thursday, April 24, 2014

WebPwn3r - Web Applications Security Scanner



WebPwn3r is a Web Applications Security Scanner coded in Python to help Security Researchers to scan Multiple links in the same time against Remote Code/Command Execution & XSS Vulnerabilities.

You can extract the URL’s from Burp Suite and save it in list.txt then pass it to WebPwn3r.

You can also use your own crowler to gather URL’s for a certain domain or a random domains, and save it in list.txt then pass it to WebPwn3r.

WebPwn3r got below Features:

1- Scan a URL or List of URL’s
2- Detect and Exploit Remote Code  Injection Vulnerabilities.
3- ~ ~ ~ Remote Command  Execution Vulnerabilities.
4- ~ ~ ~ Typical XSS Vulnerabilities.
5- Detect WebKnight WAF.
6- Improved Payloads to bypass Security Filters/WAF’s.
7- Finger-Print the backend Technologies.




WhoIsConnectedSniffer - Network discovery tool that listens to network packets on your network


WhoIsConnectedSniffer is a network discovery tool that listens to network packets on your network adapter using a capture driver (WinpCap or MS network monitor) and accumulates a list of computer and devices currently connected to your network. WhoIsConnectedSniffer uses various protocols to detect the computers connected to your network, including ARP, UDP, DHCP, mDNS, and BROWSER.

For every detected computer or device, the following information is displayed: (Some of the fields might be empty if the information cannot be found inside the packets) IP Address, MAC Address, name of the device/computer, description, Operating System, Network Adapter Company, IPv6 Address.

After collecting the connected computers/devices information, you can easily export the list to tab-delimited/comma-delimited/xml/html file.

Protocols supported by WhoIsConnectedSniffer

  • ARP:WhoIsConnectedSniffer listens to this protocol to get the IP address and MAC address of computers and devices.
  • UDP:When a computer broadcasts a UDP packet to all other computers, WhoIsConnectedSniffer extracts from it the IP address and the MAC address.
  • DHCP:When a computer connects to the network, it usually sends a DHCP request. WhoIsConnectedSniffer uses this request to get the host name and IP address of the computer.
  • mDNS:This protocol is used on Linux and Mac OS systems. WhoIsConnectedSniffer uses it to get the host name and IP address of the computer, and also the operating system (on Linux)
  • BROWSER:This protocol is mainly used by Windows, but some Linux systems supports this protocol too. WhoIsConnectedSniffer uses it to get the name of the computer, description text of the computer, and the operating system. 


Wednesday, April 23, 2014

Hash Kracker v2.5 - All-in-one Hash Password Recovery Software


Hash Kracker is the free all-in-one tool to recover the hash password for multiple hash types.
Currently it supports password recovery from following popular Hash types
  • MD5
  • SHA1
  • SHA256
  • SHA384
  • SHA512
It uses dictionary based cracking method which makes the cracking operation simple and easier.

Though it supports only Dictinary Crack method, you can easily use tools like Crunch, Cupp to generate brute-force based or any custom password list file and then use it with 'Hash Kracker'.


Andiparos - Security tool that can be used for web application security assessments

Andiparos is a fork of the famous Paros Proxy. It is an open source web application security assessment tool that gives penetration testers the ability to spider websites, analyze content, intercept and modify requests, etc.

The advantage of Andiparos is mainly the support of Client Certificates on Smartcards. Moreover it has several small interface enhancements, making the life easier for penetration testers...

Features:
  • Smartcard support
  • BeanShell support
  • History Filter (URLs)
  • Passive Scanner
  • Advanced search functionality
  • MultiTags for request/response
  • Mark Request/Response
  • Better Mac OS X integration
  • other nice enhancements...
For stability reasons, JDIC support has been completely removed. 


Tuesday, April 22, 2014

Instant PDF Password Remover v3.5 - Free PDF Password & Restrictions Removal Tool


Instant PDF Password Remover is the FREE tool to instantly remove Password of protected PDF document. It can remove both User & Owner password along with all PDF file restrictions such as Copy, Printing, Screen Reader etc.

Often we receive password protected PDF documents in the form of mobile bills, bank statements or other financial reports. It is highly inconvenient to remember or type these complex and long passwords.

'Instant PDF Password Remover' helps you to quickly remove the Password from these PDF documents. Thus preventing the need to type these complex/long password every time you open such protected PDF documents.

Note that it cannot help you to remove the unknown password. It will only help you to remove the KNOWN password so that you don't have to enter the password everytime while opening the PDF file.

It makes it even easier with the 'Right Click Context Menu' integration. This allows you to simply right click on the PDF file and launch the tool. Also you can Drag & Drop PDF file directly onto the GUI window to start the password removal operation instantly.


It can unlock PDF document protected with all versions of Adobe Acrobat Reader using different (RC4, AES) encryption methods.

It comes with Installer for quick installation/un-installation. It works on wide range of Operating systems starting from Windows XP to Windows 8.


Shodan Plugin for Chrome


The Shodan plugin tells you where the website is hosted (country, city), who owns the IP and what other services/ ports are open.

The Shodan plugin for Chrome automatically checks whether Shodan has any information for the current website. Is the website also running FTP, DNS, SSH or some unusual service? With this plugin you can see all the info that Shodan has collected on a given website/ domain.


Monday, April 21, 2014

XVI32 - Freeware Hex Editor


XVI32 is a freeware hex editor running under Windows 9x/NT/2000/XP/Vista/7. The name XVI32 is derived from XVI, the roman notation for the number 16. XVI32 and all of its components are developed by myself.

The current release 2.55 is available since June 26, 2012. It comes with a complete online help and requires only 1.02 MB of hard disk space. There is no setup program needed - just unzip the downloaded archive to your hard disk! XVI32 doesn't write any data to your registry.

XVI32 is used by thousands of people all over the world. It was included in books like the Hacker's Guide. Even people at Microsoft ™ do use XVI32! If you don't believe me, look at http://support.microsoft.com/kb/835840/EN-GB/.

Features

XVI32 has the following main features. Especially note the highlighted advantages of XVI32.
  • XVI32 is a portable application, i.e. no setup program is needed, you can run XVI32 from your USB stick, no data is written to the registry
  • data inspector to view decoded numbers (see screen shot; can be turned off).
  • Has built-in script interpreter.
  • Easily works with huge files. Try to open a 60 MB sized text file with some other hex editor (not to speak about Wordpad), then use XVI32... If you don't have such a huge text file, use my freeware tool RndFile to create one
  • XVI32 allows to edit files up to 2 GB (enough virtual memory provided, of course)
  • For your convenience, XVI32 stores settings and last used search strings etc. in XVI32.INI file
  • Progress indication in percent for most operations
  • You can abort nearly all operations (reading/writing files, search, replace, print...)
  • Display of both text (ASCII/ANSI) and hexadecimal representation
  • Two synchronous cursors in text and hex area
  • Fully resizeable window (change number of rows and columns)
  • Font and font size adjustable
  • Overwrite or insert characters
  • Insert text or hex string n times
  • Switch byte offset (address) of first byte between 0 or 1 to examine also record structure of plain text files
  • Search text or hex string, e.g. find "this text" or find "0D 0A"
  • Simplified search for Unicode Latin (UTF-16) strings
  • Search optionally with joker (wildcard) char that will match any character, e.g. find "A.C" or "00 2E 2E 00" where "." = "2E" (user-defined) stands for any character
  • Fast searching algorithm (Quicksearch) for both search directions (down/up)
  • Count occurences of text or hex string
  • Replace text or hex string, e.g. replace "0D 0A" by "0A" or replace "0D 0A" by text "EOL"
  • Extremely fast "replace all" mode (if needed, additional memory is allocated beforehead, not at every single replacing operation)
  • Menu item Shredder data to overwrite all bytes of a file with binary zeroes
  • Auto-fill feature to copy bytes from current address into input field for hex string using right arrow key
  • Character conversion using self-defined character table
  • Easy converting of text to hex string in dialogs (e.g. "abc" -> "61 62 63")
  • Decoding and encoding of 1, 2, 4, and 8 byte integers or 4/8 byte floats in 2 possible byte orders
  • Bit manipulation (view or set bits)
  • Open file in Read Only Mode (e.g. if opened by another application or to avoid unintentional modifications)
  • Insert file contents into file
  • Write block to file
  • Copy, move or delete block
  • Clipboard support
  • Goto address (absolute or relative up/down)
  • Up to 9 named bookmarks
  • Enter jump width and jump up/down (useful for files with fixed record length)
  • Patch BORLAND PASCAL 7.0 EXE files for execution on processors > 200 MHz
  • Printing with preview or print to file
  • Simplified search for Unicode Latin (UTF-16) strings
  • Command "Reload" to open current file again
  • Easily access most recently used files
  • And last, but not least: XVI32 is free!

Pyew - A Python tool for static malware analysis



Pyew is a (command line) python tool to analyse malware. It does have support for hexadecimal viewing, disassembly (Intel 16, 32 and 64 bits), PE and ELF file formats (it performs code analysis and let you write scripts using an API to perform many types of analysis), follows direct call/jmp instructions in the interactive command line, displays function names and string data references; supports OLE2 format, PDF format and more. It also supports plugins to add more features to the tool.

Pyew have been successfully used in big malware analysis systems since almost 2 years, processing thousand of files daily. 


Sunday, April 20, 2014

KisMAC - Free Sniffer/Scanner application for Mac OS X



KisMAC is an open-source and free sniffer/scanner application for Mac OS X. It has an advantage over MacStumbler / iStumbler / NetStumbler in that it uses monitor mode and passive scanning.

KisMAC supports many third party USB devices: Intersil Prism2, Ralink rt2570, rt73, and Realtek rtl8187 chipsets. All of the internal AirPort hardware is supported for scanning.

The rest of this wiki assumes you are prepared for advanced topics and know what you are doing with your system.

Features

  • Reveals hidden / cloaked / closed SSIDs
  • Shows logged in clients (with MAC Addresses, IP addresses and signal strengths)
  • Mapping and GPS support
  • Can draw area maps of network coverage
  • PCAP import and export
  • Support for 802.11b/g
  • Different attacks against encrypted networks
  • Deauthentication attacks
  • AppleScript-able
  • Kismet drone support (capture from a Kismet drone)

Supported hardware chipsets

  • Apple AirPort and AirPort Extreme (dependent upon Apple's drivers)
  • Intersil Prism 2, 2.5, 3 USB devices
  • Ralink rt2570 and rt73 USB devices
  • Realtek RTL8187L USB (such as the Alfa AWUS036H, which does not work on Mac OS 10.6.7 or later)

Crypto support

  • Bruteforce attacks against LEAP, WPA and WEP
  • Weak scheduling attack against WEP
  • Newsham 21-bit attack against WEP 

FS-NyarL - Network Takeover & Forensic Analysis Tool


NyarL it's Nyarlathotep, a mitological chaotic deity of the writer HP. Lovecraft's cosmogony.
It's represent Crawling Chaos and FS-NyarL it's The Crawling Chaos of Cyber Security :-)
A network takeover & forensic analysis tool - useful to advanced PenTest tasks & for fun and profit - but use it at your own risk!
 
  • Interactive Console
  • Real Time Passwords Found
  • Real Time Hosts Enumeration
  • Tuned Injections & Client Side Attacks
  • ARP Poisoning & SSL Hijacking
  • Automated HTTP Report Generator

ATTACKS IMPLEMENTED:
  • MITM (Arp Poisoning)
  • Sniffing (With & Without Arp Poisoning)
  • SSL Hijacking (Full SSL/TLS Control)
  • HTTP Session Hijaking (Take & Use Session Cookies)
  • Client Browser Takeover (with Filter Injection in data stream)
  • Browser AutoPwn (with Filter Injection in data steam)
  • Evil Java Applet (with Filter Injection in data stream)
  • DNS Spoofing
  • Port Scanning


POST ATTACKS DATA OBTAINED:

  • Passwords extracted from data stream
  • Pcap file with whole data stream for deep analysis
  • Session flows extracted from data stream (Xplico & Chaosreader)
  • Files extracted from data stream
  • Hosts enumeration (IP,MAC,OS)
  • URLs extracted from data stream
  • Cookies extracted from data stream
  • Images extracted from data stream
  • List of HTTP files downloaded extracted from URLs


DEPENDENCIES (aka USED TOOLS):

  • Chaosreader (already in bin folder)
  • Xplico
  • Ettercap
  • Arpspoof
  • Arp-scan
  • Mitmproxy
  • Nmap
  • Tcpdump
  • Beef
  • SET
  • Metasploit
  • Dsniff
  • Macchanger
  • Hamster
  • Ferret
  • P0f
  • Foremost
  • SSLStrip
  • SSLSplit

Ninja PingU - High performance network scanner tool for large scale analyses


NINJA-PingU Is Not Just a Ping Utility is a free open-source high performance network scanner tool for large scale analyses. It has been designed with performance as its primary goal and developed as a framework to allow easy plugin creation.

NINJA PingU comes out of the box with a set of plugins for services analysis and embedded devices identification. More information about those can be found in its home page at http://owasp.github.io/NINJA-PingU

Usage:
# sudo ./bin/npingu [OPTIONS] targets

-t Number of sender threads.
-p Port scan range. For instance, 80 or 20-80.
-d Delay between packages sent (in usecs).
-s No service identification (less bandwith load, more hosts/time).
-m Module to run. For instance, Service.
-h Show this help.
[targets] Ip address seed. For instance, 192.168.1. or 1.1.1.1-255.0.0.0

Examples:
Example to scan some OVH servers:
   # ./bin/npingu -t 3 -p 20-80 188.1.1.1-188.255.1.1 -d 1 -m Service

-Targeted Hosts [188.165.83.148-188.255.83.148]
-Targeted Port Range [20-80]
-Threads [3]
-Delay 1 usec
-Use the Service identification Module

Example to scan several google web servers:
  # ./bin/npingu -t 5 -p 80 -s 74.125.0.0-74.125.255.255

-Targeted Hosts [74.125.0.0-74.125.255.255]
-Targeted Port [80]
-Threads [5]
-s synOnly scan

Example for scanning the 32764/TCP Backdoor
  # ./bin/npingu -t 2 1.1.1.1-255.1.1.1 -m Backdoor32764 -p 32764

-Targeted Hosts [1.1.1.1-255.1.1.1]
-Targeted Port [32764]
-Threads [2]
-Use the 32764/TCP Backdoor Module

Saturday, April 19, 2014

SmartSniff - Capture TCP/IP packets on your network adapter


SmartSniff is a network monitoring utility that allows you to capture TCP/IP packets that pass through your network adapter, and view the captured data as sequence of conversations between clients and servers. You can view the TCP/IP conversations in Ascii mode (for text-based protocols, like HTTP, SMTP, POP3 and FTP.) or as hex dump. (for non-text base protocols, like DNS)

SmartSniff provides 3 methods for capturing TCP/IP packets :

  1. Raw Sockets (Only for Windows 2000/XP or greater): Allows you to capture TCP/IP packets on your network without installing a capture driver. This method has some limitations and problems.
  2. WinPcap Capture Driver: Allows you to capture TCP/IP packets on all Windows operating systems. (Windows 98/ME/NT/2000/XP/2003/Vista) In order to use it, you have to download and install WinPcap Capture Driver from this Web site. (WinPcap is a free open-source capture driver.) 
    This method is generally the preferred way to capture TCP/IP packets with SmartSniff, and it works better than the Raw Sockets method.
  3. Microsoft Network Monitor Driver (Only for Windows 2000/XP/2003): Microsoft provides a free capture driver under Windows 2000/XP/2003 that can be used by SmartSniff, but this driver is not installed by default, and you have to manually install it, by using one of the following options:
  4. Microsoft Network Monitor Driver 3: Microsoft provides a new version of Microsoft Network Monitor driver (3.x) that is also supported under Windows 7/Vista/2008. Starting from version 1.60, SmartSniff can use this driver to capture the network traffic. 
    The new version of Microsoft Network Monitor (3.x) is available to download from Microsoft Web site
    Notice:If WinPcap is installed on your system, and you want to use the Microsoft Network Monitor Driver method, it's recommended to run SmartSniff with /NoCapDriver, because the Microsoft Network Monitor Driver may not work properly when WinPcap is loaded too.   

HonSSH - Log all SSH communications between a client and server


HonSSH is a high-interaction Honey Pot solution.

HonSSH will sit between an attacker and a honey pot, creating two separate SSH connections between them.

Features

  • Captures all connection attempts to a text file.
  • When an attacker sends a password guess, HonSSH can automatically replace their attempt with the correct password (spoof_login option). This allows them to login with any password but confuses them when they try to sudo with the same password.
  • All interaction is captured into a TTY log (thanks to Kippo) that can be replayed using the playlog utility included from Kippo.
  • A text based summary of an attackers session is captured in a text file.
  • Sessions can be viewed or hijacked in real time (again thanks to Kippo) using the management telnet interface.  

Thursday, April 17, 2014

Nmap 6.45 - Free Security Scanner For Network Exploration & Security Audits


Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.

Changes: Added ssl-heartbleed script to detect the Heartbleed bug in OpenSSL. Various other additions and updates.

Tuesday, April 15, 2014

Simple 8-bit Assembler Simulator


A simulator which provides a simplified assembler syntax (based on NASM) and is simulating a x86 like cpu. Press Help inside the simulator to see an overview about the supported instructions.

Features

  • 8-bit CPU
  • 4 general purpose registers
  • 256 bytes of memory
  • Console output

Burp Suite Professional v1.6 - The leading toolkit for web application security testing


Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

Changelog v1.6

Burp Suite Free Edition contains significant new features added since v1.5, including:
  • Support for WebSockets messages.
  • Support for PKCS#11 client SSL certificates contained in smart cards and physical tokens.
  • A new Extender tool, allowing dynamic loading and unloading of multiple extensions.
  • A new powerful extensibility API, enabling extensions to customize Burp’s behavior in much more powerful ways.
  • Support for extensions written in Python and Ruby.
  • A new BApp Store feature, allowing quick and easy installation of extensions written by other Burp users.
  • An option to resolve DNS queries over a configured SOCKS proxy, allowing access to TOR hidden services.
  • Generation of CSRF PoC attacks using a new cross-domain XHR technique.
  • New options for SSL configuration, to help work around common problems.
  • Optional unpacking of compressed request bodies in the Proxy.
  • Support for .NET DeflateStream compression.
  • New and improved types of Intruder payloads.
  • New Proxy interception rules.
  • New Proxy match/replace rules.
  • Improved layout options in the Repeater UI.
  • An SSL pass-through feature, to prevent Burp from breaking the SSL tunnel for specified domains.
  • Support for the Firefox Plug-n-hack extension.
  • An option to copy a selected request as a curl command.

Burp Suite Professional contains a number of bugfixes and tweaks, added since the last beta version, including:
  • An occasional bug causing misplaced highlights on payloads in Scanner issues has been fixed.
  • A bug in which restoring default settings for the Extender tool didn’t unload any currently running extensions has been fixed.
  • A display bug affecting the rendering of binary content (such as images) in the raw view of the HTTP message editor has been fixed.
  • A bug which prevented the automatic backup on exit feature from functioning in headless mode has been fixed.
  • In previous versions, Burp stored its preferences in separate locations for each major version. This caused persisted settings to be lost on upgrading to a new major version. This behavior has been modified, and from v1.6 onwards major versions will store their preferences in the same location. As a workaround to preserve settings from earlier releases, Pro users can launch the earlier release, save a state file containing their preferences, then launch the new release and load the state file.

Monday, April 14, 2014

RouterPassView v1.53 - Recover lost password from router backup file


Most modern routers allow you to backup the configuration of the router into a file, and then restore the configuration from the file when it's needed.

The backup file of the router usually contains important data like your ISP user name/password, the login password of the router, and wireless network keys.

If you lost one of these password/keys, but you still have a backup file of your router configuration, RouterPassView might help you to recover your lost password from your router file.

Supported Routers

Due to large amount of router models available in the market, it's impossible to support all of them. 

For now, RouterPassView supports a limited number of router models, and I'll gradually add support for more routers in future versions. Also, be aware that even if your router is not in the list, you can still try to open your router backup file with RouterPassView, because some routers are sold with different brand name, but they still use the same software/chipset of other routers.
Here's the list:

  • Linksys WRT54GL (With original firmware or Tomato firmware), WRT54G (only some of them), WRT160N, WRT320N, and possibly similar models.
  • Linksys E5200
  • Linksys E2000
  • Linksys RV082
  • Linksys E2500
  • Linksys N1500
  • Linksys E900
  • Cisco-Linksys E4200
  • Edimax BR6204WG, and possibly similar models.
  • Siemens ADSL SL2-141, and possibly similar models.
  • Dynalink RTA1025W, and possibly similar models.
  • NETGEAR WGT624, WGR614v9, WNR1000v3, WNR3500L, and possibly other models.
  • ASUS WL-520g, WL-600g, and possibly similar models.
  • ASUS RT-N10+ , and possibly similar models.
  • Asus RT-N56U , and possibly similar models.
  • Asus RT-AC66U
  • D-Link DIR-655, DIR-300, and possibly similar models.
  • Sanex SA 5100, and possibly similar models.
  • Sitecom WL-351, WL-575, WL-312, and possibly similar models.
  • COMTREND 536+ (Only Internet Login)
  • US Robotics 9108 ADSL (internet login and admin login)
  • D-Link DSL-2540U/BRU/D ADSL2+, DSL-2650U, DSL-520B
  • D-Link DVA-G3170i/PT
  • D-Link DSL-604T
  • D-Link G3670B
  • D-Link DSL-2640T
  • D-Link DSL-G684T
  • D-Link DSL-2500U
  • D-Link 2740B
  • D-Link DIR-615 G2
  • D-Link WBR-1310
  • D-Link DSL-2543B
  • D-Link DI-524
  • D-Link DI-624+A
  • D-Link DIR-600
  • D-Link DIR-300
  • TL-WDR4300 N750
  • TP-Link TD-8810 ADSL Modem/Router.
  • Dynamode R-ADSL-C4-W-G1
  • NetComm NB5Plus4 DSL
  • Thomson TG580 DSL (only in Hex Dump mode)
  • Asus RT-G31
  • HuaWei EchoLife HG520 (Only some of them)
  • HuaWei HG526
  • HuaWei-3Com Aolynk BR104
  • TP-LINK TL-WR841N
  • TP-LINK TL-WR841DN
  • TP-LINK TL-MR342
  • TP-LINK TL-WR340G
  • TP-LINK TL-R460
  • TP-LINK TL-WR741ND v2.0
  • TP-LINK TL-WR700N
  • TP-LINK TL-WR740N
  • TP-LINK TL-WA801N
  • TP-LINK TL-WR541G
  • TP-LINK TL-WR1043ND
  • TP-LINK TD-W8960N
  • TP-Link TL-WR941ND
  • TP-Link TL-MR3220
  • TP-Link TL-WR642G
  • TP-Link TL-WDR3320
  • TP-Link TD-W8970
  • Belkin N+ (F5D8236uk4)
  • Mercury MW54R
  • Netgear DG632
  • Netgear Wireless Cable Voice Gateway CG3000/CG3100
  • Netcomm NB6W
  • Aztech DSL605EW
  • Comtrend CT-5072T ADSL2+ modem/router
  • Small Business RV042
  • Intelbras WRN240
  • ipTIME N604V
  • Linksys WRV200