Monday, January 27, 2014

[PACK] Password Analysis & Cracking Kit



PACK (Password Analysis and Cracking Toolkit) is a collection of utilities developed to aid in analysis of password lists in order to enhance password cracking through pattern detection of masks, rules, character-sets and other password characteristics. The toolkit generates valid input files for Hashcat family of password crackers.

NOTE: The toolkit itself is not able to crack passwords, but instead designed to make operation of password crackers more efficient.

Sunday, January 26, 2014

[EtherApe] A graphical network monitor


EtherApe is a graphical network monitor for Unix modeled after etherman. Featuring link layer, IP and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display.

It supports Ethernet, FDDI, Token Ring, ISDN, PPP, SLIP and WLAN devices, plus several encapsulation formats. It can filter traffic to be shown, and can read packets from a file as well as live from the network. Node statistics can be exported.


Overview of changes in EtherApe 0.9.13:


Central node option, useful for displaying routers or proxies.
Translations and documentation updates, plus some fixes.

OpenSUSE build service now provides binary packages for Fedora 17 and 18 and SLES 11 SP2.
Changes summary:
  • Optional central node, based on work of Javier Fernandez-Sanguino Peña.
  • re-enabled full-screen mode, thanks to nrvale0
  • Updated spanish translation, thanks to Javier Fernandez-Sanguino Peña.
  • Added German translation, and fixed typos, thanks to Chris Leick.
  • Updated documentation.

[Lazy-Kali] Bash Script for Kali Linux


A bash script for when you feel lazy.
Adds quite a few tools to Kali Linux.
  • Bleeding Edge Repos
  • AngryIP Scanner
  • Terminator
  • Xchat
  • Unicornscan
  • Nautilus Open Terminal
  • Simple-Ducky
  • Subterfuge
  • Ghost-Phisher
  • Yamas
  • PwnStar
  • Ettercap0.7.6
  • Xssf
  • Smbexec
  • Flash
  • Java
  • Easy-Creds
  • Java
... and more!
Lazy-Kali will also update Kali, Start Metaploit Services, Start Stop And Update Open-Vas 

Listado de Herramientas Forenses


ADQUISICIÓN Y ANÁLISIS DE LA MEMORIA 

Set de utilidades que permite la adquisición de la memoria ram para posteriormente hacer un análisis con ella.

pd Proccess Dumper - Convierte un proceso de la memoria a fichero.
FTK Imager - Permite entre otras cosas adquirir la memoria.
DumpIt - Realiza volcados de memoria a fichero.
Responder CE - Captura la memoria y permite analizarla.
Volatility - Analiza procesos y extrae información util para el analista.
RedLine - Captura la memoria y permite analizarla. Dispone de entrono gráfico.
Memorize - Captura la ram (Windows y OSX).


MONTAJE DE DISCOS

Utilidades para montar imágenes de disco o virtualizar unidades de forma que se tenga acceso al sistema de ficheros para posteriormente analizarla. 

ImDisk - Controlador de disco virtual.
OSFMount - Permite montar imágenes de discos locales en Windows asignando una letra de unidad.

raw2vmdk - Utilidad en java que permite convertir raw/dd a .vmdk

FTK Imager - Comentada anteriormente, permite realizar montaje de discos.
vhdtool - Convertidor de formato raw/dd a .vhd permitiendo el montaje desde el administrador de discos de Windows .
LiveView - Utilidad en java que crea una máquina virtual de VMware partiendo de una imagen de disco.
MountImagePro - Permite montar imágenes de discos locales en Windows asignando una letra de unidad

CARVING Y HERRAMIENTAS DE DISCO 

Recuperación de datos perdidos, borrados, búsqueda de patrones y ficheros con contenido determinado como por ejemplo imágenes, vídeos. Recuperación de particiones y tratamiento de estructuras de discos.


PhotoRec - Muy útil, permite la recuperación de imágenes y vídeo.
Scalpel -Independiente del sistema de archivos. Se puede personalizar los ficheros o directorios a recuperar.
RecoverRS - Recupera urls de acceso a sitios web y ficheros. Realiza carving directamente desde una imágen de disco. 
NTFS Recovery - Permite recuperar datos y discos aún habiendo formateado el disco.
Recuva - Utilidad para la recuperación de ficheros borrados.
Raid Reconstructor - Recuperar datos de un RAID roto, tanto en raid 5 o raid 0. Incluso si no conocemos los parámetros RAID.
CNWrecovery - Recupera sectores corruptos e incorpora utilidades de carving.
Restoration - Utilidad para la recuperación de ficheros borrados.
Rstudio - Recuperación de datos de cualquier sistema de disco NTFS, NTFS5, ReFS, FAT12/16/32, exFAT, HFS/HFS+ (Macintosh), Little y Big Endian en sus distintas variaciones UFS1/UFS2 (FreeBSD/OpenBSD/NetBSD/Solaris) y particiones Ext2/Ext3/Ext4 FS.
Freerecover - Utilidad para la recuperación de ficheros borrados.
DMDE - Admite FAT12/16, FAT32, NTFS, y trabaja bajo Windows 98/ME/2K/XP/Vista/7/8 (GUI y consola), DOS (consola), Linux (Terminal) e incorpora utilidades de carving.
IEF - Internet Evidence Finder Realiza carving sobre una imagen de disco buscando mas de 230 aplicaciones como chat de google, Facebook, IOS, memoria ram, memoria virtual,etc.


Bulk_extractor - Permite extraer datos desde una imagen, carpeta o ficheros.

UTILIDADES PARA EL SISTEMA DE FICHEROS

Conjunto de herramientas para el análisis de datos y ficheros esenciales en la búsqueda de un incidente.


analyzeMFT - David Kovar's utilidad en python que permite extraer la MFT
MFT Extractor- Otra utilidad para la extracción de la MFT 
INDXParse - Herramienta para los indices y fichero $I30.
MFT Tools (mft2csv, LogFileParser, etc.) Conjunto de utilidades para el acceso a la MFT 
MFT_Parser - Extrae y analiza la MFT
Prefetch Parser - Extrae y analiza el directorio prefetch
Winprefectchview - Extrae y analiza el directorio prefetch 

Fileassassin - Desbloquea ficheros bloqueados por los programas


ANÁLISIS DE MALWARE 

PDF Tools de Didier Stevens.
PDFStreamDumper - Esta es una herramienta gratuita para el análisis PDFs maliciosos.
SWF Mastah - Programa en Python que extrae stream SWF de ficheros PDF.
Proccess explorer - Muestra información de los procesos.
Captura BAT - Permite la monitorización de la actividad del sistema o de un ejecutable.
Regshot - Crea snapshots del registro pudiendo comparar los cambios entre ellos
Bintext - Extrae el formato ASCII de un ejecutable o fichero.
LordPE - Herramienta para editar ciertas partes de los ejecutables y volcado de memoria de los procesos ejecutados.
Firebug - Analisis de aplicaciones web.
IDA Pro - Depurador de aplicaciones.
OllyDbg - Desemsamblador y depurador de aplicaciones o procesos.
Jsunpack-n - Emula la funcionalidad del navegador al visitar una URL. Su propósito es la detección de exploits
OfficeMalScanner - Es una herramienta forense cuyo objeto es buscar programas o ficheros maliciosos en Office.
Radare - Framework para el uso de ingeniería inversa.
FileInsight - Framework para el uso de ingeniería inversa.
Volatility Framework con los plugins malfind2 y apihooks.
shellcode2exe - Conversor de shellcodes en binarios.


FRAMEWORKS


Conjunto estandarizado de conceptos, prácticas y criterios en base a el análisis forense de un caso.

PTK Busca ficheros, genera hash, dispone de rainbow tables. Analiza datos de un disco ya montado. 
Log2timeline - Es un marco para la creación automática de un super línea de tiempo.
Plaso - Evolución de Log2timeline. Framework para la creación automática de un super línea de tiempo.

OSForensics - Busca ficheros, genera hash, dispone de rainbow tables. Analiza datos de un disco ya montado.
DFF - Framework con entorno gráfico para el análisis.
SANS SIFT Workstation - Magnifico Appliance de SANS. Lo utilizo muy a menudo.
Autopsy - Muy completo. Reescrito en java totalmente para Windows. Muy útil.

ANÁLISIS DEL REGISTRO DE WINDOWS

Permite obtener datos del registro como usuarios, permisos, ficheros ejecutados, información del sistema, direcciones IP, información de aplicaciones.


RegRipper - Es una aplicación para la extracción, la correlación, y mostrar la información del registro.
WRR - Permite obtener de forma gráfica datos del sistema, usuarios y aplicaciones partiendo del registro.

Shellbag Forensics Análisis de los shellbag de windows.
Registry Decoder - Extrae y realiza correlación aun estando encendida la máquina datos del registro.



HERRAMIENTAS DE RED

Todo lo relacionado con el tráfico de red, en busca de patrones anómalos, malware, conexiones sospechosas, identificación de ataques, etc.


WireShark - Herramienta para la captura y análisis de paquetes de red.
NetworkMiner - Herramienta forense para el descubrimiento de información de red.
Netwitness Investigator - Herramienta forense. La versión 'free edition' está limitado a 1GB de tráfico.
Network Appliance Forensic Toolkit - Conjunto de utilidades para la adquisición y análisis de la red.
Xplico - Extrae todo el contenido de datos de red (archivo pcap o adquisición en tiempo real). Es capaz de extraer todos los correos electrónicos que llevan los protocolos POP y SMTP, y todo el contenido realizado por el protocolo HTTP.
Snort - Detector de intrusos. Permite la captura de paquetes y su análisis.
Splunk - Es el motor para los datos y logs que generan los dispositivos, puestos y servidores. Indexa y aprovecha los datos de las generados por todos los sistemas e infraestructura de IT: ya sea física, virtual o en la nube.
AlientVault - Al igual que Splunk recolecta los datos y logs aplicándoles una capa de inteligencia para la detección de anomalías, intrusiones o fallos en la política de seguridad.

RECUPERACIÓN DE CONTRASEÑAS

Todo lo relacionado con la recuperación de contraseñas en Windows, por fuerza bruta, en formularios, en navegadores.


Ntpwedit - Es un editor de contraseña para los sistemas basados ​​en Windows NT (como Windows 2000, XP, Vista, 7 y 8), se puede cambiar o eliminar las contraseñas de cuentas de sistema local. No valido para Active Directory.
Ntpasswd - Es un editor de contraseña para los sistemas basados ​​en Windows, permite iniciar la utilidad desde un CD-LIVE
pwdump7 - Vuelca los hash. Se ejecuta mediante la extracción de los binarios SAM.
SAMInside / OphCrack / L0phtcrack- Hacen un volcado de los hash. Incluyen diccionarios para ataques por fuerza bruta.



DISPOSITIVOS MÓVILES

Esta sección dispone de un set de utilidades y herramientas para la recuperación de datos y análisis forense de dispositivos móviles. He incluido herramientas comerciales dado que utilizo algunas de ellas y considero que son muy interesantes e importantes.


iPhone

iPhoneBrowser - Accede al sistema de ficheros del iphone desde entorno gráfico.
iPhone Analyzer - Explora la estructura de archivos interna del iphone.
iPhoneBackupExtractor - Extrae ficheros de una copia de seguridad realizada anteriormente.
iPhone Backup Browser - Extrae ficheros de una copia de seguridad realizada anteriormente.
iPhone-Dataprotection - Contiene herramientas para crear un disco RAM forense, realizar fuerza bruta con contraseñas simples (4 dígitos) y descifrar copias de seguridad.
iPBA2 - Accede al sistema de ficheros del iphone desde entorno gráfico.

sPyphone - Explora la estructura de archivos interna.

BlackBerry

Blackberry Desktop Manager - Software de gestión de datos y backups.
Phoneminer - Permite extraer, visualizar y exportar los datos de los archivos de copia de seguridad.
Blackberry Backup Extractor - Permite extraer, visualizar y exportar los datos de los archivos de copia de seguridad.

MagicBerry - Puede leer, convertir y extraer la base de datos IPD.

Android

android-locdump. - Permite obtener la geolocalización.

androguard - Permite obtener, modificar y desensamblar formatos DEX/ODEX/APK/AXML/ARSC
viaforensics - Framework de utilidades para el análisis forense.

Osaf - Framework de utilidades para el análisis forense.

PRODUCTOS COMERCIALES

No podían faltar. Disponer de estas herramientas es una maravilla y un lujo el poder utilizarlas. Rápidas y concisas. Lo peor en alguna de ellas es el precio.

[XSS Shell] XSS Backdoor and Zombie Manager



XSS Shell is powerful a XSS backdoor and zombie manager. This concept first presented by “XSS-Proxy – http://xss-proxy.sourceforge.net/”. Normally in XSS attacks attacker has one shot, in XSS Shell you can interactively send requests and get responses from victim. you can backdoor the page.

Download

This package includes the latest version of XSS Shell and XSSTunnel. XSS Shell can be used without XSS Tunnel, however you’ll get more out of it with XSS Tunnel.
Download XSS Shell and XSS Tunnel

Features

XSS Shell has several features to gain whole access over victim. Also you can simply add your own commands.
Most of the features can enable or disabled from configuration or can be tweaked from source code.
  • Regenerating Pages
    • This is one of the key and advanced features of XSS Shell. XSS Shell re-renders the infected page and keep user in virtual environment. Thus even user click any links in the infected page he or she will be still under control! (within cross-domain restrictions) In normal XSS attacks when user leaves the page you can’t do anything
    • Secondly this feature keeps the session open so even victim follow an outside link from infected page session is not going to timeout and you will be still in charge.
  • Keylogger
  • Mouse Logger (click points + current DOM)
  • Built-in Commands;
    • Get Keylogger Data
    • Get Current Page (Current rendered DOM / like screenshot)
    • Get Cookie
    • Execute supplied javaScript (eval)
    • Get Clipboard (IE only)
    • Get internal IP address (Firefox + JVM only)
    • Check victim’s visited URL history

[ExifTool] Read, Writing Meta Information Tools

ExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files.ExifTool supports many different metadata formats including EXIF, GPS, IPTC, XMP, JFIF, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP and ID3, as well as the maker notes of many digital cameras by Canon, Casio, FLIR, FujiFilm, GE, HP, JVC/Victor, Kodak, Leaf, Minolta/Konica-Minolta, Nikon, Olympus/Epson, Panasonic/Leica, Pentax/Asahi, Phase One, Reconyx, Ricoh, Samsung, Sanyo, Sigma/Foveon and Sony.


Features


  •     Powerful, fast, flexible and customizable
  •     Supports a large number of different file formats
  •     Reads EXIF, GPS, IPTC, XMP, JFIF, MakerNotes, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP, ID3 and more...
  •     Writes EXIF, GPS, IPTC, XMP, JFIF, MakerNotes, ICC Profile, Photoshop IRB, AFCP and more...
  •     Reads and writes maker notes of many digital cameras
  •     Decodes a riddle wrapped in a mystery inside an enigma
  •     Numerous output formatting options (including tab-delimited, HTML, XML and JSON)
  •     Multi-lingual output (cs, de, en, en-ca, en-gb, es, fi, fr, it, ja, ko, nl, pl, ru, sv, tr, zh-cn or zh-tw)
  •     Geotags images from GPS track log files (with time drift correction!)
  •     Generates track logs from geotagged images
  •     Shifts date/time values to fix timestamps in images
  •     Renames files and organizes in directories (by date or by any other meta information)
  •     Extracts thumbnail images, preview images, and large JPEG images from RAW files
  •     Copies meta information between files (even different-format files)
  •     Reads/writes structured XMP information
  •     Deletes meta information individually, in groups, or altogether
  •     Sets the file modification date (and creation date in Windows) from EXIF information
  •     Supports alternate language tags in XMP, PNG, ID3, Font, QuickTime, ICC Profile, MIE and MXF information
  •     Processes entire directory trees
  •     Creates text output file for each image file
  •     Creates binary-format metadata-only (MIE) files for metadata backup
  •     Automatically backs up original image when writing
  •     Organizes output into groups
  •     Conditionally processes files based on value of any meta information
  •     Ability to add custom user-defined tags
  •     Support for MWG (Metadata Working Group) recommendations
  •     Recognizes thousands of different tags
  •     Tested with images from thousands of different camera models
  •     Advanced verbose and HTML-based hex dump outputs


[Games Key Decryptor] Tool to Recover License/CD Keys of Popular Games


Games Key Decryptor is the Free all-ine-one Tool to instantly recover License Keys of popular Gaming Softwares. 

It automatically detects and recovers the license/CD key of all the supported Games installed on your system. Currently it supports around 50 PC Gaming softwares including Battlefield, Call of Duty, FIFA, NFS, Age of Empires, Quake, The Sims, Half-Life, IGI, Star Wars and many more.

After the successful recovery you can backup the CD Key list to HTML/XML/TEXT/CSV file. You can also right click on any of the displayed license key to quickly copy it.

New version v2.0 includes support for command-line making it suitable for automation and remote license key recovery.

It works on both 32 bit & 64 bit platforms starting from Windows XP to latest operating system, Windows 8.

Saturday, January 25, 2014

[Windbgshark] Windbg extension for VM traffic manipulation and analysis



This project includes an extension for the windbg debugger as well as a driver code, which allow you to manipulate the virtual machine network traffic and to integrate the wireshark protocol analyzer with the windbg commands.

The motivation of this work came from the intention to find a handy general-purpose way to debug network traffic flows under the Windows OS for the purposes of dynamic software testing for vulnerabilities, for reverse engineering of software and just for fun.

Theory of operation

The main idea is to rely on the Windows Filtering Platform capability to inspect traffic at the application level of OSI (however, the method works well on any level introduced by the WFP API). This gives us a way to intercept and modify any data, which goes through the Windows TCP/IP stack (even the localhost traffic), regardless of the application type and transport/network protocol. Modification and reinjection also work excellent: the operating systems does all the dirty work, reconstructing the transport and network layer headers, for example, as if we were sending the data from the usermode winsock application.

This tool needs a virtualized enviroment (it works fine with VMWare Workstation now) with windbg connected to the virtual machine as a kernel debugger. Installation is done in two steps: driver installation and extension loading in windbg. Driver intercepts network traffic, allows the windbg to modify it, and then reinjects packets back into the network stack. The extension on its turn implements simple interface for packet edit and also uses Wireshark to display data flows. The extension is executed on the host machine, while the driver is located on the virtual machine. To interact with its driver, windbg extension sets the corresponding breakpoints with its own callbacks right inside the driver code. Every time a packet comes in or out, a breakpoint is hit and the windbgshark extracts the app-level payload of the current packet, constructs a new pcap record and sends it to Wireshark. Before the packet is reinjected back, user may modify it, and the Wireshark will re-parse and show the modified record.

[MailPasswordDecryptor v4.0] All-in-one eMail Password Recovery Software


Mail Password Decryptor is the FREE software to instantly recover Mail Account passwords from popular email clients and other desktop applications.

You can recover your lost password for email accounts like Gmail, Yahoo Mail, Hotmail or Windows Live Mail from email applications such as Microsoft Outlook, Thunderbird, IncrediMail, GTalk & many more.

MailPasswordDecryptor automatically crawls through each of these applications and instantly recovers all of the stored mail account passwords.

It presents both GUI interface & command line in a single software making it useful for Penetration testers as  well as Forensic investigators.

Current Mega release supports password recovery from Outlook 2013, Windows Live Mail 2012, Foxmail v7.x

It works on both 32-bit & 64-bit platforms starting from Windows XP to latest operating system Windows 8.

[SPS] Simple Packet Sender



A Linux packet crafting tool. Supports IPv4, IPv6 including extension headers, and tunneling IPv6 over IPv4. Written in C on Linux with GUI built using GTK+ and released under GPLv3. Does not require pcap.

Features:

Packet crafting and sending one, multiple, or flooding IPv4 and IPv6 packets of type TCP, ICMP, or UDP (or cycle through all three). All values within ethernet frame can be modified arbitrarily. Supports IPv4 header options, TCP header options, and TCP, ICMP and UDP data as well, input from either: keyboard as UTF-8/ASCII, keyboard as hexadecimal, or from file.

IPv6 support includes: hop-by-hop, "first" and "last" destination, routing, authentication, and encapsulating security payload (ESP) extension headers. For those without access to a native IPv6 network, IPv6 packets can be transmitted over IPv4 (6to4).

Packet fragmentation for IPv4, IPv6, and 6to4. Assumed maximum transmission unit (MTU) can be changed if unusual fragment sizes are needed.

IP addresses and port numbers can be randomized.

A configurable traceroute function, which supports TCP, ICMP, and UDP packets with all the features mentioned above.

View packets in hexadecimal/ASCII representation, in both unfragmented and fragmented forms.
All packet settings can be saved to and loaded from file.

IP and ASN delegation functions, including: country name/code search and reverse-search, autonomous system (AS) number search by country and reverse-search,  IPv4 and IPv6 address delegation search and reverse-search.

ARP (IPv4) and Neighbor Discovery (IPv6) for querying a LAN for MAC addresses of local nodes.
Retrieve MAC address and current MTU setting of any attached network interface.

Domain name resolution and reverse resolution.

[Download Hash Verifier] Quickly Verify Integrity (MD5/SHA256 Hash) of Downloaded File


Download Hash Verifier is the FREE tool to verify the integrity of your downloaded file.

It makes file hash verification easier and quicker with its smart features such as 'Auto Hash Detection', 'Drag & Drop File', 'Instant copy from Clipboard' etc

Hash verification is a standard mechanism used to verify that downloaded file is original and not tempered. Often it happens that hackers modify the download files on the server and plant it with trojans/spywares.

Upon downloading and installing such softwares your PC will get infected eventually. To prevent such things, websites generally publish MD5 or SHA256 hash of the original file so that you can verify the same after you have downloaded the file. This will ensure that in case of any tempering with the file, end user will come to know about it and possibly alert the website administrator.

DownloadHashVerifier is designed to make this verification task easier and faster for end users. It supports both MD5 and SHA256 hash verification methods so you don't have to use multiple tools. Also it can automatically differentiate between MD5 & SHA256 hash methods without user explicitly mentioning it

It works on wide range of platforms starting from Windows XP to latest operating system Windows 8.

[Netsparker v3.2] Web Application Security Scanner


Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology they are built on, just like an actual attacker.

It can identify web application vulnerabilities like SQL Injection, Cross-site Scripting (XSS), Remote Code Execution and many more. It has exploitation built on it, for example you can get a reverse shell out of an identified SQL Injection or extract data via running custom SQL queries.

The main highlight of this version is the web services scanner; now scan and identify vulnerabilities and security issues in web services automatically and easily.

Changelog v3.2

New Features
  • Ability to scan SOAP web services for security issues and vulnerabilities
  • Request and Response viewers to view HTTP requests/responses like XML and JSON tree views
  • New knowledge base node that will include all AJAX/XML HTTP Requests
  • New value matching options for form values other than regex pattern (exact, contains, starts, ends)
  • New report template for parsing source information Crawled URLs List (CSV)
New Security Checks
  • Added attack patterns for LFI vulnerability which is revealed with only backslashes in file path
  • Added Programming Error Message vulnerability detection for SOAP faults
  • Added AutoComplete vulnerability for password inputs
  • NuSOAP version disclosure
  • NuSOAP version check
Improvements
  • Improved XSS vulnerability confirmation
  • Improved Generic Source Code Disclosure security check by excluding JavaScript and CSS resources
  • Added latest version custom field for the version vulnerabilities
  • Added standard context menus to text editors
  • Sitemap tree will displan nodes of JSON, XML and SOAP requests and responses with no parameters
  • Added force option to form value settings to enforce user specified values
  • Optimized attack patterns for JSON and XML attacks by reducing attack requests
  • Optimized Common Directories list and removed the limit for Extensive Security Checks policy
  • Improved the license dialog to show whether a license is missing or expired
Fixes
  • Fixed update dialog to not show on autopilot mode
  • Fixed an interim auto update crash
  • Fixed typo in Out of Scope Links knowledge base report template
  • Fixed an issue in LFI exploiter where XML tags with namespace prefixes was preventing exploitation
  • Fixed Controlled Scan button disabled issue for some sitemap nodes
  • Fixed parameter anchors in Vulnerability Summary table of Detailed Scan Report template
  • Fixed form authentication wizard to use user agent set on currently selected policy
  • Fixed zero response time issue for some sitemap nodes
  • Fixed dashboard progress bar showing 100%
  • Fixed random crashes on license dialog while loading license file or closing dialog
  • Fixed Microsoft Anti-XSS Library links on vulnerability references

Thursday, January 23, 2014

[GoldenEye v2.0] DoS Tool



GoldenEye is a HTTP/S Layer 7 Denial-of-Service Testing Tool. It uses KeepAlive (and Connection: keep-alive) paired with Cache-Control options to persist socket connection busting through caching (when possible) until it consumes all available sockets on the HTTP/S server.

Usage
USAGE: ./goldeneye.py <url> [OPTIONS]

OPTIONS:
Flag Description Default
-t, --threads Number of concurrent threads (default: 500)
-m, --method HTTP Method to use 'get' or 'post' or 'random' (default: get)
-d, --debug Enable Debug Mode [more verbose output] (default: False)
-h, --help Shows this help

Changelog v2.0

  • 2013-03-26 Changed from threading to multiprocessing. Threading is bad because its subject to GIL.
  • 2012-12-09 Initial release

[Autopsy] Digital Investigation Analysis


Autopsy® is a digital forensics platform and graphical interface to The Sleuth Kit® and other digital forensics tools. It can be used by law enforcement, military, and corporate examiners to investigate what happened on a computer. You can even use it to recover photos from your camera's memory card.

Analysis Features

Below is the list of Autopsy features.
  • Timeline Analysis: Displays system events in a graphical interface to help identify activity.
  • Keyword Search: Text extraction and index searched modules enable you to find files that mention specific terms and find regular expression patterns.
  • Web Artifacts: Extracts web activity from common browsers to help identify user activity.
  • Registry Analysis: Uses RegRipper to identify recently accessed documents and USB devices.
  • LNK File Analysis: Identifies short cuts and accessed documents
  • Email Analysis: Parses MBOX format messages, such as Thunderbird.
  • EXIF: Extracts geo location and camera information from JPEG files.
  • File Type Sorting: Group files by their type to find all images or documents.
  • Media Playback: View videos and images in the application and not require an external viewer.
  • Thumbnail viewer: Displays thumbnail of images to help quick view pictures.
  • Robust File System Analysis: Support for common file systems, including NTFS, FAT12, FAT16, FAT32, HFS+, ISO9660 (CD-ROM), Ext2, Ext3, and UFS from The Sleuth Kit.
  • Hash Set Filtering: Filter out known good files using NSRL and flag known bad files using custom hashsets in HashKeeper, md5sum, and EnCase formats.
  • Tags: Tag files with arbitrary tag names, such as 'bookmark' or 'suspicious', and add comments.
  • Unicode Strings Extraction: Extracts strings from unallocated space and unknown file types in many languages (Arabic, Chinese, Japanese, etc.).

Input Formats

Autopsy analyzes disk images, local drives, or a folder of local files. Disk images can be in either raw/dd or E01 format. E01 support is provided by libewf.

Reporting

Autopsy has an extensible reporting infrastructure that allows additional types of reports for investigations to be created. By default, an HTML, XLS, and Body file report are available. Each are configurable depending on what information an investigator would like included in their report:
  • HTML and Excel: The HTML and Excel reports are intended to be fully packaged and shareable reports. They can include references to tagged files along with comments and notes inserted by the investigator as well as other automated searches that Autopsy performs during ingest. These include bookmarks, web history, recent documents, keyword hits, hashset hits, installed programs, devices attached, cookies, downloads, and search queries.
  • Body File: Primarily for use in timeline analysis, this file will include MAC times for every file in an XML format for import by external tools, such as mactime in The Sleuth Kit.
An investigator can generate more than one report at a time and either edit one of the existing or create a new reporting module to customize the behavior for their specific needs.

[Facebook Password Decryptor] Recover Lost Facebook Login Password Tool



Facebook Password Decryptor is the FREE software to instantly recover Facebook account passwords stored by popular Web Browsers and Messengers.

It is one of our most popular software with over One Million Downloads worldwide.


Here is the complete list of supported applications. 
  • Internet Explorer (v4.0 - v10.0)
  • Firefox
  • Google Chrome
  • Chrome Canary/SXS
  • CoolNovo Browser
  • Opera Browser
  • Apple Safari
  • Flock Browser
  • Comodo Dragon Browser
  • SeaMonkey Browser
  • Paltalk Messenger
  • Miranda Messenger

It is very easy to use and particularly more useful for Penetration testers and Forensic investigators.

[Wireless IDS] Ability to detect suspicious activity such as (WEP/WPA/WPS) attack by sniffing the air for wireless packets



Wireless IDS is an open source tool written in Python and work on Linux environment. This tool will sniff your surrounding air traffic for suspicious activities such as WEP/WPA/WPS attacking packets. It do the following
  • Detect mass deauthentication sent to client / access point which unreasonable amount indicate possible WPA attack for handshakes.
  • Continual sending data to access point using broadcast MAC address which indicate a possibility of WEP attacks
  • Unreasonable amount of communication between wireless client and access point using EAP authentication which indicate the possibility of WPS bruteforce attack by Reaver / WPSCrack
  • Detection of changes in connection to anther access point which may have the possibility of connection to Rogue AP (User needs to assess the situation whether similar AP name)

Wednesday, January 22, 2014

[Firefox Password Remover v1.5] Firefox Website Login Password Removal Tool


Firefox Password Remover is the free tool to quickly remove the stored website login passwords from Firefox.

You can either remove selected ones or all of the stored passwords from the Firefox sign-on database.
One of the unique feature of this tool is that it allows you to remove the website passwords even if it is protected with Master Password.

In addition to this, you can also generate password report in HTML/XML/TEXT/CSV format. This is useful for creating backup before proceeding with deletion of passwords.
Also it supports removal of passwords from different Firefox profiles either on local system or any other system with different Operating system (such as Linux, MAC etc).

This is very handy tool for easily removing your stored passwords on public systems or shared computers. Often it is not good idea to hand over your laptop to someone without clearing your important passwords, mainly Facebook or Google ones.

Firefox Password Remover supports all versions of Firefox including latest version v25.0. It works on both 32bit & 64bit platforms starting from Windows XP to Windows 8.

[tcpxtract] Tool for Extracting Files from Network Traffic


tcpxtract is a tool for extracting files from network traffic based on file signatures. Extracting files based on file type headers and footers (sometimes called "carving") is an age old data recovery technique. Tools like Foremost employ this technique to recover files from arbitrary data streams. Tcpxtract uses this technique specifically for the application of intercepting files transmitted across a network. Other tools that fill a similar need are driftnet and EtherPEG. driftnet and EtherPEG are tools for monitoring and extracting graphic files on a network and is commonly used by network administrators to police the internet activity of their users. The major limitations of driftnet and EtherPEG is that they only support three filetypes with no easy way of adding more. The search technique they use is also not scalable and does not search across packet boundries. tcpxtract features the following:

Supports 26 popular file formats out-of-the-box. New formats can be added by simply editing its config file.

  • With a quick conversion, you can use your old Foremost config file with tcpxtract.
  • Custom written search algorithm is lightning fast and very scalable.
  • Search algorithm searches across packet boundries for total coverage and forensic quality.
  • Uses libpcap, a popular, portable and stable library for network data capture.
  • Can be used against a live network or a tcpdump formatted capture file.

Adzok - Administrador Remoto hecho en Java


Adzok Free esta basado en Adzok Open, es la edición que continuará el desarrollo de Adzok Open. Adzok Free será de codigo cerrado pero gratís.

Caracteristicas del Cliente

- Remote Desktop.
- Remote Shell.
- Upload and Download Files.
- Keylogger Online.
- Send Messages.
- Load and Run Script.
- Information System.
- Send Keys.
- Clipboard.
- Fun (Restart, Shutdown, Visit WebSite, Execute Command Shell, etc).

- Escucha en 3 puertos.
- El envio de información y la tranferencia de datos se realiza solo por 1 puerto.
- No necesita instalación pero es necesario que la maquina tenga instalado Java.
- Sistema de conexión inversa.
- Carpeta de descarga por cada usuario.
- Independiente al Sistema Operativo en teoria puede funcionar en cualquier Sistema   Operativo que tenga instalado Java.
- Generador del server.
- Desinstalador del server.

Caracteristicas del Servidor


Optimizado para: Windows XP, Windows Vista, Windows 7.
  • Keylogger solo esta disponible en todas las versiones de Windows (32 y 64 bits).
- Unico server para todos los sistemas operativos.
- No necesita instalación pero es necesario que la maquina tenga instalado Java.
- Mutex (Evita que se ejecute 2 veces el servidor), pero continuará mostrando la imagen de su empresa manteniendose invisible el server para el usuario.
- Tamaño del server: 54 KB (Sin comprimir).


[AIEngine] Artificial Inteligent Engine

AIEngine is a packet inspection engine with capabilities of learning without any human intervention.

AIEngine helps network/security profesionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.


Using AIEngine

To use AIEngine just execute the binary aiengine:
luis@luis-xps:~/c++/aiengine/src$ ./aiengine -h
iaengine 0.2
Mandatory arguments:
-I [ --interface ] arg Sets the network interface.
-P [ --pcapfile ] arg Sets the pcap file or directory with pcap
files.

Link Layer optional arguments:
-q [ --tag ] arg Selects the tag type of the ethernet layer (vlan,mpls).

TCP optional arguments:
-t [ --tcp-flows ] arg (=32768) Sets the number of TCP flows on the pool.

UDP optional arguments:
-u [ --udp-flows ] arg (=16384) Sets the number of UDP flows on the pool.

Regex optional arguments:
-R [ --enable-signatures ] Enables the Signature engine.
-r [ --regex ] arg (=.*) Sets the regex for evaluate agains the flows.
-c [ --flow-class ] arg (=all) Uses tcp, udp or all for matches the signature
on the flows.

Frequencies optional arguments:
-F [ --enable-frequencies ] Enables the Frequency engine.
-g [ --group-by ] arg (=dst-port) Groups frequencies by src-ip,dst-ip,src-por
t and dst-port.
-f [ --flow-type ] arg (=tcp) Uses tcp or udp flows.
-L [ --enable-learner ] Enables the Learner engine.
-k [ --key-learner ] arg (=80) Sets the key for the Learner engine.

Optional arguments:
-k [ --stack ] arg (=lan) Sets the network stack (lan,mobile,lan6).
-d [ --dumpflows ] Dump the flows to stdout.
-s [ --statistics ] arg (=0) Show statistics of the network stack (5 levels).
-p [ --pstatistics ] Show statistics of the process.
-h [ --help ] Show help.
-v [ --version ] Show version string.

[Rakabulle] Advance File Binder from DarkComet RAT Developer


File binder is an application that allows a user to bind multiple files together, resulting in a single executable file. When you execute that single application, all previous merged files will be extracted to a temporary location, and will be executed normally.
"The builder Rakabulle application will create a stub and inject in its resource the target files to extract and execute. The stub is the little generate part of the program which is designed to extract from its resource the target files to a temporary location and execute. In our application the stub also got a part to inject in Explorer or Internet Explorer process and load custom made plugins.

Listed features are:
  • File binder, auto file extractor and executor.
  • REM (Remote Code Execution), Execute code (Plugins) in target process (Explorer or Internet Explorer)
  • Support 32 and 64 Process.
  • The application is a 32bit Application (Soon we will compile the 64bit version)
  • Support UPX compression for the stub (Without compression stub size is about 38KiB using pure Windows API no extra libraries; with compression stub size is approximately 16KiB) The UPX compression doesn’t change the way the application work only the final size.
  • Support Windows startup.
  • Doesn’t require administrative privileges.
  • Plugins and File list support drag and drop.
  • Support plugins with an open source example.
  • The stub and the builder are coded using Unicode encoding.

[IPv6 Toolkit v1.5.2] A security assessment and troubleshooting tool for the IPv6 protocols

A security assessment and troubleshooting tool for the IPv6 protocols.

Changelog v1.5.2

  • Add support for GNU Debian/kfreebsd. The toolkit would not build on GNU Debian/kfreebsd before this release.
  • Add support for TCP/IPv6 probes. tcp6 can now send TCP/IPv6 packets (“–probe-mode” option), and read the TCP response packets, if any. This can be leveraged for port scans, and miscellaneous measurements.
Supported platforms
  • The following platforms are supported: FreeBSD, NetBSD, OpenBSD, Linux, and Mac OS.

List of Tools and Manual Pages

  • flow6: A tool to perform a security asseessment of the IPv6 Flow Label.
  • frag6: A tool to perform IPv6 fragmentation-based attacks and to perform a security assessment of a number of fragmentation-related aspects.
  • icmp6: A tool to perform attacks based on ICMPv6 error messages.
  • jumbo6: A tool to assess potential flaws in the handling of IPv6 Jumbograms.
  • na6: A tool to send arbitrary Neighbor Advertisement messages.
  • ni6: A tool to send arbitrary ICMPv6 Node Information messages, and assess possible flaws in the processing of such packets.
  • ns6: A tool to send arbitrary Neighbor Solicitation messages.
  • ra6: A tool to send arbitrary Router Advertisement messages.
  • rd6: A tool to send arbitrary ICMPv6 Redirect messages.
  • rs6: A tool to send arbitrary Router Solicitation messages.
  • scan6: An IPv6 address scanning tool.
  • tcp6: A tool to send arbitrary TCP segments and perform a variety of TCP-based attacks.

[MAC Address Scanner v1.5] Desktop Tool to Find MAC address of Remote Computers on Local Network


MAC Address Scanner is the free desktop tool to remotely scan and find MAC Address of all systems on your local network.

It allows you to scan either a single host or range of hosts at a time. During the scan, it displays the current status for each host. After the completion, you can generate detailed scan report in HTML/XML/TEXT/CSV format.

Note that you can find MAC address for all systems within your subnet only. For all others, you will see the MAC address of the Gateway or Router.

On certain secure WiFi configurations with MAC filtering enabled, this tool can help Pentesters to find out active MAC addresses and then use them to connect to such wireless network.

Being GUI based tool makes it very easy to use for all level of users including beginners.

It is fully portable and works on all platforms starting from Windows XP to Windows 8.