Tuesday, December 31, 2013

Bozok RAT 1.5



After ~2 months I am proud to announce that Bozok reached version 1.5. In this version i tried to fix all reported bugs and implement audiocapture which many people asked for.
Changelog:
-added russian
-added korean
-fixed webcam device list bug
-fixed DEP problem on webcam/screen
-handshake bug fixed
-plugin loading bug fixed
-installation to system32 tweakened
-audiocapture added

[Malheur v0.5.4] Malware Analyzer


Malheur is a tool for the automatic analysis of malware behavior (program behavior recorded from malicious software in a sandbox environment). It has been designed to support the regular analysis of malicious software and the development of detection and defense measures. Malheur allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes.

Analysis of malware behavior?

Malheur builds on the concept of dynamic analysis: Malware binaries are collected in the wild and executed in a sandbox, where their behavior is monitored during run-time. The execution of each malware binary results in a report of recorded behavior. Malheur analyzes these reports for discovery and discrimination of malware classes using machine learning.

Malheur can be applied to recorded behavior of various format, as long as monitored events are separated by delimiter symbols, for example as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox and Joebox
.

[TheHarvester v2.2] The Information Gathering Suite


The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.

This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization.

This is a complete rewrite of the tool with new features like:
  • Time delays between request
  • All sources search
  • Virtual host verifier
  • Active enumeration (DNS enumeration, Reverse lookups, TLD expansion)
  • Integration with SHODAN computer database, to get the open ports and banners
  • Save to XML and HTML
  • Basic graph with stats
  • New sources
Passive discovery:
Google: google search engine - www.google.com
Google-profiles: google search engine, specific search for Google profiles
Bing: microsoft search engine - www.bing.com
Bingapi: microsoft search engine, through the API (you need to add your Key in the discovery/bingsearch.py file)
Pgp: pgp key server - pgp.rediris.es
Linkedin: google search engine, specific search for Linkedin users
Shodan: Shodan Computer search engine, will search for ports and banner of the discovered hosts 
Vhost: Bing virtual hosts search

Active discovery:
DNS brute force: this plugin will run a dictionary brute force enumeration
DNS reverse lookup: reverse lookup of ip´s discovered in order to find hostnames
DNS TDL expansion: TLD dictionary brute force enumeration
Please read the README file for more information. 

[Hashcat v0.47] The world’s fastest CPU-based password recovery tool


Hashcat is the world’s fastest CPU-based password recovery tool.

While it’s not as fast as its GPU counterparts oclHashcat-plus and oclHashcat-lite, large lists can be easily split in half with a good dictionary and a bit of knowledge of the command switches.

Changelog v0.47
  • added -m 123 = EPi
  • added -m 1430 = sha256(unicode($pass).$salt)
  • added -m 1440 = sha256($salt.unicode($pass))
  • added -m 1441 = EPiServer 6.x >= v4
  • added -m 1711 = SSHA-512(Base64), LDAP {SSHA512}
  • added -m 1730 = sha512(unicode($pass).$salt)
  • added -m 1740 = sha512($salt.unicode($pass))
  • added -m 7400 = SHA-256(Unix)
  • added -m 7600 = Redmine SHA1
  • debug mode can now be used also together with -g, generate rule
  • support added for using external salts together with mode 160 = HMAC-SHA1 (key = $salt)
  • allow empty salt/key for HMAC algos
  • allow variable rounds for hash modes 500, 1600, 1800, 3300, 7400 using rounds= specifier
  • added –generate-rules-seed, sets seed used for randomization so rulesets can be reproduced
  • added output-format type 8 (position:hash:plain)
  • updated/added some hcchr charset files in /charsets, some new files: Bulgarian, Polish, Hungarian
  • format output when using –show according to the –outfile-format option
  • show mask length in status screen
  • –disable-potfile in combination with –show or –left resulted in a crash, combination was disallowed
Features
  • Multi-Threaded
  • Free
  • Multi-Hash (up to 24 million hashes)
  • Multi-OS (Linux, Windows and OSX native binaries)
  • Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, …)
  • SSE2, AVX and XOP accelerated
  • All Attack-Modes except Brute-Force and Permutation can be extended by rules
  • Very fast Rule-engine
  • Rules compatible with JTR and PasswordsPro
  • Possible to resume or limit session
  • Automatically recognizes recovered hashes from outfile at startup
  • Can automatically generate random rules
  • Load saltlist from external file and then use them in a Brute-Force Attack variant
  • Able to work in an distributed environment
  • Specify multiple wordlists or multiple directories of wordlists
  • Number of threads can be configured
  • Threads run on lowest priority
  • Supports hex-charset
  • Supports hex-salt
  • 90+ Algorithms implemented with performance in mind
  • …and much more

[Ghost Phisher v1.5] GUI suite for phishing and penetration attacks


Ghost Phisher is an application of security which comes built-in with a fake DNS server , DHCP server fake, fake HTTP Server and also has a space for the automatic capture and recording credentials HTTP method of the form to a database. The program could be used for on-demand service of DHCP, DNS, or requests of the phishing attacks.
The Software runs on any Linux machine with the programs prerequisites, But the program has been tested on the following Linux based operating systems:
  • Ubuntu KDE/GNOME
  • BackTrack Linux
  • BackBox Linux 


Prerequisites

The Program requires the following to run properly:
The following dependencies can be installed using the Debian package installer command on Debian based systems using "apt-get install program" or otherwise downloaded and installed manually
  • Aircrack-NG
  • Python-Scapy
  • Python Qt4
  • Python
  • Subversion
  • Xterm
  • Metasploit Framework (Optional)

Features
Ghost Phisher currently supports the following features:
  • HTTP Server
  • Inbuilt RFC 1035 DNS Server
  • Inbuilt RFC 2131 DHCP Server
  • Webpage Hosting and Credential Logger (Phishing)
  • Wifi Access point Emulator
  • Session Hijacking (Passive and Ethernet Modes)
  • ARP Cache Poisoning (MITM and DOS Attacks)
  • Penetration using Metasploit Bindings
  • Automatic credential logging using SQlite Database
  • Update Support

[Kacak] Enumerate Users in Subnets


Kacak is a tool that can enumerate users specified in the configuration file for windows based networks. It uses metasploit smb_enumusers_domain module in order to achieve this via msfrpcd service. If you are wondering what the msfrpcd service is, please look at the https://github.com/rapid7/metasploit-framework/blob/master/documentation/msfrpc.txt . It also parse mimikatz results.


[Pengowin] Repositorio de herramientas de seguridad para Windows


Un repositorio de mas de 200 herramientas relacionadas con todas las áreas de seguridad informática, actualizadas hasta la ultima versión disponible a la salida (27/11/2013) y algunas tools clásicas que fueron proyectos abandonados o discontinuos pero aun sirven.

Todo empieza hace 5 años, a través de los cursos que ofrezco, en los cuales los alumnos que no tenían conocimientos de Linux, estaban desesperados por realizar las mismas técnicas de Ethical Hacking, Análisis forense o Wireless Hacking, con programas que sean FULLWIN.

Esta incomodidad, la de no encontrar "la herramienta", la de estar acostumbrado a usar buscadores o la de "consultar", me convenció que se necesita tener la posibilidad de que todos tengan lo necesario para poder trabajar/estudiar.

Mas de 200 programas relacionados con Seguridad Informática, Análisis Forense,Wireless Security, preparadas para fases como Reconocimiento, Scanning, Metadatos,Criptografia, Cracking, Esteganografia, Virtualizacion, Vulnerabilidades, etc.

Casi el 80% actualizado hasta el 27 de noviembre del 2013, el otro 20% son programas que no se pueden actualizar mas, por discontinuo o abandonado, aunque igualmente sirven y mucho!!!!

Dentro del mismo DVD, hay unos listados de todas las herramientas disponibles, y a continuación el link original de la URL original de la herramienta, para que podamos estar al tanto de donde buscarla y actualizarla en caso de ser necesario.

Espero que puedan disfrutar de este proyecto que costo bastante, probar constantemente, no dormir, copiar y borrar, no dormir, comparar, no dormir, etc etc etc. (aaah, no dormir)

Cualquier consulta, duda o criticas, pueden encontrarme en los canales habituales.

Su manera de usarlo es muy sencilla, ponen el DVD, seleccionan la carpeta que les interese, click en el ejecutable y listo, se instalara como el programa este definido.

DISCLAIMER: TENER EN CUENTA QUE NO SE MODIFICO NADA, SON COPIAS EXACTAS BAJADAS DE LOS SITIOS ORIGINALES, SE RESPETA LA INTEGRIDAD DE LAS MISMAS, DENTRO DEL MISMO DVD ESTÁN LOS INDICES QUE MUESTRAN LAS URLs ORIGINALES DONDE SE BAJARON LAS MISMAS.

NO NOS HACEMOS RESPONSABLES POR LA MALA INSTALACIÓN, POR DAÑO EN EL EQUIPO INSTALADO, POR EL MAL USO NI POR LOS PROGRAMAS EN SI, DADO QUE LOS ÚNICOS RESPONSABLES SON LOS CREADORES DE LOS PROGRAMAS

LO QUE SE OFRECE EN FORMA TOTALMENTE GRATUITA, ES UN DVD REPOSITORIO DE TOOLS SECURITY

No soy de pedir nada, pero tu donación me daría un incentivo de seguir mejorando día a día este DVD (no te olvides que evito tu cansancio, malestar, incomodidad, etc etc, de buscar tools)

[Lynis v1.3.8] The Unix/Linux Hardening tool


Lynis is a security tool to audit and harden Unix and Linux based systems. It scans the system by performing many security control checks, looks for installed software and determines compliance to standards. Also will it detects security issues and errors in configuration. At the end of the scan it will provide the warnings and suggestions to help you improving the security defense of your systems.

Some of the (future) features and usage options:
  • System and security audit checks
  • File Integrity Assessment
  • System and file forensics
  • Usage of templates/baselines (reporting and monitoring)
  • Extended debugging features

This tool is tested or confirmed to work with:
AIX, Linux, FreeBSD, OpenBSD, Mac OS X, Solaris

Changelog

  • New parameter –view-categories to display available test categories
  • Added /etc/hosts check (duplicates) [NAME-4402]
  • Added /etc/hosts check (hostname) [NAME-4404]
  • Added /etc/hosts check (localhost mapping) [NAME-4406]
  • Portmaster test for possible port upgrades [PKGS-7378]
  • Check for SPARC improve boot loader (SILO) [BOOT-5142]
  • NFS client access test [STRG-1930]
  • Check system uptime [BOOT-5202]
  • YUM repolist check [PKGS-7383]
  • Contributors file added
  • Improved locate database check and reporting [FILE-6410]
  • Improved PAE/No eXecute test for Linux kernel [KRNL-5677]
  • Disabled NIS domain name from test [NAME-4028]
  • Extended NIS domain test to check BSD sysctl value [NAME-4306]
  • Extended PAM tools check with PAM paths [AUTH-9262]
  • Adjusted Apache check to avoid skipping it [HTTP-6622]
  • Extended USB state testing [STRG-1840]
  • Extended Firewire state testing [STRG-1846]
  • Extended core dump test [KRNL-5820]
  • Added /lib/i386-linux-gnu/security to PAM directories
  • Added /usr/X11R6/bin directory to binary paths
  • Improved readability of screen output
  • Improved logging for several tests
  • Improved Debian version detection
  • Added warning to BIND test [NAME-4206]
  • Extended binaries with showmount and yum
  • Updated man page

[XSSless] An automated XSS payload generator written in python

An automated XSS payload generator written in python.

Usage

  1. Record request(s) with Burp proxy
  2. Select request(s) you want to generate, then right click and select "Save items"
  3. Use xssless to generate your payload: ./xssless.py burp_export_file
  4. Pwn!
A more detailed tutorial can be found here

Features

  • Automated XSS payload generation from imported Burp proxy requests
  • Payloads are 100% asynchronous and won't freeze the user's browser
  • CSRF tokens can be easily extracted and set via the -p option
  • POST multipart is supported, along with XSS file uploading via the -f option
  • Payloads are dynamic and portable (due to relative URLs)
  • Crazy JavaScript worms with no hassle!

[GDB] GNU Project Debugger

GDB, the GNU Project debugger, allows you to see what is going on `inside' another program while it executes - or what another program was doing at the moment it crashed.

GDB can do four main kinds of things (plus other things in support of these) to help you catch bugs in the act:


  • Start your program, specifying anything that might affect its behavior.
  • Make your program stop on specified conditions.
  • Examine what has happened, when your program has stopped.
  • Change things in your program, so you can experiment with correcting the effects of one bug and go on to learn about another.

The program being debugged can be written in Ada, C, C++, Objective-C, Pascal (and many other languages).

Those programs might be executing on the same machine as GDB (native) or on another machine (remote). GDB can run on most popular UNIX and Microsoft Windows variants.

[Capstone] Ultimate Disassembly Framework

Capstone is a lightweight multi-platform, multi-architecture disassembly framework.

Our target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community.

Features

  • Support hardware architectures: ARM, ARM64 (aka ARMv8), Mips & X86 (more details).
  • Clean/simple/lightweight/intuitive architecture-neutral API.
  • Provide details on disassembled instruction (called “decomposer” by others).
  • Provide some semantics of the disassembled instruction, such as list of implicit registers read & written.
  • Implemented in pure C language, with bindings for Python, Ruby, OCaml, C#, Java and GO available.
  • Native support for Windows & *nix (including MacOSX, Linux, *BSD platforms).
  • Thread-safe by design.
  • Distributed under the open source BSD license.

[Beast-Check] SSL/TLS BEAST Vulnerability Check


A small perl script that checks a target server whether it is prone to BEAST vulnerability via target preferred cipher. It assumes no workaround (i.e. EMPTY FRAGMENT) applied in target server. Some sources said this workaround was disabled by default for compatibility reasons. This may be the reason why RC4 ciphersuite was widely chosen as highest preferred ciphersuite for the primary workaround.

$ ./beast.pl

===============================================

SSL/TLS BEAST Vulnerability Check
by YGN Ethical Hacker Group, http://yehg.net/

===============================================

Usage: beast.pl host [port]

port = 443 by default {optional}
$ ./beast.pl www.hotmail.com

===============================================

SSL/TLS BEAST Vulnerability Check
by YGN Ethical Hacker Group, http://yehg.net/

===============================================

Target: www.hotmail.com:443

## The target is PRONE to BEAST attack. ##

Protocol: TLS v1
Server Preferred Cipher: AES128-SHA
Vulnerable: YES
$ ./beast.pl www.google.com

===============================================

SSL/TLS BEAST Vulnerability Check
by YGN Ethical Hacker Group, http://yehg.net/

===============================================

Target: www.google.com:443

## The target is NOT vulnerable to BEAST attack. ##

Protocol: TLS v1
Server Preferred Cipher: ECDHE-RSA-RC4-SHA
Vulnerable: NO


[Watcher] passive Web-security scanner


Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as operational configuration issues. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads (potential XSS), cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more.

Major Features:
  1. Passive detection of security, privacy, and PCI compliance issues in HTTP, HTML, Javascript, CSS, and development frameworks (e.g. ASP.NET, JavaServer)
  2. Works seamlessly with complex Web 2.0 applications while you drive the Web browser
  3. Non-intrusive, will not raise alarms or damage production sites
  4. Real-time analysis and reporting - findings are reported as they’re found, exportable to XML, HTML, and Team Foundation Server (TFS)
  5. Configurable domains with wildcard support
  6. Extensible framework for adding new checks


Watcher is built as a plugin for the Fiddler HTTP debugging proxy available at www.fiddlertool.com. Fiddler provides all of the rich functionality of a good Web/HTTP proxy. With Fiddler you can capture all HTTP traffic, intercept and modify, replay requests, and much much more. Fiddler provides the HTTP proxy framework for Watcher to work in, allowing for seamless integration with today’s complex Web 2.0 or Rich Internet Applications. Watcher runs silently in the background while you drive your browser and interact with the Web-application.

Watcher is built in C# as a small framework with 30+ checks already included. It's built so that new checks can be easily created to perform custom audits specific to your organizational policies, or to perform more general-purpose security assessments. Examples of the types of issues Watcher will currently identify:
  • ASP.NET VIEWSTATE insecure configurations
  • JavaServer MyFaces ViewState without cryptographic protections
  • Cross-domain stylesheet and javascript references
  • User-controllable cross-domain references
  • User-controllable attribute values such as href, form action, etc.
  • User-controllable javascript events (e.g. onclick)
  • Cross-domain form POSTs
  • Insecure cookies which don't set the HTTPOnly or secure flags
  • Open redirects which can be abused by spammers and phishers
  • Insecure Flash object parameters useful for cross-site scripting
  • Insecure Flash crossdomain.xml
  • Insecure Silverlight clientaccesspolicy.xml
  • Charset declarations which could introduce vulnerability (non-UTF-8)
  • User-controllable charset declarations
  • Dangerous context-switching between HTTP and HTTPS
  • Insufficient use of cache-control headers when private data is concerned (e.g. no-store)
  • Potential HTTP referer leaks of sensitive user-information
  • Potential information leaks in URL parameters
  • Source code comments worth a closer look
  • Insecure authentication protocols like Digest and Basic
  • SSL certificate validation errors
  • SSL insecure protocol issues (allowing SSL v2)
  • Unicode issues with invalid byte streams
  • Sharepoint insecurity checks
  • more….

[flunym0us] Vulnerability Scanner for Wordpress and Moodle


Flunym0us is a Vulnerability Scanner for Wordpress and Moodle designed by Flu Project Team.

Flunym0us has been developed in Python. Flunym0us performs dictionary attacks against Web sites. By default, Flunym0us includes a dictionary for Wordpress and other for Moodle.

Operation

Flunym0us requires python.
Arguments allowed:
-h, --help: Show this help message and exit
-wp, --wordpress: Scan WordPress site
-mo, --moodle: Scan Moodle site
-H HOST, --host HOST: Website to be scanned
-w WORDLIST, --wordlist WORDLIST: Path to the wordlist to use
-t TIMEOUT, --timeout TIMEOUT: Connection timeout
-r RETRIES, --retries RETRIES: Connection retries
-p PROCESS, --process PROCESS: Number of process to use
-T THREADS, --threads THREADS: Number of threads (per process) to use

Versions

Flunym0us is distributed under the terms of GPLv3 license
ChangeLog 1.0:
[+] Search Wordpress Plugins
[+] Search Moodle Extensions
ChangeLog 2.0:
[+] http user-agent hijacking
[+] http referer hijacking
[+] Search Wordpress Version
[+] Search Wordpress Latest Version
[+] Search Version of Wordpress Plugins
[+] Search Latest Version of Wordpress Plugins
[+] Search Path Disclosure Vulnerabilities
[+] Search Wordpress Authors  

Thursday, December 26, 2013

[RHEL 7] Red Hat Enterprise Linux 7 Beta


Red Hat Enterprise Linux 7 Beta showcases hundreds of new features and enhancements, including: 
  • Linux Containers - Enabling applications to be created and deployed in isolated environments with allocated resources and permissions.
  • Performance Management – Using built in tools, you can optimize performance out-of-the-box.
  • Physical and Hosted In-place Upgrades - In-place upgrades for common server deployment types are now supported. Additionally, virtual machine migration from a Red Hat Enterprise Linux 6 host to a Red Hat Enterprise Linux 7 host is possible, without virtual machine modification or downtime.
  • File Systems – File systems continue to be a major focus of development and innovation.
    • XFS is now the default file system, supporting file systems up to 500TB
    • ext4 file systems are now supported to 50TB and include block sizes up to 1MB
    • btrfs file systems are now available to test
  • Networking – Enhanced networking configuration and operation. Added support for some of the latest networking standards, including:
    • 40Gb Ethernet support
    • Improved channel bonding
    • TCP performance improvements
    • Low latency socket poll support
  • Storage – Expanded support for enterprise level storage arrays. Improved scalable storage stack for deployments that are less disk intensive. Improved storage management for heterogeneous storage environments.
  • Windows Interoperability – Bridge Windows™ and Linux infrastructure by integrating SAMBA 4.1 with existing Microsoft Active Directory domains. Or, deploy Red Hat Enterprise Linux Identity Management in a parallel trust zone with Active Directory.
  • Subsystem Management – Simplified configuration and administration with uniform management tools for networking, storage, file systems, performance, identities and security. Leveraging the OpenLMI framework, enables use of scripts and APIs to automate management.

[Twitter Password Dump] Command-line Tool to Recover Twitter Password from Web Browsers


Twitter Password Dump is the command-line tool to instantly recover your lost Twitter password from all the popular web browsers.


Currently it can recover your Twitter password from following applications,

  • Firefox
  • Internet Explorer (v6.x - v10.x)
  • Google Chrome
  • Chrome Canary/SXS
  • CoolNovo Browser
  • Opera Browser
  • Apple Safari
  • Flock Browser
  • SeaMonkey Browser
  • Comodo Dragon Browser

It automatically discovers installed applications on your system and recovers all the stored Twitter login passwords within seconds.

[RemotePasswordWiFi] Script in Ruby, for search passwords WiFi of remote routers

Script in Ruby, for search passwords WiFi of remote routers.

Support Routers:

*] Thomson *] Thechnicolor

in next days:
*] bee *] cisco


[WinDbg v6.12.2.633] Debugging Tools for Windows


WinDbg is a graphical debugger from Microsoft. It is actually just one component of the Debugging Tools for Windows package, which also includes the KD, CDB, and NTSD debuggers. Its claim to fame is debugging memory dumps produced after a crash. It can even debug in kernel mode. For downloads and more information.

This contains the 32-bit and 64-bit MSI's for Debugging Tools for Windows 6.12.2.633.


Highlights in Version 6.12.2.633

This is the current version of Debugging Tools for Windows 6.12.2.633 and is available in the Windows SDK from http://www.microsoft.com/whdc/DevTools/Debugging/default.mspx. This release of Debugging Tools for Windows contains many bug fixes and new enhancements. The debuggers are stable and more reliable than previous releases and we recommend that you upgrade to this version.

Here are some of the key changes in this version of Debugging Tools for Windows:

1. Several bug fixes in extensions to only use public symbols

2. General BugCheck Analysis Updates including:

• Bug Check 0x9F Update – Added logic to diagnose bugcheck 0x9F minidumps using new data in Windows 7 added to the 0x9F minidumps by the Kernel and Networking Teams.

Data includes:
- All Kernel ExWorkerThreads that process Power IRPs
- IRPs Associated with any ExWorkerThread
- IRPs Associated with PnP Completion Queue
- All Kernel Power IRPs
- Device Stacks for all IRPS
- NTTRIAGEPOWER Structure
- NTTRIAGEPNP structure

• BugCheck 0xFE Update - Add logic to diagnose bugcheck 0xFE minidumps using new to Windows 7 callback data added by the USB team.

3. Fixed user-mode minidump generation problem.

4. Fixed buffer overrun in schannel transport.

5. Fixed several kernel debugger transport issues.

6. Fixed problem with debugger reporting incorrect FPO information.

7. Allowed stack dumps deeper than 65535 if specified explicitly.

8. Changed ".outmask /a" and ".outmask /d" to be set only instead of or/xor.

9. The old ADPlus.vbs is being replaced by ADPlus.exe which requires the .Net Framework 2.0. For those cases where the .Net Framework isn't available we are still shipping the older version renamed to adplus_old.vbs. For detailed documentation of the new ADPlus.exe as well as for its new companion ADPlusManager.exe please see adplus.doc located in the same folder as adplus.exe.


[Avivore] The Twitter-searching Data Miner


Avivore is a Python-based tool that searches Twitter for keywords and then parses any tweets that are found. When parsing, it looks for the following sort of data:
  • Phone numbers in NPA-NXX format (ex: 604-555-1212)
  • IPv4 addresses (127.0.0.1)
  • Blackberry PINs (ABCDEF12)
It presently uses a SQLite backend to store the data that is found and outputs results via a Console. It has only been tested on Ubuntu Linux but there should be no real reason for it not to work under OS X, Windows, or any other platform capable of running Python.

I am certainly open to new data sets that it could pull. E-mail addresses were considered but at the time that I was writing all of this, I was not as interested in that information.

This tool is intended to be used for demonstration purposes and has some of my more extensive keyword searches removed. It was first presented at BSides Vancouver on March 4th, 2013.

Requirements

  • Python 3
  • SQLite and Twitter modules (pip install twitter)
No Twitter account is required for access.


[Comodo Instant Malware Analysis] Online Automated Analysis System


If you have a suspicious file, please submit it online by using the form below. Once the file is submitted, COMODO Automated Analysis System will scan it and report back its findings.

[BTS PenTesting Lab] A vulnerable web application to learn common vulnerabilities

The most common question from students who is learning website hacking techniques is "how to test my skills legally without getting into troubles?".  So, i always suggest them to use some vulnerable web application such as DVWA. 

However, i felt dvwa is not suitable for new and advanced techniques.  Mutillidae is one of the best web application vulnerable app to date. However, I missed some techniques/features in Mutillidae.  so i thought it is better develop our own app to teach the web application pentesting for my readers and students. 
BTS PenTesting Lab is a vulnerable web application that allows you to learn from basic to advanced  vulnerability techniques. 

Currently, the app contains following vulnerability types:
  • SQL Injection
  • Cross Site scripting(XSS)
  • Cross Site request Forgery(CSRF)
  • Clickjacking
  • Server Side Request Forgery(SSRF))
  • File Inclusion(RFI and LFI)
  • Command Execution

[Anubis] Online Analyzing Unknown Binaries

Anubis is a service for analyzing malware.

Submit your Windows executable or Android APK and receive an analysis report telling you what it does. Alternatively, submit a suspicious URL and receive a report that shows you all the activities of the Internet Explorer process when visiting this URL. 




[Websecurify] Web Security Testing Runtime


A Complete Suite Of Web Security Tools

The Suite provides a complete and functional marketplace of highly integrated web application security tools. You will find that different areas are covered by various domain-specific solutions. The Suite consists of automated scanners, fuzzers, utilities and many other tools useful in numerous situations.

Consistent And Easy To Use

The look and feel is consistent across all applications, which makes them incredibly easy to work with. You no longer have to look for hidden options, remember commands or even change the way you go about doing your work. It all just makes sense.

Wide Coverage Of Security Vulnerabilities

The Suite scanning technology is able to discover variety of issues from XSS, SQL Injection, Local File Includes to Default Logins, Session Problems and many others. OWASP TOP 10, WASC and variety of other lists are well supported. For the complete list of vulnerabilities we can discover just click here.




Ardamax Keylogger 4.0.6 - Invisible Keylogger with Remote Installation Feature


Ardamax Keylogger is a keystroke recorder that captures user's activity and saves it to an encrypted log file. The log file can be viewed with the powerful Log Viewer. Use this tool to find out what is happening on your computer while you are away, maintain a backup of your typed data automatically or use it to monitor your kids. Also you can use it as a monitoring device for detecting unauthorised access. Logs can be automatically sent to your e-mail address, access to the keylogger is password protected. Besides, Ardamax Keylogger logs information about the Internet addresses the user has visited.

This invisible spy application is designed for 2000, XP, 2003, Vista, 7 and Windows 8.

Keylogger Features:

  • Email log delivery - keylogger can send you recorded logs through e-mail delivery at set times - perfect for remote monitoring!
  • FTP delivery - Ardamax Keylogger can upload recorded logs through FTP delivery.
  • Network delivery - sends recorded logs through via LAN.
  • Clipboard logging - capture all text copied to the Windows Clipboard.
  • Invisible mode makes it absolutely invisible to anyone. Ardamax Keylogger is not visible in the task bar, system tray, Windows 2000/XP/2003/Vista/Windows 7 Task Manager, process viewers (Process Explorer, WinTasks etc.), Start Menu and Windows Startup list.
  • Visual surveillance - periodically makes screenshots and stores the compressed images to log.
  • Chat monitoring - Ardamax Keylogger is designed to record and monitor both sides of a conversation in following chats:
    • AIM
    • Windows Live Messenger 2011
    • ICQ 7
    • Skype 4
    • Yahoo Messenger 10
    • Google Talk
    • Miranda
    • QiP 2010
  • Security - allows you to protect program settings, Hidden Mode and Log file.
  • Application monitoring - keylogger will record the application that was in use that received the keystroke!
  • Time/Date tracking - it allows you to pinpoint the exact time a window received a keystroke!
  • Powerful Log Viewer - you can view and save the log as a HTML page or plain text with keylogger Log Viewer.
  • Small size – Ardamax Keylogger is several times smaller than other programs with the same features. It has no additional modules and libraries, so its size is smaller and the performance is higher.
  • Ardamax Keylogger fully supports Unicode characters which makes it possible to record keystrokes that include characters from Japanese, Chinese, Arabic and many other character sets.
  • It records every keystroke. Captures passwords and all other invisible text.
Other Features:
  • Windows 2000/2003/XP/Vista/Windows 7/Windows 8 support
  • Monitors multi-user machines
  • Automatic startup
  • Friendly interface
  • Easy to install

[Bugtroid] Pentesting for Android

Bugtroid is an innovative tool developed by the team of Bugtraq-Team.
The main features of this apk, is that it has more than 200 Android and Linux tools (PRO) for pentesting and forensics through its Smarthphone or tablet.
It has a menu categorized according to the nature of the tool may find:

  • Anonymity
  • Search People
  • Audit for frequencies 802.11 (Wireless and Bluetooth)
  • Mapping Networks
  • Remote
  • DDOS
  • Sniffers
  • Pentesting
  • Security
  • Forensic
  • Web Analysis
  • Cryptography
  • Brute Force
  • Antivirus
  • System

From the application menu you can:

  • Check the information on the tool.
  • Install the application.
  • Uninstall the Application.
  • Run the Application (PRO)
  • also paragraph settings available, which will serve to manage and install certain requirements for the proper functioning of the tools as well as other fnciones:
  • Set wallpaper
  • Install the minimum requirements for running the tools
  • Install shortcuts on the desktop (PRO)
  • Install shortcuts Console (PRO)
  • Installation of interpreters: Perl, Python, Ruby, PHP and Mysql (PRO)


Bugtraq team-Team can not be held responsible for the use to which it can be applied to these tools, or the contents thereof.

[Malware Classifier] Malware Analysis Tool


Adobe Malware Classifier is a command-line tool that lets antivirus analysts, IT administrators, and security researchers quickly and easily determine if a binary file contains malware, so they can develop malware detection signatures faster, reducing the time in which users' systems are vulnerable.
Malware Classifier uses machine learning algorithms to classify Win32 binaries – EXEs and DLLs – into three classes: 0 for “clean,” 1 for “malicious,” or “UNKNOWN.”

The tool was developed using models resultant from running the J48, J48 Graft, PART, and Ridor machine-learning algorithms on a dataset of approximately 100,000 malicious programs and 16,000 clean programs. 

The tool extracts seven key features from an unknown binary, feeds them to one of the four classifiers or all of them, and presents its classification of the unknown binary.


[Wifitap] WLAN Traffic Injection Tool


Wifitap is a proof of concept for communication over WLAN networks using traffic injection. Wifitap allows direct communication with an associated station to a given access point directly, whilst not being being associated ourselves or being handled by access point.

Wifitap is written in Python, and Python is damn slow. So don't expect it to work at 54Mbps.


[VirusTotal] Online Malware Analysis Tool


VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners.

VirusTotal’s mission is to help in improving the antivirus and security industry and make the internet a safer place through the development of free tools and services.


Monday, December 23, 2013

Tor Browser Bundle 3.5

The 2.x stable series of the Tor Browser Bundle has officially been deprecated, and all users are encouraged to upgrade to the 3.5 series.

Packages are now available from the Tor download page as well
as the Tor Package archive.

For now, the Pluggable Transports-capable TBB is still a separate package, maintained by David Fifield.

For people already using TBB 3.5rc1, the changes are not substantial, and are included below.
However, for users of TBB 2.x and 3.0, this release includes important security updates to Firefox. All users are strongly encouraged to update immediately, as we will not be making further releases in the 2.x or 3.0 series.

In terms of user-facing changes from TBB 2.x, the 3.x series primarily features the replacement of Vidalia with a Firefox-based Tor controller called Tor Launcher. This has resulted in a vast decrease in startup times, and a vast increase in usability. We have also begun work on an FAQ page to handle common questions arising from this transition -- where Vidalia went, how to disable JavaScript, how to check signatures, etc.

The complete changelog for the 3.x series describes the changes since 2.x.

The set of changes since the 3.5rc1 release is:
  • All Platforms
    • Update Tor to 0.2.4.19
    • Update Tor Launcher to 0.2.4.2
      • Bug 10382: Fix a Tor Launcher hang on TBB exit
    • Update Torbutton to 1.6.5.2
      • Misc: Switch update download URL back to download-easy    

[Suricata 1.4.7] Open Source Next Generation Intrusion Detection and Prevention Engine


The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field.

OISF is part of and funded by the Department of Homeland Security's Directorate for Science and Technology HOST program (Homeland Open Security Technology), by the the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as through the very generous support of the members of the OISF Consortium. More information about the Consortium is available, as well as a list of our current Consortium Members.

The Suricata Engine and the HTP Library are available to use under the GPLv2.

The HTP Library is an HTTP normalizer and parser written by Ivan Ristic of Mod Security fame for the OISF. This integrates and provides very advanced processing of HTTP streams for Suricata. The HTP library is required by the engine, but may also be used independently in a range of applications and tools.


[Rhino] Java Script Deobfuscate Tool


Rhino is an open-source implementation of JavaScript written entirely in Java. It is typically embedded into Java applications to provide scripting to end users. It is embedded in J2SE 6 as the default Java scripting engine.

Rhino-debugger is a Graphical User Interface (GUI) that enables to debug JavaScript. It is convenient to malware analysts to deobfuscate JavaScript. 


[Tor-ramdisk] Micro Linux distribution whose sole purpose is to securely host a Tor server purely in RAM


Tor-ramdisk is a uClibc-based micro Linux distribution whose sole purpose is to securely host a Tor server purely in RAM. For those not familiar with Tor, it is a system which allows the user to construct encrypted virtual tunnels which are randomly relayed between Tor servers (nodes) until the connection finally exits to its destination on the internet. The encryption and random relaying resist traffic analysis in that a malicious sniffer cannot easily discover where the traffic is coming from or what data it contains. While not perfect in its efforts to provide users with anonymity, Tor does help protect against unscrupulous companies, individuals or agencies from "watching us". For more information, see the Tor official site.

The usefulness of a RAM only environment for Tor became apparent to me when Janssen was arrested by the German police towards the end of July, 2007. (You can read the full story in a CNET article.) While the police did not seize the computer for whatever reasons, they certainly could have. More typically, it would have been taken for forensic analysis of the data on the drives. Of course, if the computer housing the Tor server has no drives, there can be no question that it is purely a network relaying device and that one should look elsewhere for the "goods".

Other advantages became clear:
  • It is useful to operators that want all traces of the server to disappear on powerdown. This includes the private SSL keys which can be housed externally.
  • The environment can be hardened in a manner specific to the limited needs of Tor.
  • It has the usual speed advantages of diskless systems and can run on older hardware.
The only known disadvantage is that it cannot host Tor hidden services which would require other services (e.g. http), and their resources (e.g. hard drive space), in addition to the Tor server itself. However, as a middle or exit node, it is ideal.

[PDFMiner] Python PDF parser and analyzer


PDFMiner is a tool for extracting information from PDF documents. Unlike other PDF-related tools, it focuses entirely on getting and analyzing text data. PDFMiner allows one to obtain the exact location of text in a page, as well as other information such as fonts or lines. It includes a PDF converter that can transform PDF files into other text formats (such as HTML). It has an extensible PDF parser that can be used for other purposes than text analysis.

Features

  • Written entirely in Python. (for version 2.4 or newer)
  • Parse, analyze, and convert PDF documents.
  • PDF-1.7 specification support. (well, almost)
  • CJK languages and vertical writing scripts support.
  • Various font types (Type1, TrueType, Type3, and CID) support.
  • Basic encryption (RC4) support.
  • PDF to HTML conversion (with a sample converter web app).
  • Outline (TOC) extraction.
  • Tagged contents extraction.
  • Reconstruct the original layout by grouping text chunks.
PDFMiner is about 20 times slower than other C/C++-based counterparts such as XPdf.

Online Demo: (pdf -> html conversion webapp)



[GNU Privacy Guard] Complete and free implementation of the OpenPGP standard


GnuPG is the GNU project's complete and free implementation of the OpenPGP standard as defined by RFC4880. GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available. Version 2 of GnuPG also provides support for S/MIME.

GnuPG is Free Software (meaning that it respects your freedom). It can be freely used, modified and distributed under the terms of the GNU General Public License .

GnuPG comes in two flavours: 1.4.16 is the well known and portable standalone version, whereas 2.0.22 is the enhanced and somewhat harder to build version.

Project Gpg4win provides a Windows version of GnuPG. It is nicely integrated into an installer and features several frontends as well as English and German manuals.

Project GPGTools provides a Mac OS X version of GnuPG. It is nicely integrated into an installer and features all required tools.

Project Aegypten developed the S/MIME functionality in GnuPG 2. 


[evasi0n7] iOS 7.x Jailbreak


Evasi0n Jailbreaking tools available for Apple iOS 7 users. This jailbreak utility/tool made by Evad3rs team after 3 months of iOS 7 launched. evasi0n is available for Mac and Windows, and is untethered. Here are the requirements posted on the evasi0n website:

  • A computer, running Windows (XP minimum), Mac OS X (10.6 minimum) or Linux (x86 / x86_64)
  • iTunes installed if you’re running Windows
  • An iPhone, iPad or iPod running iOS 7.0 through 7.0.4 (you may check in Settings / General / About => Version)
  • A USB cable to connect the device to the computer

evasi0n7 is an untethered jailbreak which supports iOS 7, iOS 7.0.1, iOS 7.0.2, iOS 7.0.3, iOS 7.0.4.
It is compatible with the following iOS 7.x.x devices:
  • iPhone 5s, iPhone 5c, iPhone 5, iPhone 4S, iPhone 4, iPhone 3GS
  • iPad Air, iPad 4, iPad 3, iPad 2
  • Retina iPad mini, iPad mini
  • iPod touch 5G

Sunday, December 22, 2013

[WinAppDbg 1.5] Python Debugger



The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment.

It uses ctypes to wrap many Win32 API calls related to debugging, and provides an object-oriented abstraction layer to manipulate threads, libraries and processes, attach your script as a debugger, trace execution, hook API calls, handle events in your debugee and set breakpoints of different kinds (code, hardware and memory). Additionally it has no native code at all, making it easier to maintain or modify than other debuggers on Windows.

The intended audience are QA engineers and software security auditors wishing to test / fuzz Windows applications with quickly coded Python scripts. Several ready to use utilities are shipped and can be used for this purposes.

Current features also include disassembling x86/x64 native code, debugging multiple processes simultaneously and produce a detailed log of application crashes, useful for fuzzing and automated testing.

What’s new in this version?

In a nutshell…
  • full 64-bit support (including function hooks!)
  • added support for Windows Vista and above.
  • database code migrated to SQLAlchemy, tested on:
    • MySQL
    • SQLite 3
    • Microsoft SQL Server
    should work on other servers too (let me know if it doesn’t!)
  • added integration with more disassemblers:
  • added support for postmortem (just-in-time) debugging
  • added support for deferred breakpoints
  • now fully supports manipulating and debugging system services
  • the interactive command-line debugger is now launchable from your scripts (thanks Zen One for the idea!)
  • more UAC-friendly, only requests the privileges it needs before any action
  • added functions to work with UAC and different privilege levels, so it’s now possible to run debugees with lower privileges than the debugger
  • added memory search and registry search support
  • added string extraction functionality
  • added functions to work with DEP settings
  • added a new event handler, EventSift, that can greatly simplify coding a debugger script to run multiple targets at the same time
  • added new utility functions to work with colored console output
  • several improvements to the Crash Logger tool
  • integration with already open debugging sessions from other libraries is now possible
  • improvements to the Process and GUI instrumentation functionality
  • implemented more anti-antidebug tricks
  • more tools and code examples, and improvements to the existing ones
  • more Win32 API wrappers
  • lots of miscellaneous improvements, more documentation and bugfixes as usual!