Friday, February 28, 2014

[IronWASP v0.9.7.5] Open Source Advanced Web Security Testing Platform


IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool's features are simple enough to be used by absolute beginners. 

IronWASP has a plugin system that supports Python and Ruby. The version of Python and Ruby used in IronWASP is IronPython and IronRuby which is syntactically similar to CPython and CRuby. However some of the standard libraries might not be available, instead plugin authors can make use of the powerful IronWASP API. 

One of the design goals of IronWASP is to be usable without reading a documentation. So whether you want to use the UI or do awesome things in the scripting shell, you can dive right in.

The UI has a clean design with helpful wizards for complex tasks, small snippets of text descriptions in different sections and 'Help' sections all over the tool that provide contextual documentation when required.

If you want to do scripting then make use of the 'Script Creation Assistant' that can take you requirement and create the script automatically for you. You could be someone who is trying to learn scripting or an experienced scripting ninja, you will find this feature to be extremly useful.

If you want to create a new vulnerabilty check or write your own security tool in the shortest possible time using the powerful API of IronWASP then use the 'Coding Assistants' available in the 'Dev Tools' menu.

[Directory Scanner v3.0] Remote Directory Server Fingerprinting Tool


Directory Scanner is the FREE Directory Server fingerprinting tool. It can help you to remotely detect the type of Directory servers (such as Microsoft Active Directory, Novell eDirectory etc) running on the local network as well as Internet.

In addition to this, it can greatly help administrators to remotely keep tab on Directory Servers running in their network. At a time you can use it to scan  single or multiple systems in the network.

It can detect following popular Directory Servers
  • Novell eDirectory
  • Microsoft Active Directory
  • Open LDAP Directory
  • Sun One Directory
  • Netscape Directory
  • IBM Lotus Domino
  • Oracle Directory
  • OpenDS Directory

It works on wide range of platforms starting from Windows XP to latest operating system Windows 8.

Thursday, February 27, 2014

[RouterPassView] Recover lost password from router backup file


Most modern routers allow you to backup the configuration of the router into a file, and then restore the configuration from the file when it's needed.

The backup file of the router usually contains important data like your ISP user name/password, the login password of the router, and wireless network keys. 

If you lost one of these password/keys, but you still have a backup file of your router configuration, RouterPassView might help you to recover your lost password from your router file.

System Requirements

  • This utility works on any version of Windows, starting from Windows 2000 and up to Windows 8.
  • RouterPassView supports limited number of router models. See below. 

[Maltrieve] A tool to retrieve malware directly from the source for security researchers


Maltrieve originated as a fork of mwcrawler. It retrieves malware directly from the sources as listed at a number of sites, including:

These lists will be implemented if/when they return to activity.

Other improvements include:
  • Proxy support
  • Multithreading for improved performance
  • Logging of source URLs
  • Multiple user agent support
  • Better error handling
  • VxCage and Cuckoo Sandbox support

Dependencies


Wednesday, February 26, 2014

[Burp Co2] A collection of enhancements for Portswigger's popuplar Burp Suite web penetration testing tool


Co2 includes several useful enhancements bundled into a single Java-based Burp Extension. The extension has it's own configuration tab with multiple sub-tabs (for each Co2 module). Modules that interact with other Burp tools can be disabled from within the Co2 configuration tab, so there is no need to disable the entire extension when using just part of the functionality.

See the Co2Modules wiki page for descriptions of each of the modules in Co2. 


[Gojira] Herramienta para facilitar las auditorías en entornos WordPress


Gojira es una herramienta para facilitar las auditorías en entornos WordPress. Está en pañales todavía ;). Por ahora:

  • -Permite crear un diccionario con los plugins más populares.
  • -Enumera plugins instalados a partir del diccionario.
  • -Extrae los usuarios registrados.
  • -Deduce la versión del WordPress a través de Readme.html, links del HTML y el meta generator.
  • -Comprueba el archivo robots.txt y comprueba cada ruta.

Tuesday, February 25, 2014

[DomainHostingView] Show domain hosting information


DomainHostingView is a utility for Windows that collects extensive information about a domain by using a series of DNS and WHOIS queries, and generates HTML report that can be displayed in any Web browser. 

The information displayed by the report of DomainHostingView includes: the hosting company or data center that hosts the Web server, mail server, and domain name server (DNS) of the specified domain, the created/changed/expire date of the domain, domain owner, domain registrar that registered the domain, list of all DNS records, and more...

System Requirements And Limitations

  • This utility works on any version of Windows, starting from Windows XP and up to Windows 7/2008, including x64 versions of Windows. This utility also works on Windows 2000, but without the IDN support.
  • Firewall/router requirements: You should allow DomainHostingView to connect the following outgoing TCP/UDP ports: 43 (WHOIS), 53 (DNS), 80 (HTTP), and 25 (SMTP).
  • The report created by DomainHostingView is based on the information provided by public WHOIS servers. If WHOIS server is temporary down, some information won't be displayed in the report. Also, some WHOIS servers may block your IP address if you use DomainHostingView to get reports about many domains in short perion of time.

DomainHostingView Features

  • DomainHostingView is a Unicode application and this it can display properly WHOIS records containing non-English characters.
  • DomainHostingView supports Internationalized domain names (IDN). When you type a domain with non-English characters, DomainHostingView automatically converts it into a format that can be used in the WHOIS and DNS servers.
  • DomainHostingView parses the text returned by the WHOIS servers, extracts the important data, and displays it in easy-to-read summary.
  • DomainHostingView also displays the raw text returned by the WHOIS servers, with a small enhancement - every http link is displayed as clickable link that opens the Web page in a new window. 

[Dumb0] A simple tool to dump users in popular forums and CMS


A simple tool to dump users forums popular forums and CMS like:

  • WordPress
  • SMF
  • vBulletin
  • IP Board
  • XEN forums
  • myBB
  • useBB
  • vanilla
  • bbPress
  • etc...

Monday, February 24, 2014

[OutlookAttachView] View/Extract/Save Outlook Attachments


OutlookAttachView scans all messages stored in your Outlook, and displays the list of all attached files that it finds. You can easily select one or more attachments and save all of them into the desired folder, as well as you can delete unwanted large attachments that take too much disk space in your mailbox. You can also save the list of attachments into xml/html/text/csv file.

System Requirements

  • Windows 2000/XP/Vista/7/2003/2008.
  • Microsoft Outlook 2003, Microsoft Outlook 2007, or Microsoft Outlook 2010. For the 64-bit version of Outlook 2010, you should use the x64 version of OutlookAttachView. Be aware that OutlookAttachView doesn't work with Outlook Express. 

[ParameterFuzz v1.8] Parameter´s auditor for web applications


ParameterFuzz is a tool to check the level of fortification in web applications, try to cover the field more exploited by hackers, as the majority of known attacks are based on exploiting poorly filtered parameters. Just as SQL injection, Cross Site Scripting or RFI among others. This tool is designed to perform security audits manually, however it is possible to automate the audit process.

It can be used for a lot of purposes such as:
  1. Dictionary attacks to parameters and folders
  2. Manual and automatic attacks to web applications
  3. Browse the source code viewing
  4. View logs of results
  5. Encoder/Decoder tool
  6. Spidering attacks
  7. Leaks detection
  8. SQL Injection detection
  9. Changes in the HTTP headers
  10. Extract valid parameters of the source code
  11. imagination...¿? 

Sunday, February 23, 2014

[WAF-FLE v0.6.3] Web application firewall: fast log and event console


WAF-FLE is a OpenSource Console for ModSecurity, it allow the modsec admin to view and search events sent by mlogc (modsecurity event log handler).

Features:
  • Central event console
  • Support Modsecurity in “traditional” and “Anomaly Scoring”
  • Able to receive events sent from mlogc (in real time or in batch using mlogc-batch-load.pl)
  • No sensor number limit
  • Dashboard with recent events information
  • Drill down of events with filter
  • Every (almost) data is “clickable” to drill down the filter
  • Inverted filter (to filter for “all but this item”)
  • Filter for network (in CIDR format, x.x.x.x/22)
  • Raw event download
  • Use Mysql as database
  • Open Source released under GPL v2

[FacebookPasswordDump v2.0] Command-line Tool to Recover Facebook Password from Browsers and Messengers


Facebook Password Dump is the command-line tool to instantly recover your lost Facebook password from popular web browsers and messengers.

Currently it can recover your Facebook password from following applications,

  • Firefox
  • Internet Explorer (v6.x - v10.x)
  • Google Chrome
  • Chrome Canary/SXS
  • CoolNovo Browser
  • Opera Browser
  • Apple Safari
  • Flock Browser
  • SeaMonkey Browser
  • Comodo Dragon Browser
  • Paltalk Messenger
  • Miranda Messenger

It automatically discovers installed applications on your system and recovers all the stored Facebook login passwords within seconds.

Saturday, February 22, 2014

[DVIA] Damn Vulnerable iOS Application


Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment.

This application covers all the common vulnerabilities found in iOS applications (following OWASP top 10 mobile risks) and contains several challenges that the user can try.

Vulnerabilities and Challenges Included
  • Insecure Data Storage
  • Jailbreak Detection
  • Runtime Manipulation
  • Transport Layer Security
  • Client Side Injection
  • Information Disclosure
  • Broken Cryptography
  • Application Patching

All these vulnerabilities and their solutions have been tested upto IOS 7.0.4.
Every challenge/vulnerability has a link for a tutorial that users can read to learn more on that topic.


[WebCacheImageInfo] Displays the software/camera model of images stored in the cache of your Web browser


WebCacheImageInfo is a simple tool that searches for JPEG images with EXIF information stored inside the cache of your Web browser (Internet Explorer, Firefox, or Chrome), and then it displays the list of all images found in the cache with the interesting information stored in them, like the software that was used to create the image, the camera model that was used to photograph the image, and the date/time that the image was created.

System Requirements And Limitations

  • This utility works in any version of Windows, starting from Windows XP and up to Windows 8. Both 32-bit and 64-bit systems are supported.
  • The following Web browsers are supported: Internet Explorer, Mozilla Firefox, SeaMonkey, and Google Chrome. Opera is not supported because it stores the JPEG images in Webp format.
  • WebCacheImageInfo won't work if you configure your Web browser to clear the cache after closing it.
  • It's recommended to close all windows of your Web browser before using WebCacheImageInfo, to ensure that all cache files are saved to the disk.
  • Be aware that WebCacheImageInfo only displays JPEG images with EXIF information stored in them. It doesn't display other images stored in the cache of your Web browsers. 

Friday, February 21, 2014

[Havij 1.17] Automated and Advanced SQL Injection


Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.

It can take advantage of a vulnerable web application. By using this software, user can perform back-end database fingerprinting, retrieve DBMS login names and password hashes, dump tables and columns, fetch data from the database, execute SQL statements against the server, and even access the underlying file system and execute operating system shell commands.

The distinctive power of Havij that differentiates it from similar tools lies in its unique methods of injection. The success rate of attack on vulnerable targets using Havij is above 95%.

The user friendly GUI (Graphical User Interface) of Havij and its automated configuration and heuristic detections make it easy to use for everyone even amateurs


What's New?

  • Dump all.
  • New bypass method for MySQL using parenthesis.
  • Write file feature added for MSSQL and MySQL.
  • Loading HTML form inputs.
  • Saving data in CSV format.
  • Advanced evasion tab in the settings.
  • Injection tab in settings.
  • 'Non-existent injection value' can now be changed by user (the default value is 999999.9).
  • 'Comment mark' can be changed by user (the default value is --).
  • Disabling/enabling of logging.
  • Bugfix: adding manual database in tables tree view.
  • Bugfix: finding string columns in PostgreSQL.
  • Bugfix: MS Access blind string type data extraction
  • Bugfix: MSSQL blind auto detection when error-based method fails
  • Bugfix: all database blind methods fail on retry
  • Bugfix: guessing columns/tables in MySQL time-based injection
  • Bugfix: crashing when dumping into file
  • Bugfix: loading project injection type (Integer or String)
  • Bugfix: HTTPS multi-threading bug
  • Bugfix: command execution in MSSQL 2005

[GoLismero v2.0] Merge results of security tools (OpenVas, Wfuzz, SQLMap, DNS recon, robot analyzer...)


GoLismero is an Open Source security tools that can run their own security tests and manage a lot of well known security tools (OpenVas, Wfuzz, SQLMap, DNS recon, robot analyzer...) take their results, feedback to the rest of tools and merge all of results. And all of this automatically.

Changelog v2.0 Beta 3

  • Integration with SSLScan, SQLMap, XSSer, Shodan and PunkSPIDER.
  • Completely rewritten HTML report.
  • New report formats: OpenOffice, LaTeX, JSON, BSON, XML, YAML, MsgPack.
  • Many improvements to the reports and the vulnerability descriptions.
  • Fixes and improvements to the OpenVAS plugin.
  • Added vulnerability standards:
  • Exploit-DB ID
  • Microsoft Bulletin ID
  • Microsoft Knowledge Base ID
  • Nessus Plugin ID
  • And bugfixes and usual
The most interesting features of the framework are:
  • Real platform independence. Tested on Windows, Linux, *BSD and OS X.
  • No native library dependencies. All of the framework has been written in pure Python.
  • Good performance when compared with other frameworks written in Python and other scripting languages.
  • Very easy to use.
  • Plugin development is extremely simple.
  • The framework also collects and unifies the results of well known tools: sqlmap, xsser, openvas, dnsrecon, theharvester…
  • Integration with standards: CWE, CVE and OWASP.
  • Designed for cluster deployment in mind (not available yet).

[FGscanner] Find hidden contents using dictionary-like attack

FGscanner is a completely rewritten version of littlescanner script.

FGscanner is an opensource advanced web directory scanner to find hidden contents on a web server using dictionary-like attack with proxy and tor support.

Quick reference for switches
Usage: ./fgscan.pl --host=hostname [--proxy=filepath] [--sec=n] [--dump] [--dirlist=filepath] [--wordlist=filepath] [--tor] [--tordns] [--debug] [--help]

--debug : Print debug information
--dirs : Specify the directory list file
--pages : Specify the wordlist file
--uarnd : Enable User Agent randomization
--host : Specify hostname to scan (without http:// or https://)
--proxy : Specify a proxy list
--sec : Seconds between requests. Value 999 will randomize delay between requests from 1 to 30 seconds
--dump : Save found pages on disk
--tor : Use TOR as proxy for each request
--tordns : Use TOR to resolve hostname. Without this options DNS queries will be directed to default DNS server outside TOR network
--help : Show this help

Thursday, February 20, 2014

[Lynis 1.4.2] Security and System Auditing Tool to Harden Linux Systems


Lynis is an auditing tool for Unix/Linux. It performs a security scan and determines the hardening state of the machine. Any detected security issues will be provided in the form of a suggestion or warning. Beside security related information it will also scan for general system information, installed packages and possible configuration errors.

This software aims in assisting automated auditing, hardening, software patch management, vulnerability and malware scanning of Unix/Linux based systems. It can be run without prior installation, so inclusion on read only storage is possible (USB stick, cd/dvd).

Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOx (Sarbanes-Oxley) compliance audits.

Intended audience:Security specialists, penetration testers, system auditors, system/network managers.

Examples of audit tests:
  • Available authentication methods
  • Expired SSL certificates
  • Outdated software
  • User accounts without password
  • Incorrect file permissions
  • Configuration errors
  • Firewall auditing

[CGE] Cisco Global Exploiter


Cisco Global Exploiter (CGE), is an advanced, simple and fast security testing tool/ exploit engine, that is able to exploit 14 vulnerabilities in disparate Cisco switches and routers.  CGE is command-line driven perl script which has a simple and easy to use front-end.

CGE can exploit the following 14 vulnerabilities:

[1] - Cisco 677/678 Telnet Buffer Overflow Vulnerability
[2] - Cisco IOS Router Denial of Service Vulnerability
[3] - Cisco IOS HTTP Auth Vulnerability
[4] - Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability[5] - Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability
[6] - Cisco 675 Web Administration Denial of Service Vulnerability
[7] - Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability
[8] - Cisco IOS Software HTTP Request Denial of Service Vulnerability
[9] - Cisco 514 UDP Flood Denial of Service Vulnerability
[10] - CiscoSecure ACS for Windows NT Server Denial of Service Vulnerability
[11] - Cisco Catalyst Memory Leak Vulnerability
[12] - Cisco CatOS CiscoView HTTP Server Buffer Overflow Vulnerability
[13] - 0 Encoding IDS Bypass Vulnerability (UTF)
[14] - Cisco IOS HTTP Denial of Service Vulnerability

Installation:
tar -zxvf cge-13.tar.gz
Execution:
perl cge.pl [target] [vulnerability number]
Example output:
[root@hacker cge-13]# perl cge.pl 192.168.1.254 3

Vulnerability successful exploited with [http://192.168.1.254/level/17/exec/....] ...

[IPNetInfo v1.53] Retrieves IP Address Information


IPNetInfo is a small utility that allows you to easily find all available information about an IP address: The owner of the IP address, the country/state name, IP addresses range, contact information (address, phone, fax, and email), and more.

This utility can be very useful for finding the origin of unsolicited mail. You can simply copy the message headers from your email software and paste them into IPNetInfo utility. IPNetInfo automatically extracts all IP addresses from the message headers, and displays the information about these IP addresses. 

[Gmail Password Dump v.20] Command-line Tool to Recover Google Password from GTalk, Picasa, GDesktop, Browsers and Messengers



Gmail Password Dump is the command-line tool to instantly recover your lost gmail password from various Google applications as well as popular web browsers and messengers.

Currently it can recover your Gmail password from following applications,
  • Google Talk
  • Google Picassa
  • Google Desktop Seach
  • Gmail Notifier
  • Firefox
  • Internet Explorer
  • Google Chrome
  • Chrome Canary/SXS
  • CoolNovo Browser
  • Opera Browser
  • Apple Safari
  • Flock Browser
  • SeaMonkey Browser
  • Comodo Dragon Browser
  • Paltalk Messenger
  • Pidgin Messenger
  • Miranda Messenger

It automatically discovers installed applications on your system and recovers all the stored google account passwords within seconds.

By default it dumps all the recovered passwords to console. Now with version v2.0 onwards, you can also save the passwords to TEXT file.

Wednesday, February 19, 2014

[WhoisThisDomain] Domain Registration Lookup Utility


WhoisThisDomain is a domain registration lookup utility allows you to easily get information about a registered domain. It automatically connect to the right WHOIS server, according to the top-level domain name, and retrieve the WHOIS record of the domain. 

It support both generic domains and country code domains.

[Haveged 1.9.1] A simple entropy daemon


The haveged project is an attempt to provide an easy-to-use, unpredictable random number generator based upon an adaptation of the HAVEGE algorithm. Haveged was created to remedy low-entropy conditions in the Linux random device that can occur under some workloads, especially on headless servers. Current development of haveged is directed towards improving overall reliablity and adaptability while minimizing the barriers to using haveged for other tasks.

The original HAVEGE research dates back to 2003 and much of the original haveged documentation is now quite dated. Recent work on haveged has included an effort to provide more recent information on the project and its applications.

The original research behind HAVEGE use was based upon studies of the behavior of processor caches from a hardware level. The 'Flutter' documents below attempt to provide a modern view of HAVEGE at software level through the use of a diagnostic build of haveged that captures the non deterministic inputs to haveged for analysis by external tools.

[Advanced Encryption Package 2014] Strong encryption algorithms to protect your confidential documents

Strong and proven encryption algorithms to protect your confidential documents

To secure sensitive data AEP PRO file encryption software uses 20 proven and strong encryption algorithms including AES, Blowfish, Twofish, GOST, Serpent and others.

Easy to use for novices. Integration with Windows context menu.

Encryption technology is a difficult thing, especially if you are not technically savvy. How is an older family member supposed to figure out how to create a self-decrypting file, securely delete a file, or use Public Key Infrastructure to receive mails securely?
This file encryption software is made easy for novices. It integrates nicely with Windows Explorer, allowing you to use Explorer's context menus for file encryption/decryption/secure deletion directly from well known Windows Explorer.
AEP file encryption software can encrypt a single file, multiple files at once or even whole Windows folder(s).

Using USB sticks to store encryption / decryption keys

It is possible to store all your encryption passwords on a USB Flash Drive. You just need to remember a single Master Password for the password vault on the USB memory stick. There is no need to keep 20 passwords in mind when you can store these encryption keys on flash memory in an encrypted form and remember just one password.
It might sound simplistic, but strong passwords are a must for good security. A good password is a combination of several words that aren't themselves a word interspersed with special characters (e.g., !4scOrE&sDayNYeaRs_ag0).
What is the real difference between a weak password and strong randomly generated password?
AEP file encryption software can generate a really strong encryption key (a real example is "(+3!';0.;4{M>tMpRnK7&*u'F7)SYu2Q"). The ability to remember such strong passwords (with the help of a USB memory stick of course) is the key to using modern encryption algorithms 100% effectively.

Securely delete source files after encryption. Never delete confidential files using Windows Explorer!

It is a common misconception of PC users that once they have dropped a file into the recycle bin and emptied it that, there is nothing left to do and that the file is gone for good.
All that happens when you erase a file by either deleting it or putting it into the trash is that Windows has been told to not recognize the file so that you do not see it when you open a folder or your desktop. In fact, it is not erased at all, the data is still there on your hard drive and it will remain there until the information is overwritten by some other file or data.
We know all about this, as we have developed special software to recover accidentally deleted files and we also know all about the file systems used in Windows 7, Vista,  XP and 2003/2000.
AEP file encryption software can wipe the contents of the original pre-encrypted file beyond recovery to make sure that not even a trace remains after shredding. AEP PRO matching and exceeding the specifications of the U.S. Department of Defense to stop software and hardware recovery tools.
AEP supports about 20 ways to securely delete file:  Peter Gutmann algorithm, U.S. DoD 5200.28, VSITR, German Standard, Bruce Schneier algorithm, NATO Data Destruction Standard, GOST P50739-95 Russian Standard, The National Computer Security Center Standard, Canadian Standard, NAVSO P-5239-26, US Navy Standard, AFSSI-5020, US Air-Force Standard, AR380-19, US Army Standard and simple Quick Wipe algorithm.

Symmetric and asymmetric encryption (support for PKI)


AEP PRO file encryption software supports symmetric and asymmetric encryption.
In the first mode (symmetric), you just use the same password and for encryption and for decryption using one of ~20 available symmetric encryption algorithms (AES, Blowfish, Serpent etc).
In the second mode (asymmetric), you create (using AEP PRO) a pair of keys: the public key and the private key. You publish the public key file on a web site (or send it to any person via e-mail). This key is used to encrypt a file and send it back to you. Once encrypted, the file cannot be decrypted using this public key file. You receive the file and use the private key file - i.e. your secret key file to decrypt document.  
  • AEP PRO includes the PKI keys manager and the key generator tool. It generates a pair of public/private keys with the strength: 512, 768, 1024 or 2048 bit.  
  • RSA encryption is used with strong symmetric encryption algorithms together. The public key is used to encrypt a randomly generated password. This password is used to encrypt whole file.  
  • AEP PRO can protect a private key file by way of a password. Therefore, you can store your decryption keys in an open form on USB sticks, windows folders, etc. It can be stolen but cannot be used.

Bonus! Command line utility to automate file encryption and decryption tasks

In a program folder you will find a separate command line utility (aepcmd.exe). It supports all program operations: encryption and decryption with a password, PKI encryption and decryption, secure file deletion, and the generation of PKI keys. This utility understands file masks, can process windows folders recursively, can fetch file/folder list from text file, or can be set in a command line.
This command line utility can easily be integrated with your batch script because this console utility returns status codes on every operation (errorlevel, that can be analyzed in your script). All command line keys and switches and status codes are fully documented in the help file.
AEPCMD can be configured to securely delete file(s) after encryption and you can use it to encrypt all new files in a folder and its subfolders on a scheduled basis (the encryption console utility will recognize and skip already encrypted files).

Easily share confidential documents / safely transfer data via the Internet. No need to have AEP on the other side.

Once encrypted, the document/file can safely be uploaded to your web site, sent as an attachment in an email, sent on a compact disc via postal mail, etc. Your email/compact disc with important documents can be intercepted by a third party. But nobody can read these documents without the password and there is absolutely no way to break this password.
When you burn encrypted files to compact disc, simpy burn our free decryption utlityCrypt4Free to this CD as well. Your recipient can use this utility to decrypt the files on your compact disc. This utility can also be downloaded from our web site abolutely free by everyone.
Alternatively, you can create self-decrypting versions of your encrypted files. A self-decrypting file is just the usual executable filewith an encrypted file inside. The recipient of this secure document simply lanches this executable file and will then see a text field in order to enter the decryption password and then click the"decrypt" button. Therefore, the recipient of your files has no need to purchase an AEP program to decrypt your files.

Additionally, in a situation when both the sender and recipient have AEP PRO file encryption software, they can use Public Key Infrastructure to exchange files. You just generate a public/private key pair and send the public key to your recipient. The recipient uses your public key file to encrypt a confidential file and then sends it back to you in an encrypted form. You decrypt it using another key - private key file. In this situation you will never need to reveal the decryption password via telephone to your friends/colleagues and it cannot be heard/recorded by a third party.
In addition, AEP PRO compresses  the file before encryption to reduce its size significantly.

Scrambling text messages

AEP includes a special utility: Clipboard Encryptor. Its icon is located in the tray notification area and it monitors the Windows Clipboard.
By pressing the special global hot key, the text in the clipboard can be scrambled and then you can paste it into your email message.

AEP prevents the use of 'weak' passwords and enhances total security

AEP file encryption software controls entered encryption password is different ways. On the one hand it has a special password qualityindicator. It turns red for weak passwords (short passwords, passwords consisting of characters only or digits only, etc.). On the other hand, AEP maintains an internal dictionary of 45,000 common English words and recognizes these words in the password and warns you when you use a weak dictionary password to prevent a well known dictionary attack.

Tuesday, February 18, 2014

[Pac4Mac] Forensics Framework for Mac OS X


Pac4Mac (Plug And Check for Mac OS X) is a portable Forensics framework (to launch from USB storage) allowing extraction and analysis session informations in highlighting the real risks in term of information leak (history, passwords, technical secrets, business secrets, ...). Pac4Mac can be used to check security of your Mac OS X system or to help you during forensics investigation.

Mindmap Pac4Mac features (PDF format)

Features

[*] Developed in Python 2.x (natively supported)
[*] Framework usage
[*] Support of OS X 10.6, 10.7, 10.8 and 10.9(not tested)

[*] Data extraction through:

  • User or Root access
  • Single Mode access
  • Target Mode access (Storage media by Firewire or Thunderbolt)

[*] 3 dumping modes : Quick, Forensics, Advanced:
  • Dumping Users / User Admin?
  • Dumping Mac's Identity (os version, owner)?
  • Dumping Miscellaneous files
    (Address book, Trash, Bash history, stickies, LSQuarantine, AddressBook,
    Safari Webpage Preview, Office Auto Recovery, WiFI access history, …)
  • Dumping content of current Keychain (security cmd + securityd process)
  • Dumping Users Keychains?
  • Dumping System Keychains?
  • Dumping password Hashes?
  • Live Cracking hashes password?s
  • Dumping Browser Cookies (Safari, Chrome, Firefox, Opera)?
  • Dumping Browser Places (Safari, Chrome, Firefox, Opera)?
  • Dumping Browser Downloads history (Safari, Chrome, Firefox, Opera)?
  • Dumping printed files?
  • Dumping iOS files backups?
  • Dumping Calendar and Reminders / Displaying secrets
  • Dumping Skype messages / Displaying secrets on demand
  • Dumping iChat, Messages(.app), Adium messages
  • Dumping Emails content (only text)?
  • Dumping Emails content of all or special Mail Boxes
  • Adding root user
  • Dumping RAM
  • Cloning local Disk
  • Dumping system logs, install, audit, firewall

[*] DMA access features (exploitation of Firewire and Thunderbolt interfaces)
  • Unlock or bypass in writring into RAM
  • Dumping RAM content
  • Exploit extracted data (see Analysis module)

[*] Analysis module in order to easily exploit extracted data by one of dumping modes-
  • Exploit Browser History[*] x 4 (Displaying recordings, Local copy for usurpation)
  • Exploit Browser Cookies[*] x 4 (Displaying recordings, Local copy for usurpation)
  • Display Browser Downloads[*] x 4 (Displaying recordings)
  • Exploit Skype Messages[*] (Displaying/Recording all recorded messages, with secret information or containing a special keyword)
  • Exploit iChat, Messages(.app), Adium messages (in the next version)
  • Exploit Calendar Cache[*] (Display/Recording all recorded entries, with secret information or containing a special keyword)
  • Exploit Email Messages (Displaying/Recording all recorded messages, with secret information or containing a special keyword / )
  • Exploit RAM memory Dump[*] (Searching Apple system/applications/Web Passwords)
  • Exploit Keychains[*] (Display content Keychain?, Crack Keychain files)
  • Crack Hashes passwords?
  • Exploit iOS files[*] (Accessing to iPhone without passcode, reading secrets through iTunes backups)
  • Display Stickies Widgets?
  • Display Printed Documents
  • Display prospective passwords ?(displaying all found passwords during dump and analysis phases)

[*] Integration of post-intrusion features
  • Hard Disk/RAM image
  • System dump to help to analyse compromission
    • Logs system, syslog, install, firewall, audit?
    • System usernames?
    • Names and creation dates of launched agents, daemons, applications?
    • Scheduled tasks?
    • Plist of Mac OS X known malwares?
    • Loaded drivers?
    • Network connections?
    • Active Processes?
    • Used ressources (files, libraries, …)?
    • Strange files (SUID, important size, …)?
    • Last dates of WiFI connections
  • Integration of CheckOut4Mac in order to quickly detect recent malicious activities or if someone attempted or succeeded to get an access to your Mac let in your hotel room during your dinner or party (based on USB connections, adding users, attempt to unlock session, access to emails, modification of files, etc.). 
    • Source : http://sud0man.blogspot.fr/2013/07/checkout4mac-v01.html
    • Startup activities (Startup dates, Stopping dates, Hibernation dates, Out of hibernation dates)
    • Session activities (Locked session dates, Attempt to unlock session without success, Unlocked session with success)
    • Physical activities (USB connections, USB plugged devices, File system events, Firewire connections with another machine or storage media, Firewire connections with another machine or storage media, Firewire connections to dump RAM)
    • Privileges escalation activities (Opened/Closed TTY terminals, ROOT commands executed with success, Attempt to execute commands with SUDO without success, User, password modification and creation
    • Applications activities (Opened applications)
    • File activities (Modified files like autorun App, LaunchAgents or LaunchDaemons, Added files like trojan or malware App, Accessed files like your secret files, Accessed Mails last access dates)
    • Network activities (Ethernet/WiFI connections, WiFI access points (last connection dates))
[*] Each launched action is logged and can be easily reviewed
[*] Easy to add new target (file, directory user, command, …) to extract (with db files and fonctions)
[*] All passwords found during dump or analysis are displayed
[*] All passwords found during dump or analysis are stored in common database(human readable format) and used for the next steps
[*] Multi-users extraction (from root session, single mode and Target Mode)
[*] Support of 4 browsers (Safari, Chrome, Firefox, Opera)
[*] Multi-profiles extraction (eg: Firefox, Skype)


[Twitter Password Dump v2.0] Command-line Tool to Recover Twitter Password from Web Browsers


Twitter Password Dump is the command-line tool to instantly recover your lost Twitter password from all the popular web browsers.

Currently it can recover your Twitter password from following applications,
  • Firefox
  • Internet Explorer (v6.x - v10.x)
  • Google Chrome
  • Chrome Canary/SXS
  • CoolNovo Browser
  • Opera Browser
  • Apple Safari
  • Flock Browser
  • SeaMonkey Browser
  • Comodo Dragon Browser

It automatically discovers installed applications on your system and recovers all the stored Twitter login passwords within seconds.

By default it dumps all the recovered passwords to console. Now with version v2.0 onwards, you can also save the passwords to TEXT file.

Monday, February 17, 2014

[Azazel] Userland Anti-debugging & Anti-detection Rootkit



Azazel is a userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection.

Features
  • Anti-debugging
  • Avoids unhide, lsof, ps, ldd detection
  • Hides files and directories
  • Hides remote connections
  • Hides processes
  • Hides logins
  • PCAP hooks avoid local sniffing
  • Two accept backdoors with full PTY shells.
    • Crypthook encrypted accept() backdoor
    • Plaintext accept() backdoor
  • PAM backdoor for local privesc and remote entry
  • Log cleanup for utmp/wtmp entries based on pty
  • Uses xor to obfuscate static strings
As with anything of this nature, it’s recommended you check the source-code/run it in a safe environment etc. But if I have to emphasise stuff like that, this is probably the wrong site for you.

[Killtrojan Syslog] Tool to detect malware activity on a system


Killtrojan Syslog is a free application to create a report about characteristics of the system to further analyze and look for signs of malware, also is intended to put the report in a specialized forum for users to help.

The tool has a very intuitive and easy to use for non-technical users to create their reports. Also useful for more advanced users who want to analyze a computer.

With the support logs with BBCode mode, you can paste the log generated in any forum (SMF, PHPBB, Invision ...) which will be detailed with clear colors for your reading.


Sunday, February 16, 2014

[pMap v1.10] Passive Discovery, Scanning, and Fingerprinting


Discovery, Scanning, and Fingerprinting via Broadcast and Multicast Traffic

Features
  • Reveals open TCP and UDP ports
  • Uses UDP, mDNS, and SSDP to identify PCs, NAS, Printers, Phones, Tablets, CCTV, DVR, and Others
    • Device Type, Make, and Model
    • Operating Systems and Version
    • Service Versions and Configuration
  • Stand-Alone (Nmap-like output) or Agent Mode (SYSLOG)
  • Metasploit Script Included

Saturday, February 15, 2014

[Browser Password Dump v2.0] Command-line Tool to Recover Login Password from Web Browsers


Browser Password Dump is the free command-line tool to instantly recover your lost password from all the popular web browsers.

Currently it can recover stored web login passwords from following browsers.

  • Firefox
  • Internet Explorer
  • Google Chrome
  • Chrome Canary/SXS
  • CoolNovo Browser
  • Opera Browser
  • Apple Safari
  • Flock Browser
  • SeaMonkey Browser
  • Comodo Dragon Browser

It automatically discovers installed applications on your system and recovers all the stored web login passwords within seconds.

By default it dumps all the recovered passwords to console. Now with version v2.0 onwards, you can also save the passwords to TEXT file.

Friday, February 14, 2014

OWASP Xenotix XSS Exploit Framework v5


OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1600+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. Xenotix Scripting Engine allows you to create custom test cases and addons over the Xenotix API. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.

Following are the V5 Additions

  • Xenotix Scripting Engine
  • Xenotix API
  • V4.5 Bug Fixes
  • GET Network IP (Information Gathering)
  • QR Code Generator for Xenotix xook
  • HTML5 WebCam Screenshot(Exploitation Module)
  • HTML5 Get Page Screenshot (Exploitation Module)
  • Find Feature in View Source.
  • Improved Payload Count to 1630
  • Name Changes

Xenotix Scripting Engine and API


This release features the Xenotix Scripting Engine that works on the top of Xenotix API. The Scripting Engine helps you to create tools and test cases on the go based on your requirements. There are situations when you have to go the manual way and since the ruleset set of an automated tool is not applicable in certain situations. Xenotix Scripting Engine powered by Xenotix API come into your rescue. Now you can make sure your tool works based on your requirements. Apply your Python scripting skills on the latest Scripting Engine.
Xenotix API features
  • 1630 XSS Detection Payloads.
  • An inbuilt GET Request XSS Fuzzer for Intelligent and Fast XSS Vulnerability Detection.
  • Analyze Response in Trident and Gecko Web Engines to make sure that there are no false positives.
  • Interact with Web Engines from the scope of a Python Script.
  • Make GET and POST Requests with one liner codes.

Reguirements

[Charles] Web Debugging Proxy Application


Charles is a web proxy (HTTP Proxy / HTTP Monitor) that runs on your own computer. Your web browser (or any other Internet application) is then configured to access the Internet through Charles, and Charles is then able to record and display for you all of the data that is sent and received.

In Web and Internet development you are unable to see what is being sent and received between your web browser / client and the server. Without this visibility it is difficult and time-consuming to determine exactly where the fault is. Charles makes it easy to see what is happening, so you can quickly diagnose and fix problems.

Charles makes debugging quick, reliable and advanced; saving you time and frustration!

Key Features

  • SSL Proxying – view SSL requests and responses in plain text
  • Bandwidth Throttling to simulate slower Internet connections including latency
  • AJAX debugging – view XML and JSON requests and responses as a tree or as text
  • AMF – view the contents of Flash Remoting / Flex Remoting messages as a tree
  • Repeat requests to test back-end changes
  • Edit requests to test different inputs
  • Breakpoints to intercept and edit requests or responses
  • Validate recorded HTML, CSS and RSS/atom responses using the W3C validator

Thursday, February 13, 2014

[OWASP iGoat] Security learning tool for iOS developers

The OWASP iGoat project is a security learning tool for iOS developers to learn about security weaknesses in iOS -- by breaking things as well as fixing them.

iGoat is available ONLY in source code format, and this is the official repository for that code.

On the Downloads tab here, you will find the full iGoat source tree in tar format, or you can go to the Source tab for instructions on using Mercurial to grab (or clone) the source tree.

Be sure to also check out the Wiki tab here for useful documents related to the iGoat project. 


[Introspy] Security profiling for blackbox iOS


Blackbox tool to help understand what an iOS application is doing at runtime and assist in the identification of potential security issues.

The tracer can be installed on a jailbroken device to hook and log security-sensitive iOS APIs called by applications running on the device. The tool records details of relevant API calls, including arguments and return values and persists them in a database. Additionally, the calls are also sent to the Console for real-time analysis.

How Introspy works

The tool comprises two separate components: Introspy-iOS and Introspy-Analyzer.

Introspy-iOS is a tracer that can be installed on a jailbroken iOS device. It will hook security-sensitive APIs called by a given application, including functions related to cryptography, IPCs, data storage / protection, networking, and user privacy. The call details are all recorded and persisted in a SQLite database on the device

This database can then be fed to Introspy-Analyzer, which generates an HTML report displaying all recorded calls, plus a list of potential vulnerabilities affecting the application.

Wednesday, February 12, 2014

[Wi-Fi Password Dump] Command-line Tool to Recover Wireless Passwords



WiFi Password Dump is the free command-line tool to quickly recover all the Wireless account passwords stored on your system.

It automatically recovers all type of Wireless Keys/Passwords (WEP/WPA/WPA2 etc) stored by Windows Wireless Configuration Manager.

For each recovered WiFi account, it displays following information
  • WiFi Name (SSID)
  • Security Settings (WEP-64/WEP-128/WPA2/AES/TKIP)
  • Password Type
  • Password in Hex format
  • Password in clear text
By default it dumps all the recovered passwords to console. Now with version v2.0 onwards, you can also save the passwords to TEXT file.

[SecLists] Collection of multiple types of lists used during security assessments


SecLists is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.

The goal is to enable a security tester to pull this repo onto a new testing box and have access to every type of list that may be needed.

If you have any ideas for things we should include, please send them to daniel.miessler@owasp.org or jason.haddix@owasp.org. Also note that any lists that have been meticulously assembled by someone else will only be used with permission of the creator.

This project is maintained by Daniel Miessler and Jason Haddix. 

Credits:

- Ron Bowes of SkullSecurity for collaborating and including all his lists here
- Clarkson University for their research that led to the Clarkson list
- All the authors listed in the XSS with context doc, which was found on pastebin and added to by us
- Ferruh Mavitina for the begginings of the LFI Fuzz list
- Adam Muntner and  for the FuzzDB content, including all authors from the FuzzDB project
- Kevin Johnson for laudnaum shells
- RSnake for fierce hostname list