Thursday, December 19, 2013

Hook Analyser 3.0 Released with Cyber Threat Intelligence Features


Hook Analyser : ( Released V3.0)

                          a new module has been added - Cyber Threat Intelligence. Threat Intel module is being created to gather and analyse information related to Cyber Threats and vulnerabilities.

The module can be run using HookAnalyser.exe (via Option 6 ), or can be run directly.


The module present information on a web browser (with dashboard alike representation) with the following sections -

  1. Threat Vectors - by (%) Country
  2. Threat Vectors - by Geography 
  3. Vulnerability / Threat Feed.
Project documentation - Click Here

Here is the screenshot of the Cyber Threat Intelligence dashboard -





To download the project - Click Here 

 

Monday, December 2, 2013

Malware Forensics Tools

Windows Prefetch Files:


WinPrefetchView :


                            is a small utility that reads the Prefetch files stored in your system and display the information stored in them. By looking in these files, you can learn which files every application is using, and which files are loaded on Windows boot.





                               WinPrefetchView doesn't require any installation process or additional DLL files. In order to start using it, simply run the executable file - WinPrefetchView.exe

                                 The main window of WinPrefetchView contains 2 panes: The upper pane displays the list of all Prefetch files in your system. When you select a file in the upper pane, the lower pane displays the list of files stored inside the selected Prefetch file, which represent the files that were loaded by the application in the previous times that you used it.


                                 These is also special Prefetch file, with 'NTOSBOOT-B00DFAAD.pf' filename, which can show you the list of files that are loaded during Windows boot process.



                                 WinPrefetchView also allows you to delete the selected Prefetch files. However, be aware that even when your delete a Prefetch file, it'll be created again by the operating system when you run the same program again.

 Download Link : http://www.nirsoft.net/utils/winprefetchview.zip


 Windows Registry Hives:

 RegRipper:

                    is an open source tool, written in Perl, for extracting/parsing information (keys, values, data) from the Registry and presenting it for analysis.



                     RegRipper consists of two basic tools, both of which provide similar capability. The RegRipper GUI allows the analyst to select a hive to parse, an output file for the results, and a profile (list of plugins) to run against the hive. When the analyst launches the tool against the hive, the results go to the file that the analyst designated. If the analyst chooses to parse the System hive, they might also choose to send the results to system.txt. The GUI tool will also create a log of it's activity in the same directory as the output file, using the same file name but using the .log extension (i.e., if the output is written to system.txt, the log will be written to system.log).

 RegRipper also includes a command line (CLI) tool called rip. Rip can be pointed against to a hive and can run either a profile (a list of plugins) or an individual plugin against that hive, with the results being sent to STDOUT. Rip can be included in batch files, using the redirection operators to send the output to a file. Rip does not write a log of it's activity.

RegRipper is similar to tools such as Nessus, in that the application itself is simply an engine that runs plugins. The plugins are individual Perl scripts that each perform a specific function. Plugins can locate specific keys, and list all subkeys, as well as values and data, or they can locate specific values. Plugins are extremely valuable in the sense that they can be written to parse data in a manner that is useful to individual analysts.


Note: Plugins also serve as a means of retaining corporate knowledge, in that an analyst finds something, creates a plugin, and adds that plugin to a repository that other analysts can access. When the plugin is shared, this has the effect of being a force multiplier, in that all analysts know have access to the knowledge and experience of one analyst. In addition, plugins remain long after analysts leave an organization, allowing for retention of knowledge.

Download Link : http://code.google.com/p/regripper/downloads/list



Auto_rip:

                 auto_rip is a wrapper script for RegRipper. The script automates 
the execution of the RegRipper plug-ins according to the categories below:

all              gets information from all categories
os               gets General Operating System Information
users            gets User Account Information
software         gets Installed Software Information
network          gets Networking Configuration Information
storage          gets Storage Information
execution        gets Program Execution Information
autoruns         gets Autostart Locations Information
log              gets Logging Information
web              gets Web Browsing Information
user_config      gets User Account Configuration Information
user_act         gets User Account General Activity
user_network     gets User Account Network Activity
user_file        gets User Account File/Folder Access Activity
user_virtual     gets User Account Virtualization Access Activity
comm             gets Communication Software Information
 
SHA1 Checksum: 
 
 55828924ce01190b5e4c292c3fb979b3b5b12c88
 
Download Link : http://regripper.googlecode.com/files/auto_rip-5-16-2013.zip 
 
 

NTFS Artifacts

AnalyzeMFT

                     analyzeMFT.py is designed to fully parse the MFT file from an NTFS
filesystem and present the results as accurately as possible in multiple formats.
 
Documentation : http://grayscale-research.org/new/pdfs/NTFS%20forensics.pdf 

Download Link : https://github.com/dkovar/analyzeMFT
 
 

Windows Journal Parser (jp) :

                                                  jp is a command line tool that targets NTFS change log journals. The change journal is a component of NTFS that will, when enabled, record changes made to files. The change journal is located in the $UsnJrnl MFT entry, and the journal entries are located in the alternate data stream $J. Each entry is of variable size and its internal structure is documented in the MSDN.

                                                   The change journal will record amongst other things: (a) time of the change, (b) affected file/directory, (c) change type - delete, rename, size extend, etc, and therefore makes a useful tool when looking at a computer forensically.







Downloads



32-bit Version64-bit Version


Windows:jp32.v.1.07.win.zipjp64.v.1.07.win.zip


Linux:jp32.v.1.07.lin.tar.gzjp64.v.1.07.lin.tar.gz


Mac OS X:jp.v.1.07.osx.tar.gzjp.v.1.07.osx.tar.gz












































Saturday, November 30, 2013

Droid Fusion By OWASP - Mobile Security Linux Distribution

Droid Fusion :

                is a platform for android mobile or any other mobile for doing Malware Analysis, Development, Application Pentesting,forensics. You can use it in any mobile security research, and if you have Droid Fusion, you don't need to worry about finding tools. There are more then 60 tools and scripts and it is free.







Authentication


Username: Droid
Password: fusion
Checksum

MD5 : 5f492cef31264d0b32b0cf8fd618551
SHA1 :1fb10a66d6e87f9e1aef9143259b7d37dfd9df4


Road Map :






Screenshot :







Download OWSAP Droidfusion :   Download 













Tuesday, November 19, 2013

Cryptolocker Ransomware Malwarwe - Tools to Detect & Prevent

CryptoLocker :

                          is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 96 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.



                         Cryptolocker will encrypt users’ files using asymmetric encryption, which requires both a public and private key. The public key is used to encrypt and verify data, while private key is used for decryption, each the inverse of the other.Below is an image from Microsoft depicting the process of asymmetric encryption





                 

                 The bad news is decryption is impossible unless a user has the private key stored on the cybercriminals’ server. Currently, infected users are instructed to pay $300 USD to receive this private key. Infected users also have a time limit to send the payment. If this time elapses, the private key is destroyed, and your files may be lost forever. 

                   Files targeted are those commonly found on most PCs today; a list of file extensions for targeted files include:

3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx

                  In some cases, it may be possible to recover previous versions of the encrypted files using System Restore or other recovery software used to obtain “shadow copies” of files.



Is it possible to decrypt files encrypted by CryptoLocker?


                                             Unfortunately at this time there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom. Brute forcing the decryption key is not realistic due to the length of time required to break the key. Also any decryption tools that have been released by various companies will not work with this infection. The only method you have of restoring your files is from a backup or Shadow Volume Copies if you have System Restore enabled. Newer variants of CryptoLocker attempt to delete the Shadow Copies, but it is not always successful.


How to remove Cryptolocker -Malwarebytes


CryptoPrevent Tool :

                                FoolishIT LLC was kind enough to create a free utility called CryptoPrevent that automatically adds the suggested Software Restriction Policy Path Rules listed below to your computer. This makes it very easy for anyone using Windows XP SP 2 and above to quickly add the Software Restriction Policies to your computer in order to prevent CryptoLocker and Zbot from being executed in the first place..
 


CryptoPrevent

You can download CryptoPrevent from the following page:

http://www.foolishit.com/download/cryptoprevent/

For more information on how to use the tool, please see this page:

http://www.foolishit.com/vb6-projects/cryptoprevent/

Once you run the program, simply click on the Block button to add the Software Restriction Policies to your computer. If CryptoPrevent causes issues running legitimate applications, then please see this section on how to enable specific applications.
 

Stop Sign Internet Security :

                                       Suite provides a powerful on-access scanner component designed to monitor the system in real time. Keeping the operating system and associated software properly updated can also be crucial in maintaining a malware-free environment. 


                                      Although removal of Cryptolocker is included with a Stop Sign subscription, concern the user may not have a backup of their documents has prompted the Stop-Sign Research and Development Team to decide to not incorporate an automated removal of Cryptolocker into the scanner.
 
Download Link :
 http://downloads.stopsign.com/stop-sign_install.exe
 
Malwarebytes' :
                        Anti-Malware can detect and remove this ramsomware malware. Malwarebytes detects Cryptolocker infections as Trojan.Ransom, but it cannot recover your encrypted files due to the nature of asymmetric encryption, which requires a private key to decrypt files encrypted with the public key.

 


Download Link :
http://www.malwarebytes.org/mbam-download.php
 
Anti-CryptoBlocker :
                              by Bit Defender an Encryption blocking tool that can detect and block malware from the installation .

Intrusion prevention Systems can block the communication protocol send from the Cryptolocker infected ssytem to the remote command-and-Control server , where the malware retrieves the key to encrypt the files.

 


Download Link :
http://download.bitdefender.com/removal_tools/BDAntiCryptoLocker_Release.exe
 
CryptoGuard :
                     is a universal solution against crypto ransomware. This type of ransomware encrypts your personal files and demands a ransom fee to be paid in order to regain access to your files.
                       
                              HitmanPro's CryptoGuard monitors your file system for suspicious operations. When suspicious behavior is detected, the malicious code is neutralized and your files remain safe from harm. CryptoGuard works silently in the background at the file system level, keeping track of processes modifying your personal files. CryptoGuard works autonomously, so no user interaction is required.

Download Link :

http://www.surfright.nl/en/cryptoguard

Thanks,

RRN Technologies Team






 


 
 
 

Cloud Security - Tools to Secure and Encrypt Files in Cloud Storage

CloudCapsule :

                         is designed to provide secure encryption of data that resides on public and private cloud storage. Users can link their favorable cloud storage account to CloudCapsule, and encrypt, import and export files securely through CloudCapsule. That is, as suggested by the name Capsule, it creates a secure environment on a user's iOS device to securely access data in the Cloud. By security, this means data is encrypted in the storage server, in transit, and only decrypted and accessible within the CloudCapsule app.

 


 



Features:

Capsule

1. Linking with public cloud storage services, including Dropbox and GoogleDrive.
2. Strong secure file encryption with RSA-2048 and AES-256 and integrity protection with RSA-SHA1 or HMAC-SHA256.
3. Import and automatically encrypt plaintext files to a Cloud storage.
4. Export encrypted file through iDevice's e-mail account.

Privacy Browser

1. Spoof User-Agent to hide device information. For both PC and mobile platforms (iOS and Android), our private browser can be disguised as Opera, IE, Firefox, or Chrome.
2. Spoof location to hide user's actual location to web services.

 

Download Link :

 https://itunes.apple.com/us/app/cloudcapsule/id673662021

 

 Boxcryptor :

                      is a Free for non-commercial use software which works on Windows, Mac, iOS and Android Platform without any issue. BoxCryptor allows you to secure your data in any Cloud Storage service you are using like Dropbox, SkyDrive, Google Drive or any other cloud storage provider. BoxCryptor uses the AES-256 standard to encrypt and protect your files. AES-256 is classified by the U.S. Government to protect “TOP SECRET” information. In the Unlimited versions you can add an additional security layer by filename encryption.

 


Boxcryptor is a Free for non-commercial use software which works on Windows, Mac, iOS and Android Platform without any issue. BoxCryptor allows you to secure your data in any Cloud Storage service you are using like Dropbox, SkyDrive, Google Drive or any other cloud storage provider. BoxCryptor uses the AES-256 standard to encrypt and protect your files. AES-256 is classified by the U.S. Government to protect “TOP SECRET” information. In the Unlimited versions you can add an additional security layer by filename encryption.
Read more at http://technokarak.com/top-five-software-to-secure-and-encrypt-cloud-storage.html#mJyAuIiMbrZVhrES.99

 Download Link :

https://www.boxcryptor.com/download/

 

 DataLocker :

                       is another tool which can be used to secure your cloud storage. It is very easy to use and doesn’t require a great deal of technical ability to sync all of your Dropbox files. It has got very simple interface in which you just have to drag and drop the files and encryption and decryption process is very simple. It uses a 256 key bit for both cryptographic processors and offers high level of security to the data.



Boxcryptor is a Free for non-commercial use software which works on Windows, Mac, iOS and Android Platform without any issue. BoxCryptor allows you to secure your data in any Cloud Storage service you are using like Dropbox, SkyDrive, Google Drive or any other cloud storage provider. BoxCryptor uses the AES-256 standard to encrypt and protect your files. AES-256 is classified by the U.S. Government to protect “TOP SECRET” information. In the Unlimited versions you can add an additional security layer by filename encryption.
Read more at http://technokarak.com/top-five-software-to-secure-and-encrypt-cloud-storage.html#mJyAuIiMbrZVhrES.99

 



Download Link :

http://www.appsense.com/products/appsense-labs/datanow-vault/

 

Cloudfogger :

                         is software which lets you encrypt your data on your local disk before you upload it to the Cloud Storage. This ensures that none of the Cloud storage service lets access to your data. Cloudfogger uses AES (Advanced Encryption Standard) with 256 bit key to carry out the encryption and decryption procedure of the cryptography. Cloudfogger can be used for almost all the Cloud services like Dropbox, SkyDrive, Google Drive and others also




Download Link :

http://www.cloudfogger.com/download/Cloudfogger_Setup.exe


Viivo :

           lets you Cloud in Confidence with free, easy Cloud file encryption services for Dropbox. The best part is, if you know how to use Dropbox, you already know how to encrypt files using Viivo! Start enjoying the benefits of free Cloud security right away.Viivo is a tool which is especially made to secure content in Dropbox and it works prefect in all the devices like Mac, PC, Windows, iOS, Android. It is freely available for non-commercial use

 



Download Link :

http://www.viivo.com/products/


Cryptsync :

                 offers different but useful functionality. With the help of Cryptsync you can manage two folders containing the same content, one has the normal files which you are using and other folder contains the encrypted format of those files. Now suppose you have to put important data on Cloud Storage and want it to be private, in this case CryptSync work perfectly fine as you can upload the encrypted folder with all password protect files on the Cloud Storage. Both the folders remains always in sync which means that if some modifications happens in one folder than it will be reflected in other also.



Download Link : 

http://code.google.com/p/cryptsync/downloads/list


Thanks ,


RRN Technologies

Monday, November 18, 2013

SSL / TLS Certificate Validation / Checker Tools

 SSL / TLS Certificate Validation / Checker Tools :


                                                    Http clear-text protocol is normally secured via an SSL or TLS tunnel, resulting in https traffic. In addition to providing encryption of data in transit, https allows the identification of servers (and, optionally, of clients) by means of digital certificates.

 

 

SSL Testing Criteria :

Large number of available cipher suites and quick progress in cryptoanalysis makes judging a SSL server a non-trivial task. These criteria are widely recognised as minimum checklist:
  • SSLv2, due to known weaknesses in protocol design 
  • SSLv3, due to known weaknesses in protocol design 
  • Compression, due to known weaknesses in protocol design 
  • Cipher suites with symmetric encryption algorithm smaller than 112 bits
  • X.509 certificates with RSA key smaller than 2048 bits
  • X.509 certificates with DSA key smaller than 2048 bits
  • X.509 certificates signed using MD5 hash, due to known collision attacks on this hash
  • TLS Renegotiation vulnerability 
The following standards can be used as reference while assessing SSL servers:
  • NIST SP 800-52 recommends U.S. federal systems to use at least TLS 1.0 with ciphersuites based on RSA or DSA key agreement with ephemeral Diffie-Hellman, 3DES or AES for confidentality and SHA1 for integrity protection. NIST SP 800-52 specifically disallows non-FIPS compliant algorithms like RC4 and MD5. An exception is U.S. federal systems making connections to outside servers, where these algorithms can be used in SSL client mode.
  • PCI-DSS v1.2 in point 4.1 requires compliant parties to use "strong cryptography" without precisely defining key lengths and algorithms. Common interpretation, partially based on previous versions of the standard, is that at least 128 bit key cipher, no export strength algorithms and no SSLv2 should be used.
  • SSL Server Rating Guide has been proposed to standardize SSL server assessment and currently is in draft version.
SSL Server Database can be used to assess configuration of publicly available SSL servers based on SSL Rating Guide.

SSLDigger v1.02 :

                       is a tool to assess the strength of SSL servers by testing the ciphers supported. Some of these ciphers are known to be insecure


System Requirements:

Windows .NET Framework (can be installed using Windows Update)

 Download Link :

http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-tools/ssldigger.aspx

SSLAudit :

             is a tool that verifies SSL certificate and supported protocols/ciphers of a SSL-enabled webserver.

 

            It is open source and is easily modified to support new protocols and ciphers as they become available, the result is graded and it runs both on Linux and Windows. 

Download Link :

 https://code.google.com/p/sslaudit/downloads/list

 Online Tools :


Qualys SSL Lab :

                      Free online service performs a deep analysis of the configuration of any SSL web server on the public Internet.

 

URL : https://www.ssllabs.com/ssltest/

 

Symantec SSL Tool :

https://ssltools.websecurity.symantec.com/checker/views/certCheck.jsp


GeoCerts SSL Checker :

https://www.geocerts.com/ssl_checker


SSL Shopper :

             will help you diagnose problems with your SSL certificate installation. You can verify the SSL certificate on your web server to make sure it  is correctly installed, valid, trusted and doesn't give any errors to any of your users. To use the SSL Checker, simply enter your server's hostname (must be public) in the box below and click the Check SSL button.

 http://www.sslshopper.com/ssl-checker.html

 

 

 

Thursday, November 14, 2013

WebSurgery v1.1 - Web Application Security Testing Tool

WebSurgery:

               is a suite of tools for security testing of web applications. It was designed for security auditors to help them with web application planning and exploitation.





Sunrise Technologies is proudly announces WebSurgery v1.1!

WebSurgery is a suite of tools for security testing of web applications. It is designed to address the ongoing needs of security auditors so to facilitate them with web application planning and exploitation. Suite currently contains a spectrum of efficient, fast and stable web tools
(Crawler, Bruteforcer, Fuzzer, Proxy, Editor) and some extra functionality tools (Scripting Filters, List Generator, External Proxy).


Tools Features
====

- Crawler
                Crawler is designed to be fast, accurate, stable and completely parameterized using advanced techniques to extract links from HTML, CSS, Javascript and AJAX.

- Bruteforcer
                Bruteforcer for files and directories within the web application which helps to identify the hidden structure.

- Fuzzer
                Fuzzer is a highly advanced tool to create a number of requests based on one initial request. Can be used to exploit (Blind) SQL Injections, Cross Site Scripting (XSS), Denial of Service (DOS), Bruteforce for Username / Password Authentication Login Forms and identification of
Improper Input Handling and Firewall / Filtering Rules.

- Proxy
                Proxy is a server running locally and will allow you to analyze, intercept and manipulate HTTP/HTTPS requests coming from your browser or other application which support proxies.

- Editor
                Advanced ASCII/HEX Editor to manipulate individual requests.

Extra
====
- Scripting Filters
                Advanced Scripting Filters to filter specific requests / responses with support of regular expressions and large number of variables.

- List Generator
                List Generator for different list types (File, Charset, Numbers, Dates, IP Addresses, Custom) with additional rules support.

- External Proxy
                External Proxy redirects suite's traffic to another HTTP/SOCKS proxy.
               

Youtube Tutorials :

 

 


               
Download & Documentation
======================
http://sunrisetech.gr/?page=websurgery&tab=download

Thursday, October 17, 2013

Xenotix XSS Exploit Framework V4.5 Released - OWASP

Xenotix XSS Exploit Framework By OWASP:

                            is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and
WAF Bypass. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.








V4.5 Additions
==========
JavaScript Beautifier
Pause and Resume support for Scan
Jump to Payload
Cookie Support for POST Request
Cookie Support and Custom Headers for Header Scanner
Added TRACE method Support
Improved Interface
Better Proxy Support
WAF Fingerprinting
Load Files <exploitation module>
Hash Calculator
Hash Detector

 OWASP Xenotix XSS Exploit Framework V4 :

Youtube Videos :



Download Link : http://opensecurity.in/downloads/Xenotix_XSS_Exploit_Framework_v4.5.rar

Mirror Link : https://www.dropbox.com/s/j6fajc73zz0dgje/Xenotix_XSS_Exploit_Framework_v4.5.rar

Tuesday, October 8, 2013

Best Web Application security assessment and exploitation Tool ( Open Source / Freeware )

Web Application Exploiter (WAppEx) v2.0 :

                                                       is an integrated Web Application security assessment and exploitation platform designed with the whole spectrum of security professionals to web application hobbyists in mind. It suggests a security assessment model which revolves around an extensible exploit database. Further, it complements the power with various tools required to perform all stages of a web application attack.

 



                                          WAppEx
is also equipped with a penetration testing toolbox that makes an effective synergy with the Exploit Database and a crafty security expert. The provided tools include Manual Request, Exploit Editor, Dork Finder, Hidden File Checker… More tools, such as a crawler, a multi-purpose fuzzer… are to be added to the arsenal in the future releases of WAppEx.
Still, keep your eyes peeled as this is just the beginning of a new, powerful war machine in the pentest battleground.



The full list features is as below:

  • An exploit database covering a wide range of vulnerabilities.
  • A set of tools useful for penetration testing:
    • Manual Request
    • Dork Finder
    • Exploit Editor
    • Hidden File Checker
    • Neighbor Site Finder
    • Find Login Page
    • Online Hash Cracker
    • Encoder/Decoder
  • Execute multiple instances of one or more exploits simultaneously.
  • Execute multiple instances of one or more payloads (for every running exploit) simultaneously.
  • Test a list of target URL’s against a number of selected exploits.
  • Allows you to create your own exploits and payloads and share them online.
  • A number of featured exploits (6) and payloads (39) bundled within the software exploit database:
    • Testing and exploiting of Local File Inclusion vulnerabilities
    • Testing and exploiting of Local File Disclosure vulnerabilities
    • Testing and exploiting of Remote File Inclusion vulnerabilities
    • Testing and exploiting of SQL Injection vulnerabilities
    • Testing and exploiting of Remote Command Execution Inclusion vulnerabilities
    • Testing and exploiting of Server-side Code Injection vulnerabilities
     

Demo Video's : http://itsecteam.com/products/web-application-exploiter-wappex/#tabset-tab-7

Download Link : http://itsecteam.com/products/web-application-exploiter-wappex/#tabset-tab-2

 

 W3AF ( Web Application Attack and Audit Framework) :

                           w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.

  

 

 

                         The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. w3af to identify more than 200 vulnerabilities and reduce your site’s overall risk exposure. Identify vulnerabilities like SQL Injection, Cross-Site Scripting, Guessable credentials, Unhandled application errors and PHP misconfigurations.


Documentation : http://w3af.org/howtos/understanding-the-basics

Videos : http://w3af.org/videos & http://w3af.org/take-a-tour

Download Tool : http://w3af.org/download or http://sourceforge.net/projects/w3af/


 WebSurgery : 

                      is a suite of tools for security testing of web applications. It was designed for security auditors to help them with web application planning and exploitation.

 

 

                    It currently contains a spectrum of efficient, fast and stable tools such as Web Crawler with the embedded File/ Dir Brute forcer, Fuzzer (for advanced exploitation of known and unusual vulnerabilities such as SQL Injections, Cross site scripting (XSS)), Brute force (for login forms and identification of firewall-filtered rules, DOS Attacks) and WEB Proxy (to analyze, intercept and manipulate the traffic between your browser and the target web application).

Download : http://sunrisetech.gr/?page=websurgery&tab=download



Arachni : 

                  is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. 

 

 


                   It is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives.

                   It is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform.

               

Download Link : http://www.arachni-scanner.com/download/

 

Vega :

           is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.






      

                         Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities. Vega can be extended using a powerful API in the language of the web: Javascript. 

YouTube Videos :



Features :

  • Cross Site Scripting (XSS)
  • SQL Injection
  • Directory Traversal
  • URL Injection
  • Error Detection
  • File Uploads
  • Sensitive Data Discovery

 Download Link : http://www.subgraph.com/vega_download.php


WebSploit :

                   is an open source project which is used to scan and analysis remote system
in order to find various type of vulnerabilities. This tool is very powerful
and support multiple vulnerabilities.

 


 


Description :

[+]Autopwn - Used From Metasploit For Scan and Exploit Target Service
[+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin
[+]format infector - inject reverse & bind payload into file format
[+]phpmyadmin - Search Target phpmyadmin login page
[+]lfi - Scan,Bypass local file inclusion Vulnerability & can be bypass some WAF
[+]apache users - search server username directory (if use from apache webserver)
[+]Dir Bruter - brute target directory with wordlist
[+]admin finder - search admin & login page of target
[+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks
[+]MITM - Man In The Middle Attack
[+]Java Applet Attack - Java Signed Applet Attack
[+]MFOD Attack Vector - Middle Finger Of Doom Attack Vector
[+]USB Infection Attack - Create Executable Backdoor For Infect USB For Windows
[+]ARP DOS - ARP Cache Denial Of Service Attack With Random MAC
[+]Web Killer Attack - Down Your WebSite On Network(TCPKILL)
[+]Fake Update Attack - Create Fake Update Page For Target OS
[+]Fake Access point Attack - Create Fake AP & Sniff Victims Information



 


Download Link : http://sourceforge.net/projects/websploit/files/


Thanks,


RRN Technologies Team.

        

Monday, October 7, 2013

Best Network / Browser Exploitation Framework Tools

Metasploit:

                   a tool for developing and executing exploit code against a remote target machine. Metasploit Framework was completely rewritten in the Ruby programming language.



                   It helps security and IT professionals identify security issues, verify vulnerability mitigations and manage expert-driven security assessments.



Metasploit Framework

The basic steps for exploiting a system using the Framework include:
  1. Choosing and configuring an exploit (code that enters a target system by taking advantage of one of its bugs; about 900 different exploits for Windows, Unix/Linux and Mac OS X systems are included);
  2. Optionally checking whether the intended target system is susceptible to the chosen exploit;
  3. Choosing and configuring a payload (code that will be executed on the target system upon successful entry; for instance, a remote shell or a VNC server);
  4. Choosing the encoding technique so that the intrusion-prevention system (IPS) ignores the encoded payload;
  5. Executing the exploit.

    Download Link :http://www.rapid7.com/products/metasploit/editions-and-features.jsp

    Or

    https://github.com/rapid7/metasploit-framework




 

Armitage :

               is a graphical cyber attack management tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced capabilities of the framework.

 

                Advanced users will find Armitage valuable for managing remote Metasploit instances and collaboration.




Armitage's red team collaboration features allow your team to use the same sessions, share data, and communicate through one Metasploit instance.


YouTube : 


Download Link : http://www.fastandeasyhacking.com/download


Yersinia :

               is a network tool designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.

           
               Yersinia is a tool for performing layer 2 attacks, helping the pen-tester in his daily work checking the robustness of layer 2 protocols configuration.



                Attacks for the following network protocols are implemented (but of course you are free for implementing new ones):
  • Spanning Tree Protocol (STP)
  • Cisco Discovery Protocol (CDP)
  • Dynamic Trunking Protocol (DTP)
  • Dynamic Host Configuration Protocol (DHCP)
  • Hot Standby Router Protocol (HSRP)
  • IEEE 802.1Q
  • IEEE 802.1X
  • Inter-Switch Link Protocol (ISL)
  • VLAN Trunking Protocol (VTP)

 Download Link : http://sourceforge.net/projects/yersinia/files/latest/download



Or



https://github.com/tomac/yersinia


BeEF ( Browser Exploitation Framework ) :

                                       It is a penetration testing tool that focuses on the web browser. It allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. 

 


                                     BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.

 

 



Thanks,

RRN Technologies Team.







Saturday, October 5, 2013

Open Source / Freeware Network Intrusion Prevention / Detection System (IDS/IPS)

Snort :

                 is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and nearly 400,000 registered users, Snort has become the de facto standard for IPS.



 Download Link : http://www.snort.org/snort-downloads

BASE ( Basic Analysis and Security Engine ) :

                       It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.




                       BASE is a web interface to perform analysis of intrusions that snort has detected on your network. It uses a user authentication and role-base system, so that you as the security admin can decide what and how much information each user can see. It also has a simple to use, web-based setup program for people not comfortable with editing files directly.

Download Link : http://sourceforge.net/projects/secureideas/files/


OSSEC ( Open Source SECurity ) :

                                                       is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

                                                       It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows.







                                                       Check out OSSEC features and how it works for more information about how OSSEC can help you solve your host-based security problem.

Download Link : http://www.ossec.net/?page_id=19


Suricata :

                 is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.






                       Open Information Security Foundation (OISF) is a non-profit foundation organized to build a next generation IDS/IPS engine. The OISF has formed a multi-national group of the leading software developers in the security industry. In addition to developers and a consortium consisting of leading cyber security companies, OISF has engaged the open source security community to identify current and future IDS/IPS needs and desires.

Download Link : http://suricata-ids.org/download/


Prelude-IDS :

                     is a Universal "Security Information & Event Management" (SIEM) system. Prelude collects, normalizes, sorts, aggregates, correlates and reports all security-related events independently of the product brand or license giving rise to such events; Prelude is "agentless".




                             As well as being capable of recovering any type of log (system logs, syslog, flat files, etc.), Prelude benefits from a native support with a number of systems dedicated to enriching information even further (snort, samhain, ossec, auditd, etc.).


Download Link : https://www.prelude-ids.org/projects/prelude/files



Bro IDS :


                   is a powerful network analysis framework that is much different from the typical IDS you may know.









Download Link : http://www.bro.org/download/index.html


EasyIDS :


                   is an easy to install intrusion detection system based upon Snort. EasyIDS is designed for the network security beginner with minimal Linux experience. EasyIDS includes CentOS linux, Snort, Barnyard, mysql, BASE, ntop, arpwatch, and more.






                   open source Intrusion Detection System distribution based upon Snort, EasyIDS takes the pain and frustration out of deploying an Intrusion Detection Systems. Designed for the network security beginner with minimal Linux experience, EasyIDS can convert almost any industry standard x86 computer into a fully-functioning Intrusion Detection System in as little as 15 minutes. EasyIDS lowers deployment and maintenance costs for network security without compromising functionality or performance.


Download Link : http://sourceforge.net/projects/easyids/files/

Sentry tools :


                           provide host-level security services for the Unix platform. PortSentry, Logcheck/LogSentry, and HostSentry protect against portscans, automate log file auditing, and detect suspicious login activity on a continuous basis.



Download Link : http://sourceforge.net/projects/sentrytools/files/latest/download





Smooth-Sec ( IDS/IPS Linux distribution ) :

                       is a lightweight and fully-ready IDS/IPS (Intrusion Detection/Prevention System) Linux distribution based on Debian 7 (wheezy), available for 32 and 64 bit architecture. The distribution includes the latest version of Snorby, Snort, Suricata, PulledPork and Pigsty. An easy setup process allows to deploy a complete IDS/IPS System within minutes, even for security beginners with minimal Linux experience. Join the community, share your experiences, tips and ideas.



Download Link : http://sourceforge.net/projects/smoothsec/files/latest/download

 Thanks,

RRN Technologies Team.