A powerful framework for network traffic analysis and security monitoring.Bro is a passive, open-source network traffic analyzer. It is
primarily a security monitor that inspects all traffic on a link in
depth for signs of suspicious activity. More generally, however,
Bro supports a wide range of traffic analysis tasks even outside of
the security domain, including performance measurements and helping
with trouble-shooting.
Note that "Zeek" is the
new name of what used to be known as the "Bro" network security monitoring system.
Key Features
In-depth Analysis
Zeek ships with analyzers for many protocols, enabling high-level semantic
analysis at the application layer.
Adaptable and Flexible
Zeek's domain-specific scripting language enables site-specific monitoring
policies and means that it is not restricted to any particular detection
approach.
Efficient
Zeek targets high-performance networks and is used operationally at a variety
of large sites.
Highly Stateful
Zeek keeps extensive application-layer state about the network it monitors
and provides a high-level archive of a network's activity.
Android Security Evaluation Framework (ASEF) :
performs this analysis
while alerting you about other possible issues. It will make you aware
of unusual activities of your apps, will expose vulnerable components
and help narrow down suspicious apps for further manual research. The
framework will take a set of apps (either pre-installed on a device or
as individual APK files) and migrate them to the test suite where it
will run it through test cycles on a pre-configured Android Virtual
Device (AVD).
ASEF is a Open Source Project to perform security analysis of Android Apps by various security measures
ASEF is an Open Source tool for scanning Android Devices for security
evaluation. Users will gain access to security aspects of android apps
by using this tool with its default settings. An advanced user can
fine-tune this, expand upon this idea by easily integrating more test
scenarios, or even find patterns out of the data it already collects.
ASEF will provide automated application testing and facilitate a plug
and play kind of environment to keep up with the dynamic field of
Android Security.
YouTude Videos :
Demo : Running ASEF to test all installed android apps from an android device on an Android Virtual Device
Short Demo : Running ASEF to test all installed android apps from an android device on an another physical android device
bug hunters to find vulnerabilities & write proof-of-concept exploits in Android Application. Simple called as Android Apps Vulnerability Scanner.
Mercury is a framework for exploring the Android platform; to find vulnerabilities and share proof-of-concept exploits.
Mercury allows you to assume the role of a low-privileged Android app, and to interact with both other apps and the system.
Use dynamic analysis on Android applications and devices for quicker security assessments
Share publicly known methods of exploitation on Android and proof-of-concept exploits for applications and devices
Write custom tests and exploits, using the easy extensions interface
Mercury allows you to:
Interact with the 4 IPC endpoints - activities, broadcast receivers, content providers and services
Use a proper shell that allows you to play with the underlying
Linux OS from the point of view of an unprivileged application (you will
be amazed at how much you can still see)
Find information on installed packages with optional search filters to allow for better control
Built-in commands that can check application attack vectors on installed applications
Transfer files between the Android device and your computer
Create new modules to exploit your latest finding on Android, and playing with those that others have found
For those of you interested in vulnerabilities in vendor products, the
new version is the start of a collection of these in a framework. The
first privilege escalation was included, allowing the escalation to root
from Mercury’s unprivileged context. A module was created to check for
vulnerabilities in content providers discovered on Samsung devices.
Sample results of running this module on a vulnerable version of the Samsung Galaxy SII is shown below:
Running this on the Samsung Galaxy SIII yields the following:
Security consultants Sample Testing :
The first set of vulnerabilities found by the MWR team was done manually by reviewing the AndroidManifest.xml of each package on the phone. With Mercury, a combination of the attacksurface command and the the info
command in each section will get you the same results in a tenth of the
time. If you are interested in looking for common problems on devices,
the scanner modules will be of interest to you. As an example, this is scanner.provider.sqlinjection finding SQL injection flaws in default content providers on an Android 4.0.3 Emulator.
Don’t get too excited, these SQL injection
vulnerabilities don’t lead to any serious information disclosure, but
you get the idea right? Don’t just look at content provider problems
because these tools are available. Content providers are the tip of the
iceberg! Ask us questions or bounce ideas. Create new modules with
Mercury. Go forth and innovate!
ScoopyNG:
combines the detection tricks of Scoopy Doo and Jerry as well as some new techniques
to determine if a current OS is running inside a VMware Virtual Machine (VM) or on a native system.
ScoopyNG should work on all modern uni-, multi- and multi-core cpu's.
Open Web Application Security Project is a worldwide not-for-profit charitable organization focused on improving
the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.
OWASP Live CD project was originally started to update the previous OWASP Live CD 2007.
OWASP Live CD installed to a physical or virtual hard drive (VMware) is available
and work continues on making other versions of the project available
including a bootable USB, portable VM installation, an installation for
the Asus Eee PC. These are either downloadable files or instructions on
how to create the alternate delivery mechanisms.
OWASP project leaders are responsible for defining the vision,
roadmap, and tasks for the project. The project leader also promotes the
project and builds the team. Tools and documents are organized into the
following categories:
PROTECT - These are tools and documents that can be used to guard against security-related design and implementation flaws.
DETECT - These are tools and documents that can be used to find security-related design and implementation flaws.
LIFE CYCLE - These are tools and documents that can be
used to add security-related activities into the Software Development
Life Cycle (SDLC).
MaxPatrol - Network & Web Application Security Testing Tool:
MaxPatrol Core Features:
Web-server and Web Application structure analysis.
MaxPatrol analyzes the structure of Web Applications to determine
weaknesses and potential vulnerabilities in both the Web Server
Configuration and the Web Application. Discovers available web server
technologies. Inspects the HTTP version banners and looks for
vulnerable products and other..
Intelligent recognition of vulnerabilities in known web-server scripts.
Automatically detects web vulnerabilities:
- SQL injection
- Blind SQL injection
- Cross Site Scripting
- UTF-7 Cross Site Scripting
- HTTP Response Splitting
- Code execution
- File inclusion
- Directory traversal
- Input validation
- Authentication attacks
(brute force login/password and etc)
- Script source code disclosure
- Discovers directories with weak permissions
(finds directory listings and etc)
- Looks for common files,
back-up files, logs or directories
Detection of vulnerabilities arising from configuration errors including
cases of unprotected authorization, revealing of information by services,
etc.
