FireEye - GoCrack Password Cracking tool

FireEye - GoCrack Tool

                           FireEye's Innovation and Custom Engineering (ICE) team released a tool called GoCrack that allows red teams to efficiently manage password cracking tasks across multiple GPU servers by providing an easy-to-use, web-based real-time UI (Below Figure shows the dashboard) to create, view, and manage tasks. Simply deploy a GoCrack server along with a worker on every GPU/CPU capable machine and the system will automatically distribute tasks across those GPU/CPU machines.

GoCrack provides APIs to manage password cracking tasks across supported cracking engines.

Prerequisites

• Linux (Ubuntu 16.04+ although other distributions may work) or MacOS
• Computer(s) with NVIDIA or AMD GPUs

Some use cases for a password cracking tool can include cracking passwords on exfil archives, auditing password requirements in internal tools, and offensive/defensive operations. We’re releasing GoCrack to provide another tool for distributed teams to have in their arsenal for managing password cracking and recovery tasks.

Keeping in mind the sensitivity of passwords, GoCrack includes an entitlement-based system that prevents users from accessing task data unless they are the original creator or they grant additional users to the task. Modifications to a task, viewing of cracked passwords, downloading a task file, and other sensitive actions are logged and available for auditing by administrators. Engine files (files used by the cracking engine) such as Dictionaries, Mangling Rules, etc. can be uploaded as “Shared”, which allows other users to use them in task yet do not grant them the ability to download or edit. This allows for sensitive dictionaries to be used without enabling their contents to be viewed.

GoCrack is shipping with support for hashcat v3.6+, requires no external database server (via a flat file), and includes support for both LDAP and database backed authentication. In the future, we plan on adding support for MySQL and Postgres database engines for larger deployments, ability to manage and edit files in the UI, automatic task expiration, and greater configuration of the hashcat engine. We’re shipping with Dockerfile’s to help jumpstart users with GoCrack. The server component can run on any Linux server with Docker installed. Users with NVIDIA GPUs can use NVIDIA Docker to run the worker in a container with full access to the GPUs.

GoCrack is available immediately for download along with its source code on the project's GitHub page. If you have any feature requests, questions, or bug reports, please file an issue in GitHub.

 Ref Link : https://github.com/fireeye/gocrack

Best / Open Source Wordpress Vulnerability Scanner

WPScan :

                 is a black box WordPress vulnerability scanner.

WPScan comes pre-installed on the following Linux distributions:

• BackBox Linux
• Kali Linux
• Pentoo
• SamuraiWTF
• ArchAssault

Prerequisites:

• Ruby >= 1.9.2 - Recommended: 2.2.1
• Curl >= 7.21 - Recommended: latest - FYI the 7.29 has a segfault
• RubyGems - Recommended: latest
• Git

 Download Link : https://github.com/wpscanteam/wpscan

Flunym0us :

                   is a Vulnerability Scanner for Wordpress and Moodle.

                 Flunym0us has been developed in Python. Flunym0us performs dictionary attacks against Web sites. By default, Flunym0us includes a dictionary for Wordpress and other for Moodle.


Flunym0us requires python.

Arguments allowed:

-h, --help: Show this help message and exit

-wp, --wordpress: Scan WordPress site

-mo, --moodle: Scan Moodle site

-H HOST, --host HOST: Website to be scanned

Download Link : https://code.google.com/p/flunym0us/downloads/list

 Timthumb :

                Vulnerability Scanner plugin will scan your entire wp-content directory for instances of any outdated and insecure version of the timthumb script, and give you the option to automatically upgrade them with a single click. Doing so will protect you from hackers looking to exploit this particular vulnerability.

            Scans your wp-content directory for vulnerable instances of timthumb.php, and optionally upgrades them to a safe version.

Download Link : https://downloads.wordpress.org/plugin/timthumb-vulnerability-scanner.zip

 Vane :

          is a GPL fork of the now non-free popular WordPress vulnerability scanner WPScan.

Prerequisites

• Windows not supported
• Ruby => 1.9
• RubyGems
• Git

Download Link : https://github.com/delvelabs/vane

WordPress Security Scan

                           Online WordPress Security Scanner to test vulnerabilities of a WordPress installation. Checks include application security, WordPress plugins, hosting environment and web server.

Online URL : http://hackertarget.com/wordpress-security-scan/

 

Best / Open Source Tools for Security / Network Monitoring

Nagios:

              is a powerful monitoring system that enables organizations to identify and resolve IT infrastructure problems before they affect critical business processes. 

              

             Nagios is a powerful, enterprise-class host, service, application, and network monitoring program. Designed to be fast, flexible, and rock-solid stable. Nagios runs on *NIX hosts and can monitor Windows, Linux/Unix/BSD, Netware, and network devices.

             Designed with scalability and flexibility in mind, Nagios gives you the peace of mind that comes from knowing your organization's business processes won't be affected by unknown outages.

             Nagios is a powerful tool that provides you with instant awareness of your organization's mission-critical IT infrastructure. Nagios allows you to detect and repair problems and mitigate future issues before they affect end-users and customers.

Download Link : http://sourceforge.net/projects/nagios/

or

http://www.nagios.org/download/

 

OpenSMART :

Open (Source|System) Monitoring and Reporting Tool, can do that for you.

OpenSMART is a rich featured monitoring and reporting tool, including:

• easy to use web frontend
• many predefined checks for application and system monitoring
• abiltiy to monitor HA cluster applications
• notification of administrators by email / SMS or anything else you can script
• collection and ad-hoc reporting of many system figures like disk space or CPU consumption
• many checks for application monitoring report their response time, too

OpenSMART saves its data (monitoring data and reporting data) in a database. This enables you to

• get your SLA reporting data from your database
• get your monthly/weekly/daily performance data from your database
• do trend analyses with your response times.

 Download Link : http://opensmart.sourceforge.net/index.php/downloads

 Icinga :

               is an enterprise grade open source monitoring system which keeps watch over networks and any conceivable network resource, notifies the user of errors and recoveries and generates performance data for reporting. Scalable and extensible, Icinga can monitor complex, large environments across dispersed locations.

Features

• Monitor host and service status
• View the whole network and map dependencies
• Gather performance and utilization data
• Build in redundancy with distributed monitoring
• Customize multiple users access, notifications and views

Download Link : https://www.icinga.org/download/

or

http://sourceforge.net/projects/icinga/

 

 Cacti :

              is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices.

 

               Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and  populate them with data in a MySQL database. The frontend is completely PHP driven.

 

Download Link : http://www.cacti.net/download_cacti.php

or 

http://sourceforge.net/projects/cacti/

NeDi :

         is a lightwheight network management framework, which is based on a scheduled discovery, a SQL backend and a web based user interface.

         NeDi proofs to be a valuable tool for the security team as well. Keep track of wired and wireless clients throughout your entire network. You’ll be able to see IP changes and which hosts have more than one address. The upcoming host identification feature, expands NeDi’s awareness beyond the network layers and can locate vulnerable SSH servers for example…

Download Link : http://www.nedi.ch/download/

or

http://sourceforge.net/projects/nedi/?source=navbar

Observium :

                 is an autodiscovering PHP/MySQL based network monitoring system focused primarily on Cisco and Linux networks but includes support for a wide range of network hardware and operating systems.

                 Observium is an autodiscovering network monitoring platform supporting a wide range of hardware platforms and operating systems including Cisco, Windows, Linux, HP, Juniper, Dell, FreeBSD, Brocade, Netscaler, NetApp and many more. Observium seeks to provide a powerful yet simple and intuitive interface to the health and status of your network.

                 Observium Community is available free and open source. Observium Professional adds rapid patches, security fixes and additional features and hardware support for a small yearly license fee.

Download Link : http://observium.org/wiki/Download

or

http://sourceforge.net/projects/projectobserver/

ZABBIX :

                is an enterprise-class open source distributed monitoring solution designed to monitor and track performance and availability of network servers, devices and other IT resources. It supports distributed and WEB monitoring, auto-discovery, and more.

An enterprise-class distributed monitoring solution for networks & apps

Zabbix Features

•     Monitor Everything
•     Enterprise Ready
•     Proactive Monitoring
•     Capacity Planning
•     True Open Source
•     Business Solutions

Download Link : http://www.zabbix.com/download.php

or

http://sourceforge.net/projects/zabbix/

 

Best / Open Automated and Manual Source Code Analysis Tool - Android

Lint :

        Android lint tool is a static code analysis tool that checks your Android project source files for potential bugs and optimization improvements for correctness, security, performance, usability, accessibility, and internationalization.

     Android Studio, the configured lint and other IDE inspections run automatically whenever you compile your program. You can also manually run inspections in Android Studio by selecting Analyze > Inspect Code from the application or right-click menu. The Specify Inspections Scope dialog appears so you can specify the desired inspection profile and scope.

    lint tool processes the application source files.

You can configure lint checking at different levels:

• Globally, for the entire project
• Per project module
• Per production module
• Per test module
• Per open files
• Per class hierarchy
• Per Version Control System (VCS) scopes

Configuring lint in Android Studio

Android Studio allows you to enable or disable individual inspections and configure project-global, directory-specific, and file-specific settings for lint.
You can manage inspection profiles and configure inspection severity within Android Studio using the File > Settings > Project Settings menu to open the Inspections page with a list of the supported profiles and inspections.

Download Link : http://developer.android.com/sdk/index.html#win-bundle

 Agnitio :

           A tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting.

Features

• Security code reviews
• Security code review metrics and reporting
• Application security code review tool
• Static analysis security guidance and reporting

Download Link : http://sourceforge.net/projects/agnitiotool/files/latest/download

DroidBench :

                       is an open test suite for evaluating the effectiveness of taint-analysis tools specifically for Android apps. The suite can be used to assess both static and dynamic taint analyses, but in particular it contains test cases for interesting static-analysis problems (field sensitivity, object sensitivity, tradeoffs in access-path lengths etc.) as well as for Android-specific challenges like correctly modeling an application’s lifecycle, adequately handling asynchronous callbacks and interacting with the UI.

Version 1.1 comprises the following categories

• Arrays and Lists
• Callbacks
• Field and Object Sensitivity
• Inter-App Communication
• Lifecycle
• General Java
• Miscellaneous Android-Specific
• Implicit Flows
• Reflection

 Download Link : https://github.com/secure-software-engineering/DroidBench

SuSi:

        is a tool for the fully automated classification and categorization of Android framework sources and sinks

       There exist different kinds of sensitive sources and sinks in the area of Android security. For instance, the user’s location information or address book can be treated as a source, while the network connection or the SMS message sending facilities can be seen as sinks. In general, sources and sinks are accessed through specific API methods (e.g, getLastKnownLocation() for the user’s current location).

     SuSi is a tool that automatically generates a list of Android sources and sinks by analyzing the complete Android source code. Our approach is version-independent and can simply be run again when a new Android version is released. This relieves security analysts from having to regularly create new lists of sources and sinks by hand.


Download Link : https://github.com/secure-software-engineering/SuSi

     

DidFail:

            DidFail (Droid Intent Data Flow Analysis for Information Leakage) uses static analysis to detect potential leaks of sensitive information within a set of Android apps. DidFail combines and augments FlowDroid (which identifies intra-component information flows) and Epicc (which identifies properties of intents such as its action string) to track both inter-component and intra-component data flow in a set of Android applications. DidFail's two-phase analysis allows for fast user-response time by using precomputed phase-1 analysis results.

Note:

• This tool is a research prototype. It is not intended for industrial use. 

Download Link : https://www.cs.cmu.edu/~wklieber/didfail/didfail.zip

Androwarn :

                   is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application.

The detection is performed with the static analysis of the application's Dalvik bytecode, represented as Smali.

Download Link : https://github.com/maaaaz/androwarn

FlowDroid – Taint Analysis :

                          FlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications. Unlike many other static-analysis approaches for Android we aim for an analysis with very high recall and precision. To achieve this goal we had to accomplish two main challenges: To increase precision we needed to build an analysis that is context-, flow-, field- and object-sensitive; to increase recall we had to create a complete model of Android’s app lifecycle.

   

                        Our analysis is based on Soot and Heros. FlowDroid uses a very precise callgraph which helps us to ensure flow- and context-sensitivity. Its IFDS-based flow functions guarantee field- and object-sensitivity. Because an accurate and efficient alias search is crucial for context-sensitivity in conjuction with field-sensitivity, we want to highlight this part of our analysis, which is inspired by Andromeda. 

 

Note: soot-infoflow-android is part of FlowDroid, a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications.

 

Download Link : https://github.com/secure-software-engineering/soot-infoflow-android

 

 

Best / Open Risk Assessment / Analysis Tool

CORAS:

               is a method for conducting security risk analysis. Platform for risk analysis of security critical IT systems using UML, based on the CORAS model-based risk assessment methodology. Contains an XML and UML repository, facilitating management and reuse of analysis results.

               CORAS provides a customised language for threat and risk modelling, and comes with detailed guidelines explaining how the language should be used to capture and model relevant information during the various stages of the security analysis. In this respect CORAS is model-based. The Unified Modelling Language (UML) is typically used to model the target of the analysis. For documenting intermediate results, and for presenting the overall conclusions we use special CORAS diagrams which are inspired by UML. The CORAS method provides a computerised tool designed to support documenting, maintaining and reporting analysis results through risk modelling.

Download Link :

http://coras.sourceforge.net/downloads.html

or

http://sourceforge.net/projects/coras/files/latest/download?source=navbar 

Microsoft Security Assessment Tool 4.0:

                                                           is the revised version of the original Microsoft Security Risk Self-Assessment Tool (MSRSAT), released in 2004 and the Microsoft Security Assessment Tool 2.0 released in 2006. Security issues have evolved since 2004 so additional questions and answers were needed to ensure you had a comprehensive toolset to become more aware of the evolving security threat landscape that could impact your organization.

There are two assessments that define the Microsoft Security Assessment Tool:

• Business Risk Profile Assessment
• Defense in Depth Assessment (UPDATED)

Download Link : http://www.microsoft.com/en-in/download/details.aspx?id=12273

PTA (Practical Threat Analysis):

                                     is a risk assessment methodology and a suite of software tools that enable users to find the most beneficial and cost-effective way to secure systems and applications according to their specific functionality and environment. 

Download link : http://www.software.co.il/ptadownload/pta1215.exe

ISO 17799 RAT ( Risk Analysis Toolkit ) :

                           to perform risk analysis based on the ISO 17799 on public or private companies.

This analysis was conducted by questionnaire, from which reports on security policies will be generated to perform in the organization to address the risks identified.

Confidentiality, integrity, availability, authenticity and traceability (accountability): the risks are analyzed in several dimensions. The impact of risk is also analyzed

To address the risks and impact are proposed:

    Safeguards (or countermeasures)

    Safety Standards

    Safety procedures

    Elements backup (back up)

    Disaster Recovery Plans

The motivation for choosing this project has been the lack of free software tools that enable risk management in organizations, especially SMEs can not afford the cost of existing commercial tools on the market.

 Download Link : http://ratiso17799.sourceforge.net/descargas.html

Security Officers Management and Analysis Project (SOMAP):

                              is all about defining security management work methods and supplying Security Officers with tools to do their job more efficient and following standards easily.

Features

• Information Security Risk Management Methodologies and Tools
• Open Risk Model Repository
• Risk Assessment
• Risk Management

Download Link : http://sourceforge.net/projects/somap/files/latest/download?source=navbar

Open Source DoS/DDoS Analyzer / Mitigation Tool

FastNetMon:
           - high performance DoS/DDoS analyzer with sflow/mirror support and load analyzer builded on top of PF_RING.

FastNetMon - high performance DoS/DDoS and netflowk load analyzer builded on top of multiple packet capture engines (PF_RING, sFLOW, Netflow, PCAP).

What we do? We can detect hosts in our own network with big amount of packets per second/bytes per second or flow per second incoming or outgoing from certain host. And we can call external script which can send notify, switch off server or blackhole this client.
 

Features:
+ Can process incoming and outgoing traffic
+ Can trigger block script if certain IP load network with big amount of packets per second
+ Can trigger block script if certain IP load network with big amount of bytes per second
+ Can trigger block script if certain IP load network with big amount of flows per second
+ VLAN untagging
+ MPLS traffic processing
+ L2TP decapsulation of nested packets
+ PF_RING ZC/DNA support (wire speed processing on tens of MPPS but need license)
+ Can process sFLOW v5
+ Can work on mirror/SPAN ports
+ Can work on server/soft-router
+ Can detect DoS/DDoS in 1-2 seconds
+ Tested up to 10GE with 5-6 Mpps on Intel i7 2600 with Intel Nic 82599

Download Link : https://github.com/FastVPSEestiOu/fastnetmon


DDOSMON:
                  is a network analysis platform which is designed to find anomalous network patterns such as DDoS attacks and act on them automatically. It can do this either by directly sniffing or acting on netflow data export streams.

It is used by a few hosting providers and datacenters.

Program that uses low level linux packet sniffing in incoming network traffic for monitoring possible network attacks and reacting to them by alerting and triggering user defined self defence mechanisms.
With a ncurses interface you can monitor network traffic live and watch recent events. Logs are saved to log folder, any ddos attack detection send an email to the user.
It can classify following attacks:

• SYN Flood
• UDP Flood
• ICMP Flood

Any other attack with massive amount of traffic or packet would still be detected.





Download Link : https://github.com/edubart/ddosmon

or

https://bitbucket.org/tortoiselabs/ddosmon/overview

Android App Security / Vulnerability Scanner

Bluebox Security Scanner:

                                        will scan your device to determine:
- If your system is vulnerable or patched to any of the "Fake ID" or "Master Key" security flaws affecting most Android devices
- If your system settings allow 'Untrusted Sources' application installs
- If any installed application on your device is trying to maliciously take advantage of any of the 'Master Key' security flaws.


Further details of the Android "Fake ID" and "Master Key" security flaws are available

Download Link : https://play.google.com/store/apps/details?id=com.bluebox.labs.onerootscanner

 eEye Android Scanner:
                                  eEye Digital Security, the security industry's most trusted name in vulnerability assessment has brought their expertise to your Android phone.
Did you know that more than 80% of employees now use personal smartphones for work-related purposes? Every day these devices access email, games, and work related material
and are unchecked by your businesses' standard vulnerability management processes.
Until now, one of the biggest challenges for consumers and information technology security teams was they inability to determine potential vulnerabilities on their mobile assets as they do their servers and desktops. Watch the video below to see how Retina CS is solving that problem and how users can download the tool for free to check their own devices.
Benefits of Mobile Security in Retina CS to extend the benefits of this free agent:
Retina CS is the first and only product to integrate mobile device assessment and vulnerability management for complete visibility and context on all vulnerabilities ­ so that your team can discover, prioritize, and fix weaknesses quickly.

* Reduce overall IT security risk by extending vulnerability management to your BlackBerry, Android and ActiveSync-managed mobile devices
* Reduce resource demands by automating vulnerability assessment for mobile devices with in-depth scanning.
* Simplify and improve IT security by managing mobile devices and all other assets through a single, Web-based console.
* Gain greater visibility through vulnerability profiles of mobile devices accessing your network.
* Streamline remediation through advanced threat prioritization according to severity of mobile vulnerabilities.Use built-in and custom audits to scan for weaknesses in mobile device hardware, applications, and configurations.
* Report on mobile device vulnerabilities and demonstrate compliance.

Download Link : https://play.google.com/store/apps/details?id=com.eeye.mobile.android

Belarc Security Advisor:

                                     does this by automatically checking your Android tablet or phone for over 400 security vulnerabilities in both the operating system and installed apps, and gives you the result in seconds as to which ones are vulnerable and need to be updated. The Security Advisor also works with all other security apps such as anti-virus and anti-malware apps.

 

 

Download Link : https://play.google.com/store/apps/details?id=com.belarc.securityadvisor

 

Drozer :

          helps to provide confidence that Android apps and devices being developed by, or deployed across, your organisation do not pose an unacceptable level of risk. By allowing you to interact with the Dalvik VM, other apps’ IPC endpoints and the underlying OS. 

Drozer provides tools to help you use and share public exploits for Android. For remote exploits, it can generate shellcode to help you to deploy the drozer Agent as a remote administrator tool, with maximum leverage on the device.

Faster Android Security Assessments

drozer helps to reduce the time taken for Android security assessments by automating the tedious and time-consuming.

• Discover and interact with the attack surface exposed by Android apps.
• Execute dynamic Java-code on a device, to avoid the need to compile and install small test scripts.

 

Download Link : https://www.mwrinfosecurity.com/products/drozer/community-edition/

 

TrustGo Mobile Security :

                                protects you from today's most dangerous malware and viruses PLUS apps that can steal your personal privacy, identity and data. In addition, TrustGo offers "Find My Phone" features including remote location, lock, alarm and "Candid Camera" thief ID (via email), system tools and web browsing security...all in one totally Free package.

 

TrustGo detects and removes all the latest malicious apps and viruses, and is the only security app that protects your privacy and data from High Risk apps that others miss.

 

TrustGo has achieved West Coast Labs’ Checkmark Certification! It is one of the best products in malware detection test by AV-Comparatives

 

Key Features:
• Security Scanner - On-demand or scheduled scans of your mobile phone or tablet and SD card to find and remove viruses, malware, spyware and trojans PLUS risky apps that can steal your data.
• Secure App Search - Our Secure App Finder Engine (SAFE) lets you search and download apps that you know are safe. TrustGo alerts you before downloading bad and risky apps. 

 

Download link :

https://play.google.com/store/apps/details?id=com.trustgo.mobile.security

 PenTest Tools List:

 

             is a list of android apps for penetration testing.IT IS JUST A LIST, DON'T EXPECT ANYTHING MORE THAN THAT (sorry for all caps, but some people expect matrix meets mission impossible... and give a bad rating when their expectations are not met :) )
Please read the description...
Penetration test is used to test security of something. (if that something passes penetration test, there is a higher chance that hacker cant hack into it)

Apps are sorted with Tags.
Features:
Links to Apps on the Play Store.
Links to Apps that are NOT on the Play Store
Links to Source Code of Open Source Apps
Links to App websites.
Links to Google the name of the App or App Package.

 Download Link : https://play.google.com/store/apps/details?id=com.itslap.pentesttools