Monday, October 7, 2013

Best Network / Browser Exploitation Framework Tools

Metasploit:

                   a tool for developing and executing exploit code against a remote target machine. Metasploit Framework was completely rewritten in the Ruby programming language.



                   It helps security and IT professionals identify security issues, verify vulnerability mitigations and manage expert-driven security assessments.



Metasploit Framework

The basic steps for exploiting a system using the Framework include:
  1. Choosing and configuring an exploit (code that enters a target system by taking advantage of one of its bugs; about 900 different exploits for Windows, Unix/Linux and Mac OS X systems are included);
  2. Optionally checking whether the intended target system is susceptible to the chosen exploit;
  3. Choosing and configuring a payload (code that will be executed on the target system upon successful entry; for instance, a remote shell or a VNC server);
  4. Choosing the encoding technique so that the intrusion-prevention system (IPS) ignores the encoded payload;
  5. Executing the exploit.

    Download Link :http://www.rapid7.com/products/metasploit/editions-and-features.jsp

    Or

    https://github.com/rapid7/metasploit-framework




 

Armitage :

               is a graphical cyber attack management tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced capabilities of the framework.

 

                Advanced users will find Armitage valuable for managing remote Metasploit instances and collaboration.




Armitage's red team collaboration features allow your team to use the same sessions, share data, and communicate through one Metasploit instance.


YouTube : 


Download Link : http://www.fastandeasyhacking.com/download


Yersinia :

               is a network tool designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.

           
               Yersinia is a tool for performing layer 2 attacks, helping the pen-tester in his daily work checking the robustness of layer 2 protocols configuration.



                Attacks for the following network protocols are implemented (but of course you are free for implementing new ones):
  • Spanning Tree Protocol (STP)
  • Cisco Discovery Protocol (CDP)
  • Dynamic Trunking Protocol (DTP)
  • Dynamic Host Configuration Protocol (DHCP)
  • Hot Standby Router Protocol (HSRP)
  • IEEE 802.1Q
  • IEEE 802.1X
  • Inter-Switch Link Protocol (ISL)
  • VLAN Trunking Protocol (VTP)

 Download Link : http://sourceforge.net/projects/yersinia/files/latest/download



Or



https://github.com/tomac/yersinia


BeEF ( Browser Exploitation Framework ) :

                                       It is a penetration testing tool that focuses on the web browser. It allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. 

 


                                     BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.

 

 



Thanks,

RRN Technologies Team.







No comments:

Post a Comment