Showing posts with label download. Show all posts
Showing posts with label download. Show all posts

Sunday, September 15, 2019

Threat Hunting Tool - Bro (Zeek) Network Security Monitor

Bro (Zeek) - Threat Hunting Tool:

A powerful framework for network traffic analysis and security monitoring.Bro is a passive, open-source network traffic analyzer. It is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Bro supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting.



Note that "Zeek" is the new name of what used to be known as the "Bro" network security monitoring system.


Key Features

  • In-depth Analysis Zeek ships with analyzers for many protocols, enabling high-level semantic analysis at the application layer.
  • Adaptable and Flexible Zeek's domain-specific scripting language enables site-specific monitoring policies and means that it is not restricted to any particular detection approach.
  • Efficient Zeek targets high-performance networks and is used operationally at a variety of large sites.
  • Highly Stateful Zeek keeps extensive application-layer state about the network it monitors and provides a high-level archive of a network's activity.
 Download Link :

https://www.zeek.org/download/index.html

Thursday, December 20, 2012

Android Application Vulnerability / Security Assessment Tools & Framework

Android Security Evaluation Framework (ASEF) :
                                               performs this analysis while alerting you about other possible issues. It will make you aware of unusual activities of your apps, will expose vulnerable components and help narrow down suspicious apps for further manual research. The framework will take a set of apps (either pre-installed on a device or as individual APK files) and migrate them to the test suite where it will run it through test cycles on a pre-configured Android Virtual Device (AVD).

                            ASEF is a Open Source Project to perform security analysis of Android Apps by various security measures                         

                            ASEF is an Open Source tool for scanning Android Devices for security evaluation. Users will gain access to security aspects of android apps by using this tool with its default settings. An advanced user can fine-tune this, expand upon this idea by easily integrating more test scenarios, or even find patterns out of the data it already collects. ASEF will provide automated application testing and facilitate a plug and play kind of environment to keep up with the dynamic field of Android Security.

YouTude Videos :

Demo : Running ASEF to test all installed android apps from an android device on an Android Virtual Device



Short Demo : Running ASEF to test all installed android apps from an android device on an another physical android device

 

Download Link : Android Security Evaluation Framework


Tools :

Mercury v1.1 Tool - 

                              bug hunters to find vulnerabilities & write proof-of-concept exploits in Android Application. Simple called as Android Apps Vulnerability Scanner. 

 

                            Mercury is a framework for exploring the Android platform; to find vulnerabilities and share proof-of-concept exploits.

                         Mercury allows you to assume the role of a low-privileged Android app, and to interact with both other apps and the system.
  • Use dynamic analysis on Android applications and devices for quicker security assessments
  • Share publicly known methods of exploitation on Android and proof-of-concept exploits for applications and devices
  • Write custom tests and exploits, using the easy extensions interface
Mercury allows you to:
  1. Interact with the 4 IPC endpoints - activities, broadcast receivers, content providers and services
  2. Use a proper shell that allows you to play with the underlying Linux OS from the point of view of an unprivileged application (you will be amazed at how much you can still see)
  3. Find information on installed packages with optional search filters to allow for better control
  4. Built-in commands that can check application attack vectors on installed applications
  5. Transfer files between the Android device and your computer
  6. Create new modules to exploit your latest finding on Android, and playing with those that others have found
                For those of you interested in vulnerabilities in vendor products, the new version is the start of a collection of these in a framework. The first privilege escalation was included, allowing the escalation to root from Mercury’s unprivileged context. A module was created to check for vulnerabilities in content providers discovered on Samsung devices.

Sample results of running this module on a vulnerable version of the Samsung Galaxy SII is shown below:


Running this on the Samsung Galaxy SIII yields the following:

                               

Security consultants Sample Testing :

                  The first set of vulnerabilities found by the MWR team was done manually by reviewing the AndroidManifest.xml of each package on the phone. With Mercury, a combination of the attacksurface command and the the info command in each section will get you the same results in a tenth of the time. If you are interested in looking for common problems on devices, the scanner modules will be of interest to you. As an example, this is scanner.provider.sqlinjection finding SQL injection flaws in default content providers on an Android 4.0.3 Emulator.



                        Don’t get too excited, these SQL injection vulnerabilities don’t lead to any serious information disclosure, but you get the idea right? Don’t just look at content provider problems because these tools are available. Content providers are the tip of the iceberg! Ask us questions or bounce ideas. Create new modules with Mercury. Go forth and innovate!

   Download Link : Mercury v1.1

 

 





Wednesday, December 12, 2012

ScoopyNG - VMware detection tool

ScoopyNG:
             combines the detection tricks of Scoopy Doo and Jerry as well as some new techniques to determine if a current OS is running inside a VMware Virtual Machine (VM) or on a native system.

ScoopyNG should work on all modern uni-, multi- and multi-core cpu's.




ScoopyNG is able to detect VMware even if "anti-detection-mechanisms" are deployed.

Download : 
                 Windows Version: ScoopyNG v1.0

Wednesday, August 15, 2012

Live CD - OWASP - Open Web Application Security Project

OWASP :

Open Web Application Security Project is a worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. 

 OWASP Live CD project was originally started to update the previous OWASP Live CD 2007.

OWASP Live CD installed to a physical or virtual hard drive (VMware) is available and work continues on making other versions of the project available including a bootable USB, portable VM installation, an installation for the Asus Eee PC. These are either downloadable files or instructions on how to create the alternate delivery mechanisms.

OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. Tools and documents are organized into the following categories:
  • PROTECT - These are tools and documents that can be used to guard against security-related design and implementation flaws.
  • DETECT - These are tools and documents that can be used to find security-related design and implementation flaws.
  • LIFE CYCLE - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC).





Video Tutorial : http://www.youtube.com/user/AppsecTutorialSeries

OWASP Live CD Download Link : Web Testing Environment (WTE) ISO

Username : owasp / Password  : owasp

OWASP Live CD VMWare Image Download Link : OWASP-livecd.vmx

Thanks to RRN Technologies Team

Thursday, May 31, 2012

MaxPatrol Network Security Scanner - Positive Technologies

MaxPatrol - Network & Web Application Security Testing Tool:

       
MaxPatrol Core Features:

Web-server and Web Application structure analysis.

        MaxPatrol analyzes the structure of Web Applications to determine
        weaknesses and potential vulnerabilities in both the Web Server
        Configuration and the Web Application. Discovers available web server
        technologies. Inspects the HTTP version banners and looks for
        vulnerable products and other..
 
  


Intelligent recognition of vulnerabilities in known web-server scripts.

    Automatically detects web vulnerabilities:

        - SQL injection
        - Blind SQL injection
        - Cross Site Scripting
        - UTF-7 Cross Site Scripting
        - HTTP Response Splitting
        - Code execution
        - File inclusion
        - Directory traversal
        - Input validation
        - Authentication attacks
          (brute force login/password and etc)
        - Script source code disclosure
        - Discovers directories with weak permissions
          (finds directory listings and etc)
        - Looks for common files,
          back-up files, logs or directories

Detection of vulnerabilities arising from configuration errors including
    cases of unprotected authorization, revealing of information by services,
    etc.
 

 


 
Download Link: Maxpatrol
 
 
Freeware Tools:   Click Here