Showing posts with label open source. Show all posts
Showing posts with label open source. Show all posts

Thursday, September 26, 2019

DocBleach - Content Disarm and Reconstruction(CDR) - Open Source tool

DocBleach:

              is an advanced Content Disarm and Reconstruction open source software. Its objective is to remove misbehaving dynamic content from your Office files, or everything that could be a threat to the safety of your computer.




                                    DocBleach allows you to sanitize your Word, Excel, PowerPoint, PDF, ... documents. This repository contains the DocBleach Web API, packaged as a docker service. Two clicks and you'll feel safer.


Let's assume your job involves working with files from external sources, for instance reading resumes from unknown applicants. You receive for example a .doc file, your anti-virus doesn't detect it as harmful, and you decide to open it anyway. You get infected. You can use DocBleach to sanitize this document: chances are you don't get infected, because the dynamic content isn't run.

Howto's

To build DocBleach, use Maven:
$ mvn clean package
...
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 10.696 s
[INFO] Finished at: 2016-12-19T17:36:10+01:00
[INFO] Final Memory: 29M/234M
[INFO] ------------------------------------------------------------------------


The final jar is stored in cli/target/docbleach.jar.
To use DocBleach, you may either use the Web Interface or run it in CLI:
java -jar docbleach.jar -in unsafe_document.doc -out safe_doc.doc
The input file may be a relative/absolute path, an URI (think: http:// link), or a dash (-).
The output file may be a relative/absolute path, or a dash (-).
If a dash is given, the input will be taken from stdin, and the output will be sent to stdout.
DocBleach's information (removed threats, errors, ...) are sent to stderr.

Download Link :

https://github.com/docbleach/DocBleach.git
https://github.com/docbleach/DocBleach-Web
 

DocBleach - Online ( Hosted in OVH )

Sanitizes a potentially dangerous file (Office Document, PDF), by removing macros and other active contents.

Friendly reminder: do NOT post sensitive documents here, unless you trust this page owner.


Online Link : https://www.docbleach.ovh/
 

Tuesday, August 20, 2019

Malicious Software Removal Tool / Safety Scanner - Microsoft


Malicious Software Removal Tool (MSRT) :

                                                                 helps keep Windows computers free from prevalent malware. MSRT finds and removes threats and reverses the changes made by these threats. MSRT is generally released monthly as part of Windows Update or as a standalone tool available here for download.



Use this tool:
  • If you have automatic updates for Windows turned off. Windows Update automatically downloads and runs MSRT in the background.
  • If you suspect an infection from prevalent malware families
  • To complement your antimalware product.

MSRT targets prevalent malware families only.

Download Link :

https://www.microsoft.com/en-us/download/details.aspx?id=16

Microsoft Safety Scanner:


is a scan tool designed to find and remove malware from Windows computers. Simply download it and run a scan to find malware and try to reverse changes made by identified threats.


Safety Scanner only scans when manually triggered and is available for use 10 days after being downloaded. We recommend that you always download the latest version of this tool before each scan.

Download 

Tuesday, January 22, 2019

Open-Sourced Remote Vulnerability Testing Framework - Pocsuite

Pocsuite:

                 is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec 404 Team.


It comes with a powerful proof-of-concept engine, many niche features for the ultimate penetration testers and security researchers.

Features

  • PoC scripts can running with `attack`,`verify`, `shell` mode in different way
  • Plugin ecosystem
  • Dynamic loading PoC script from any where (local file, redis , database, Seebug ...)
  • Load multi-target from any where (CIDR, local file, redis , database, Zoomeye ...)
  • Results can be easily exported
  • Dynamic patch and hook requests
  • Both command line tool and python package import to use
  • IPV6 support
  • Global HTTP/HTTPS/SOCKS proxy support
  • Simple spider API for PoC script to use
  • Integrate with [Seebug](https://www.seebug.org) (for load PoC from Seebug website)
  • Integrate with [ZoomEye](https://www.zoomeye.org) (for load target from ZoomEye `Dork`)
  • Integrate with [Ceye](http://ceye.io/) (for verify blind DNS and HTTP request)
  • More ...

Functions

Vulnerability Testing Framework

Written in Python and supported both validation and exploitation two plugin-invoked modes, Pocsuite could import batch targets from files and test those targets against multiple exploit-plugins in advance.(See "Pocsuite usage"

PoC/Exp Development Kit

Like Metasploit, it is a development kit for pentesters to develope their own exploits. Based on Pocsuite, you can write the most core code of PoC/Exp without caring about the resulting output etc. There are at least several hundred people writing PoC/Exp based on Pocsuite up to date.

Integratable Module

Users could utilize some auxiliary modules packaged in Pocsuite to extend their exploit functions or integrate Pocsuite to develop other vulnerability assesment tools.

Integrated ZoomEye And Seebug APIs

Pocsuite is also an extremely useful tool to integrate Seebug and ZoomEye APIs in a collaborative way. Vulnerablity assessment can be done automatically and effectively by searching targets through ZoomEye and acquiring PoC scripts from Seebug or locally.

Installation

pocsuite3 works out of the box with Python version 3.x on any platform.
You can use Git to clone the latest source code repository

    $ git clone git@github.com:knownsec/pocsuite3.git
 
Or click here to download the latest source zip package, and extract

    $ wget https://github.com/knownsec/pocsuite3/archive/master.zip
    $ unzip master.zip
    $ cd Pocsuite
    $ python cli.py --version
 
 
 
Or use pip

    $ pip install pocsuite
    $ pocsuite --version

More Videos : https://asciinema.org/a/133345

Download / Ref Link :

https://github.com/knownsec/Pocsuite
https://pocsuite.org/index-en.html

Sunday, January 13, 2019

GUI Based Snort Rule Creator / Maker - SNORPY

SNORPY:

                        A Simple GUI / Web Based Snort Rule Creator / Maker for Building Simple Snort Rules.

Snorpy is a simple Snort rule creator / builder / maker made originally with python but I made the most recent version with Node and jquery.




#Install
  1. Install nodejs
  2. Download repo
  3. Unzip the file name node_modules.zip
  4. cd /to/the/path/of/app.js
  5. run the following command: "node app.js"
Should be that easy.

Video Ref : https://vimeo.com/182794567

Download Link : https://github.com/chrisjd20/Snorpy

Online Play : http://snorpy.com/

Monday, September 17, 2018

Free / Open Source Compromise Assessment Tools

OTX ( Open Threat Exchange ):

 

                                     AlienVault provides OTX Endpoint Threat Hunter and its free, fast, and simple.


AlienVault threat hunting service delivers as much threat intelligence power as OTX Endpoint Threat Hunter. It is the Open & free service that natively uses the community-powered threat intelligence of OTX to scan your endpoints for known indicators of compromise (IOCs).

OTX Endpoint Threat Hunter uses the same agent-based approach as expensive endpoint security tools and DIY open source agents without the expense, complexity, or guesswork. 


How It Works
  • OTX Endpoint Threat Hunter is available to any registered Open Threat Exchange (OTX) user. It’s free to join OTX.
  • To get started, download and install the AlienVault® Agent on the Windows or Linux devices you want to monitor. The AlienVault Agent is immediately ready to find threats.
  • You can launch a query on any endpoint from OTX by selecting a pre-defined query that looks for IOCs in one or more OTX pulses.
  • Once launched, the AlienVault Agent executes the query, and the results of the query display on a summary page within OTX.


CERTitude:

 

       is a Python-based tool which aims at assessing the compromised perimeter during incident response assignments. It allows analysts to perform large scale scans of Windows-based information systems by searching for behavioral patterns described in IOC (Indicator of Compromise) files. The tool is currently composed of two main components:
  • The Python Flask-based web interface, used to configure the scans and visualize their results;
  • The scanner that connects to remote targets and runs the search for IOCs.
CERTitude is an open-source tool developed by the CERT-Wavestone. It is brought to you freely, but user support is only provided on a best-effort basis.

Compatibility

CERTitude is compatible with a wide range of target Windows operating systems, from XP / 2003 to Windows 10 / Server 2016. Though CERTitude can be run from a Linux host, it is only fully supported on Windows as some features may not be implemented on Linux.

Features:

  • Ability to scan hosts in a way that prevents the target workstation from knowing what the investigator is searching for
  • Ability to retrieve some pieces of data from the hosts
  • Multiple scanner instances (for IOCs and/or hash scans) can be run at the same time for parallel scanning
  • Built with security considerations in mind (protected database, secure communications with hosts using IPSec)


 

 


Monday, September 10, 2018

Free and open-source threat intelligence Feeds / Tools / Frameworks

GOSINT:
              framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs).

GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence.

Applying threat intelligence to security operations enriches alert data with additional confidence, context, and co-occurrence. This means that you apply research from third parties to security event data to identify similar, or identical, indicators of malicious behavior. The framework is written in Go with a JavaScript frontend.



 Download Link : https://github.com/ciscocsirt/gosint / https://gosint.readthedocs.io/en/latest/index.html

Threatfeeds.io:

                           It's a another Free and open-source threat intelligence feeds.


Ref Link : https://threatfeeds.io/

Yeti:
       is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. Yeti will also automatically enrich observables (e.g. resolve domains, geolocate IPs) so that you don't have to. Yeti provides an interface for humans (shiny Bootstrap-based UI) and one for machines (web API) so that your other tools can talk nicely to it.  


Quick install (the command we all love)
$ curl https://raw.githubusercontent.com/yeti-platform/yeti/master/extras/ubuntu_bootstrap.sh | sudo /bin/bash 

 Ref Link : https://yeti-platform.github.io/

TC ( Threat Connect ) Open: 

                                     is a completely free way for individual researchers to get started with threat intelligence. TC Open allows you to see and share open source threat data, with support and validation from our free community.



  • Access to 100+ open source intelligence feeds (OSINT)
  • Access to threat, incident, and adversary data
  • Ability to collaborate or consume active and historic indicators, incidents, and threats
  • Validate your findings with peers in the ThreatConnect Common Community
ThreatConnect wants as many cyber professionals to get into the habit of sharing threat data and intelligence with one another as possible. Together, we are much stronger and more likely to thwart adversaries. We created TC Open to be a completely free, non-threatening way to get started. It is perfect for individual researchers who are just starting and experienced professionals, alike.

Request Link : https://www.threatconnect.com/free/



Friday, February 13, 2015

Open Source DoS/DDoS Analyzer / Mitigation Tool

FastNetMon:
           - high performance DoS/DDoS analyzer with sflow/mirror support and load analyzer builded on top of PF_RING.





FastNetMon - high performance DoS/DDoS and netflowk load analyzer builded on top of multiple packet capture engines (PF_RING, sFLOW, Netflow, PCAP).

What we do? We can detect hosts in our own network with big amount of packets per second/bytes per second or flow per second incoming or outgoing from certain host. And we can call external script which can send notify, switch off server or blackhole this client.
 

Features:
+ Can process incoming and outgoing traffic
+ Can trigger block script if certain IP load network with big amount of packets per second
+ Can trigger block script if certain IP load network with big amount of bytes per second
+ Can trigger block script if certain IP load network with big amount of flows per second
+ VLAN untagging
+ MPLS traffic processing
+ L2TP decapsulation of nested packets
+ PF_RING ZC/DNA support (wire speed processing on tens of MPPS but need license)
+ Can process sFLOW v5
+ Can work on mirror/SPAN ports
+ Can work on server/soft-router
+ Can detect DoS/DDoS in 1-2 seconds
+ Tested up to 10GE with 5-6 Mpps on Intel i7 2600 with Intel Nic 82599

Download Link : https://github.com/FastVPSEestiOu/fastnetmon


DDOSMON:
                  is a network analysis platform which is designed to find anomalous network patterns such as DDoS attacks and act on them automatically. It can do this either by directly sniffing or acting on netflow data export streams.

It is used by a few hosting providers and datacenters.




Program that uses low level linux packet sniffing in incoming network traffic for monitoring possible network attacks and reacting to them by alerting and triggering user defined self defence mechanisms.
With a ncurses interface you can monitor network traffic live and watch recent events. Logs are saved to log folder, any ddos attack detection send an email to the user.
It can classify following attacks:
  • SYN Flood
  • UDP Flood
  • ICMP Flood
Any other attack with massive amount of traffic or packet would still be detected.





Download Link : https://github.com/edubart/ddosmon

or

https://bitbucket.org/tortoiselabs/ddosmon/overview



Wednesday, September 25, 2013

Kvasir By Cisco - Web-Based Open Source Penetration Testing Tool

Kvasir : ( Penetration Test Data Management )

            is a web2py application and can be installed for each customer or task. This design keeps data separated and from you accidentally attacking or reviewing other customers. 

             This tool was developed primarily for the Cisco Systems Advanced Services Security Posture Assessment (SPA) team. While not every method used by the SPA team may directly relate we hope that this tool is something that can be molded and adapted to fit almost any working scenario.

                Kvasir is a vulnerability / penetration testing data management system designed to help mitigate the issues found when performing team-based assessments. Kvasir does this by homogenizing data sources into a pre-defined structure. Currently the following sources are supported:
 
Kvasir is here to help you with. Here's what you'll need to get started:
  • The latest version of web2py (http://www.web2py.com/)
  • A database (PostgreSQL known to work)
  • A network vulnerability scanner (Nexpose/Nmap supported)
  • Additional python libraries




                                Kvasir is a web-based application with its goal to assist “at-a-glance” penetration testing. Disparate information sources such as vulnerability scanners, exploitation frameworks, and other tools are homogenized into a unified database structure. This allows security testers to accurately view the data and make good decisions on the next attack steps.

                               Multiple testers can work together on the same data allowing them to share important collected information. There’s nothing worse than seeing an account name pass by and finding out your co-worker cracked it two days ago but didn’t find anything “important” so it was never fully documented.
 

Supported Data Sources:


 At current release, Kvasir directly supports the following tools:

There are obviously some gaps here but these are the primary tools we use. Support for scanners such as Nessus, QualysGuard, SAINT, and others are in various stages of development already, just not completed at this time.

Snapshot :

                               Initial screen of Kvasir shows two bar graphs detailing the distribution of vulnerabilities based on severity level count and host/severity count as well as additional statistical data:




                          Kvasir’s Host Listing page displays details such as services, vulnerability counts, operating systems, assigned groups, and engineers:.

                          
                              Kvasir supports importing exploit data from Nexpose (Exploit Database and Metasploit) and CANVAS. Link to exploits from vulnerabilities and CVE assignments are made so you can get an immediate glance at what hosts/services have exploitable vulnerabilities:


                           Host detail page provides an immediate overview of valuable information such as services, vulnerability mapping, user accounts, and notes, all shared between testing engineers:





                      
                              Of course as you collect user accounts and passwords it’s nice to be able to correlate them to hosts, services, hashes and hash types, and sources:




Source code / Download is available now at https://github.com/KvasirSecurity/Kvasir


Thanks ,

RRN Technologies Team.

Wednesday, July 27, 2011

Open Source Live-CD for Computer Forensic



PlainSight :
is a versatile computer forensics environment that allows inexperienced forensic practitioners perform common tasks using powerful open source tools.

We have taken the best open source forensic/security tools, customised them, and combined them with an intuitive user interface to create an incredibly powerful forensic environment.

Download Link : Click Here

********************************************************************************

DEFT 6 :
is based on Lubuntu with Kernel 2.6.35 (Linux side) and DEFT Extra 3.0 (Windows side) with the best freeware Computer Forensic tools; it is a new concept of Computer Forensic live system, ewflib ready, that use WINE for run Windows Computer Forensics tools under Linux.


DEFT live-cd for incident-response & corporate/gov forensics and a DEFT-based persistent environment for acquisition-analysis within the inhouse forensic lab.

Download Link : Click here

**********************************************************************************

Tuesday, July 26, 2011

Open Source network firewall


NetDefender :
is a Free Firewall with source code, which can be downloaded along with firewall executables. Netdefender works on windows 2000 and windows XP.

Requirements :

1. Netdefender can only run on an OS higher than windows 2000 (i.e. Win 2000, Win Xp I hope Vista would not break anything)
2. User must has admin rights (i.e. must be member of administrator group ) on the system.

Download Link : Click here

***********************************************************************************
Shorewall :
is a gateway/firewall configuration tool for GNU/Linux.



Download Link : Click here

************************************************************************************

Zorp
is a new generation proxy firewall suite and as such its core architecture is built around today's security demands: it uses application level proxies, it is modular and component based, it uses a script language to describe policy decisions, it makes it possible to monitor encrypted traffic, it let's you override client actions, it let's you protect your servers with its built in IDS capabilities... The list is endless. It gives you all the power you need to implement your local security policy.


Download Link : Click here

***********************************************************************************
Ufw :

stands for Uncomplicated Firewall, and is program for managing a netfilter firewall. It provides a command line interface and aims to be uncomplicated and easy to use.

Download Link : Click here

Thanks

chandru


Friday, July 22, 2011

Open Source web security Testing Tools

Watcher

Watcher Security Testing
Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as operational configuration issues. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads (potential XSS), cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more.






Wapiti

Wapiti Security TestingFile Handling Errors (Local and remote include/require, fopen, readfile...)Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. Capable of handling following. Wapiti supports Database Injection, XSS Injection, LDAP Injection, Command Execution detection, CRLF Injection and many others.



WebSecurify

WebSecurifyWebsecurify is an integrated web security testing environment, which can be used to identify web vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The platform is designed to perform automated as well as manual vulnerability tests and it is constantly improved and fine-tuned by a team of world class web application security penetration testers and the feedback from an active open source community. WebSecurify supports SQL Injection, Local and Remote File Include, Cross Site Scripting/Request Forgery, Information Disclousre Problems, Session Security Problems to name a few among many others.





Nikto2

NiktoNikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.



Skipfish

SkipFishSkipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

SQL, PHP, Command, XML/XPath Injection along with String/Integer vulnerabilities, Directory/File intrusions, Script/CSS vulnerabilities, Password/MIME types vulnerabilities, SSL/HTTP/HTML Forms realted vulnerabilities, Failed Website Resource vulnerabilities are very few of the vulnerabilities to mention that Skipfish can address among other host of features.


Ettercap

EttercapEttercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks.
It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. It supports Linux, Mac, Windows, Solairs platforms with easy installation.






Flawfinder

FlawfinderFlawfinder searches through C/C++ source code looking for potential security flaws. Flawfinder is designed in Pyton and produces a list of ‘‘hits’’ (potential security flaws), sorted by risk; the riskiest hits are shownfirst. The risk level is shown inside square brackets and varies from 0, very little risk, to 5, great risk. This risk level depends not only on the function, but on the values of the parameters of the function. For example, constant strings are often less risky than fully variable strings in many contexts, and in those contexts the hit will have a lower risk level







Honeyd

HoneydHoneyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems. Honeyd enables a single host to claim multiple addresses. Honeyd improves cyber security by providing mechanisms for threat detection and assessment. It also deters adversaries by hiding real systems in the middle of virtual systems.






Wireshark

WiresharkWireshark, formerly known as Ethereal, is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Wireshark supports Multi-platform and runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others. Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility.






BFBTester

BFBT Tester
BFBTester is good for doing quick, proactive security checks of binary programs. BFBTester will perform checks of single and multiple argument command line overflows and environment variable overflows. It can also watch for tempfile creation activity to alert the user of any programs using unsafe tempfile names.




By


chandru

Tuesday, July 19, 2011

Open Source Network Monitoring Tools

OpenNMS


180px OpenNMSLogo open source network monitoring tools


www.opennms.org



Features



  • Event Management and Notifications

  • Discovery and Provisioning

  • Service Monitoring

  • Data Collection

  • Additional Features


I checked out the demo it looks pretty decent


Hyperic



logo combo open source network monitoring tools







Hyperic’s web infrastructure monitoring and management software automates and streamlines data center operations. HQ helps you reduce operations workload, increase your company’s IT management maturity level, and drive improvements in availability and infrastructure health.


Hyperic offers two versions of its flagship HQ product:



  • Hyperic HQ – Hyperic’s open source offering is licensed under GNU GPL v2.




  • HQ Enterprise – Hyperic’s industrial strength enterprise offering has all the capabilities of the open source version, plus advanced automation and control features for managing web applications at scale. HQ Enterprise is available as a free trial for download from Hyperic under a Commercial License. The enterprise trial is limited to 50 managed platforms, and typically expires within 30 to 45 days.