Showing posts with label penetration testing. Show all posts
Showing posts with label penetration testing. Show all posts

Wednesday, September 25, 2013

Kvasir By Cisco - Web-Based Open Source Penetration Testing Tool

Kvasir : ( Penetration Test Data Management )

            is a web2py application and can be installed for each customer or task. This design keeps data separated and from you accidentally attacking or reviewing other customers. 

             This tool was developed primarily for the Cisco Systems Advanced Services Security Posture Assessment (SPA) team. While not every method used by the SPA team may directly relate we hope that this tool is something that can be molded and adapted to fit almost any working scenario.

                Kvasir is a vulnerability / penetration testing data management system designed to help mitigate the issues found when performing team-based assessments. Kvasir does this by homogenizing data sources into a pre-defined structure. Currently the following sources are supported:
 
Kvasir is here to help you with. Here's what you'll need to get started:
  • The latest version of web2py (http://www.web2py.com/)
  • A database (PostgreSQL known to work)
  • A network vulnerability scanner (Nexpose/Nmap supported)
  • Additional python libraries




                                Kvasir is a web-based application with its goal to assist “at-a-glance” penetration testing. Disparate information sources such as vulnerability scanners, exploitation frameworks, and other tools are homogenized into a unified database structure. This allows security testers to accurately view the data and make good decisions on the next attack steps.

                               Multiple testers can work together on the same data allowing them to share important collected information. There’s nothing worse than seeing an account name pass by and finding out your co-worker cracked it two days ago but didn’t find anything “important” so it was never fully documented.
 

Supported Data Sources:


 At current release, Kvasir directly supports the following tools:

There are obviously some gaps here but these are the primary tools we use. Support for scanners such as Nessus, QualysGuard, SAINT, and others are in various stages of development already, just not completed at this time.

Snapshot :

                               Initial screen of Kvasir shows two bar graphs detailing the distribution of vulnerabilities based on severity level count and host/severity count as well as additional statistical data:




                          Kvasir’s Host Listing page displays details such as services, vulnerability counts, operating systems, assigned groups, and engineers:.

                          
                              Kvasir supports importing exploit data from Nexpose (Exploit Database and Metasploit) and CANVAS. Link to exploits from vulnerabilities and CVE assignments are made so you can get an immediate glance at what hosts/services have exploitable vulnerabilities:


                           Host detail page provides an immediate overview of valuable information such as services, vulnerability mapping, user accounts, and notes, all shared between testing engineers:





                      
                              Of course as you collect user accounts and passwords it’s nice to be able to correlate them to hosts, services, hashes and hash types, and sources:




Source code / Download is available now at https://github.com/KvasirSecurity/Kvasir


Thanks ,

RRN Technologies Team.

Tuesday, August 14, 2012

Backtrack 5 R3 released - Penetration Testing Tool

BackTrack 5 :

BackTrack is an Ubuntu-based distribution with a collection of security and forensics tools. It was created by merging Auditor Security Linux with WHAX (formerly Whoppix)..





The BackTrack Development team will be releasing an R3 revision of our Penetration Testing distribution in 2 weeks. This release focuses on bugfixes and over 50 new tool additions ΓÇô making it the most potent revision yet. We have released a BT5 R3 preview in BlackHat Vegas for the enjoyment of conference attendees, which can be found in their delegate bags.  The DVD contains a BT5 R3 Gnome, 32 bit edition ΓÇô burnt as an ISO (as opposed to an image). We will be taking in our last bug reports and tool suggestions from the BH / Defcon crowds for our upcoming official release, which will be on August 13th, 2012. Current BT5 users can simply upgrade to the latest release using the regular update commands. More details will be released along with the full listing of new tools on the 13th of August. We hope you enjoy this fine release as much as we do!

You Tube : http://www.youtube.com/watch?v=Qb0orNRte9E

     Home Page          http://www.backtrack-linux.org/

Documentation http://www.backtrack-linux.org/wiki/
http://www.backtrack-linux.org/tutorials/


Download Mirrors http://www.backtrack-linux.org/downloads/


Download BackTrack 5 R3 release via torrent

BT5R3-GNOME-64.torrent (md5: 8cd98b693ce542b671edecaed48ab06d)
BT5R3-GNOME-32.torrent (md5: aafff8ff5b71fdb6fccdded49a6541a0)
BT5R3-KDE-64.torrent (md5: 981b897b7fdf34fb1431ba84fe93249f)
BT5R3-KDE-32.torrent (md5: d324687fb891e695089745d461268576)
BT5R3-GNOME-32-VM.torrent (md5: bca6d3862c661b615a374d7ef61252c5)
 
Thanks To RRN Information Security Team.

Monday, June 11, 2012

Armitage - Network Penetration Testing Tool

                             makes Network penetration testing easy by GUI of Metasploit Framework.






                                         It was developed by Raphael Mudge. This tool helps to reduce the time and also gives a good understanding of Metasploit to various security professionals. The major advantages of using this tool are that it recommends the exploits, has advanced post-exploitation features, and is a very good visualization of the targets.



                                          We can scan a particular target or import data from other security scanners, which can then be used in Armitage for further attacks. The following is a list of a few security scanners file formats which are supported currently for adding the hosts to Armitage:
  • Acunetix XML
  • Amap Log
  • Amap Log -m
  • Appscan XML
  • Burp Session XML
  • Foundstone XML
  • IP360 ASPL
  • IP360 XML v3
  • Microsoft Baseline Security Analyzer
  • Nessus NBE
  • Nessus XML (v1 and v2)
  • NetSparker XML
  • NeXpose Simple XML
  • NeXpose XML Report
  • Nmap XML
  • OpenVAS Report
  • Qualys Asset XML
  • Qualys Scan XML
  • Retina XML


Armitage Document Manual : Click Here

Armitage Tutorial Video's & Snapshots: Click Here

Armitage Download : Click Here