is a method for conducting security risk
analysis. Platform for risk analysis of security critical IT systems using UML,
based on the CORAS model-based risk assessment methodology. Contains an
XML and UML repository, facilitating management and reuse of analysis
results.
CORAS provides a
customised language for threat and risk modelling, and
comes with detailed guidelines explaining how the language
should be used to capture and model relevant information
during the various stages of the security analysis. In this
respect CORAS is model-based. The Unified Modelling Language
(UML) is typically used to model the target of the
analysis. For documenting intermediate results, and for
presenting the overall conclusions we use special CORAS
diagrams which are inspired by UML. The CORAS method
provides a computerised tool
designed to support
documenting, maintaining and reporting analysis results
through risk modelling.
is the revised version of the
original Microsoft Security Risk Self-Assessment Tool (MSRSAT), released
in 2004 and the Microsoft Security Assessment Tool 2.0 released in
2006. Security issues have evolved since 2004 so additional questions
and answers were needed to ensure you had a comprehensive toolset to
become more aware of the evolving security threat landscape that could
impact your organization.
There are two assessments that define the Microsoft Security Assessment Tool:
Business Risk Profile Assessment
Defense in Depth Assessment (UPDATED)
Download Link : http://www.microsoft.com/en-in/download/details.aspx?id=12273
PTA (Practical Threat Analysis):
is a risk
assessment methodology and a suite of software tools that enable users to find the most
beneficial and cost-effective way to secure systems and
applications according to their specific functionality and environment.
Download link : http://www.software.co.il/ptadownload/pta1215.exe
ISO 17799 RAT ( Risk Analysis Toolkit ) :
to perform risk analysis based on the ISO 17799 on public or private companies.
This analysis was conducted by questionnaire, from which reports on security policies will be generated to perform in the organization to address the risks identified.
Confidentiality, integrity, availability, authenticity and traceability (accountability): the risks are analyzed in several dimensions. The impact of risk is also analyzed
To address the risks and impact are proposed:
Safeguards (or countermeasures)
Safety Standards
Safety procedures
Elements backup (back up)
Disaster Recovery Plans
The motivation for choosing this project has been the lack of free software tools that enable risk management in organizations, especially SMEs can not afford the cost of existing commercial tools on the market.
Download Link : http://ratiso17799.sourceforge.net/descargas.html
Security Officers Management and Analysis Project (SOMAP):
is all about
defining security management work methods and supplying Security
Officers with tools to do their job more efficient and following
standards easily.
Features
Information Security Risk Management Methodologies and Tools
Open Risk Model Repository
Risk Assessment
Risk Management
Download Link : http://sourceforge.net/projects/somap/files/latest/download?source=navbar
FastNetMon:
- high performance DoS/DDoS analyzer with sflow/mirror support and load analyzer builded on top of PF_RING.
FastNetMon - high performance DoS/DDoS and netflowk load analyzer
builded on top of multiple packet capture engines (PF_RING, sFLOW,
Netflow, PCAP).
What we do? We can detect hosts in our own network with big amount of
packets per second/bytes per second or flow per second incoming or
outgoing from certain host. And we can call external script which can
send notify, switch off server or blackhole this client.
Features:
+ Can process incoming and outgoing traffic
+ Can trigger block script if certain IP load network with big amount of packets per second
+ Can trigger block script if certain IP load network with big amount of bytes per second
+ Can trigger block script if certain IP load network with big amount of flows per second
+ VLAN untagging
+ MPLS traffic processing
+ L2TP decapsulation of nested packets
+ PF_RING ZC/DNA support (wire speed processing on tens of MPPS but need license)
+ Can process sFLOW v5
+ Can work on mirror/SPAN ports
+ Can work on server/soft-router
+ Can detect DoS/DDoS in 1-2 seconds
+ Tested up to 10GE with 5-6 Mpps on Intel i7 2600 with Intel Nic 82599
Download Link : https://github.com/FastVPSEestiOu/fastnetmon
DDOSMON:
is a network analysis platform which is designed to find anomalous
network patterns such as DDoS attacks and act on them automatically. It can
do this either by directly sniffing or acting on netflow data export streams.
It is used by a few hosting providers and datacenters.
Program that uses low level linux packet sniffing in incoming network traffic
for monitoring possible network attacks and reacting to them by alerting and
triggering user defined self defence mechanisms.
With a ncurses interface you can monitor network traffic live and watch
recent events. Logs are saved to log folder, any ddos attack detection send
an email to the user.
It can classify following attacks:
SYN Flood
UDP Flood
ICMP Flood
Any other attack with massive amount of traffic or packet would still be detected.
Download Link : https://github.com/edubart/ddosmon
will scan your device to determine: - If your system is vulnerable or patched to any of the "Fake ID" or "Master Key" security flaws affecting most Android devices - If your system settings allow 'Untrusted Sources' application installs - If any installed application on your device is trying to maliciously take advantage of any of the 'Master Key' security flaws.
Further details of the Android "Fake ID" and "Master Key" security flaws are available
Download Link : https://play.google.com/store/apps/details?id=com.bluebox.labs.onerootscanner
eEye Android Scanner:
eEye Digital Security, the security industry's most trusted name in
vulnerability assessment has brought their expertise to your Android
phone.
Did you know that more than 80% of employees now use personal
smartphones for work-related purposes? Every day these devices access
email, games, and work related material and are unchecked by your businesses' standard vulnerability management processes.
Until
now, one of the biggest challenges for consumers and information
technology security teams was they inability to determine potential
vulnerabilities on their mobile assets as they do their servers and
desktops. Watch the video below to see how Retina CS is solving that
problem and how users can download the tool for free to check their own
devices.
Benefits of Mobile Security in Retina CS to extend the benefits of this free agent:
Retina CS is the first and only product to integrate mobile device
assessment and vulnerability management for complete visibility and
context on all vulnerabilities so that your team can discover,
prioritize, and fix weaknesses quickly.
* Reduce overall IT
security risk by extending vulnerability management to your BlackBerry,
Android and ActiveSync-managed mobile devices * Reduce resource demands by automating vulnerability assessment for mobile devices with in-depth scanning. * Simplify and improve IT security by managing mobile devices and all other assets through a single, Web-based console. * Gain greater visibility through vulnerability profiles of mobile devices accessing your network. *
Streamline remediation through advanced threat prioritization according
to severity of mobile vulnerabilities.Use built-in and custom audits to
scan for weaknesses in mobile device hardware, applications, and
configurations. * Report on mobile device vulnerabilities and demonstrate compliance.
Download Link : https://play.google.com/store/apps/details?id=com.eeye.mobile.android
Belarc Security Advisor:
does this by automatically checking your Android tablet or phone for over
400 security vulnerabilities in both the operating system and installed
apps, and gives you the result in seconds as to which ones are
vulnerable and need to be updated. The Security Advisor also works with
all other security apps such as anti-virus and anti-malware apps.
Download Link : https://play.google.com/store/apps/details?id=com.belarc.securityadvisor
Drozer :
helps to provide confidence that Android apps and devices
being developed by, or deployed across, your organisation do not pose an
unacceptable level of risk. By allowing you to interact with the Dalvik
VM, other apps’ IPC endpoints and the underlying OS.
Drozer provides tools to help you use and share public exploits for
Android. For remote exploits, it can generate shellcode to help you to
deploy the drozer Agent as a remote administrator tool, with maximum
leverage on the device.
Faster Android Security Assessments
drozer helps to reduce the time taken for Android security assessments by automating the tedious and time-consuming.
Discover and interact with the attack surface exposed by Android apps.
Execute dynamic Java-code on a device, to avoid the need to compile and install small test scripts.
Download Link : https://www.mwrinfosecurity.com/products/drozer/community-edition/
TrustGo Mobile Security :
protects you from today's most dangerous malware and viruses PLUS
apps that can steal your personal privacy, identity and data. In
addition, TrustGo offers "Find My Phone" features including remote
location, lock, alarm and "Candid Camera" thief ID (via email), system
tools and web browsing security...all in one totally Free package.
TrustGo
detects and removes all the latest malicious apps and viruses, and is
the only security app that protects your privacy and data from High Risk
apps that others miss.
TrustGo has achieved West Coast Labs’
Checkmark Certification! It is one of the best products in malware
detection test by AV-Comparatives
Key Features: • Security Scanner
- On-demand or scheduled scans of your mobile phone or tablet and SD
card to find and remove viruses, malware, spyware and trojans PLUS risky
apps that can steal your data. • Secure App Search - Our
Secure App Finder Engine (SAFE) lets you search and download apps that
you know are safe. TrustGo alerts you before downloading bad and risky
apps.
is a list of android apps for penetration testing.IT IS JUST A LIST,
DON'T EXPECT ANYTHING MORE THAN THAT (sorry for all caps, but some
people expect matrix meets mission impossible... and give a bad rating
when their expectations are not met :) )
Please read the description...
Penetration
test is used to test security of something. (if that something passes
penetration test, there is a higher chance that hacker cant hack into
it)
Apps are sorted with Tags.
Features: Links to Apps on the Play Store. Links to Apps that are NOT on the Play Store Links to Source Code of Open Source Apps Links to App websites. Links to Google the name of the App or App Package.
Download Link : https://play.google.com/store/apps/details?id=com.itslap.pentesttools
A little tool for local and remote file inclusion auditing and exploitation.
Fimap is a little python tool which can find, prepare, audit, exploit
and even google automaticly for local and remote file inclusion bugs in
webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It's currently under heavy development but it's usable.
The goal of fimap is to improve the quality and security of your website.
What works currently?
Check a Single URL, List of URLs, or Google results fully automaticly.
Can identify and exploit file inclusion bugs.
Relative\Absolute Path Handling.
Tries automaticly to eleminate suffixes with Nullbyte and other methods like Dot-Truncation.
Download Link : https://code.google.com/p/fimap/downloads/list
Uniscan:
is a simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner.
Uniscan is a Remote File Include and Local File Include and Remote Command Execution vulnerability scanner.
This tool identify six vulnerability :-
* Blind SQL-Injection
* Remote File Include (RFI)
* Local File Include (LFI)
* Remote Command Execution (RCE)
* Cross-Site Scripting (XSS)
* SQL-Injection (SQL-i)
Download Link : http://sourceforge.net/projects/uniscan/
Darkjumper.py:
This tool will try to find every website that host at the same server at your target
Then check for every vulnerability of each website that host at the same server.
Download Link : http://sourceforge.net/projects/darkjumper/
Simple Local File Inclusion:
Description
The Simple Local File Inclusion Exploiter helps you to exploit LFI
vulnerabilities. After you found one, simply pass the URL of the
affected website and the vulnerable parameter to this tool. You can also
use this tool to scan a parameter of an ULR for a LFI vulnerability.
Usage example
./lfi_sploiter.py –exploit-url=http://www.example.com/page.php?file=main –vulnerable-parameter=file
Usage notes
- Always use http://….
- When you pass a vulnerable parameter, this tool assumes that it is really vulnerable.
- If you do not know if a parameter is vulnerable, simply pass it to this script and let the scanner have a look.
- Only use one vulnerable parameter at once.
- This tool does not work with SEO URLs, such as http://www.example.com/news-about-the-internet/.
- If you only have a SEO URL, try to find out the real URL which contents parameters.
Feature list
- Provides a random user agent for the connection.
- Checks if a connection to the target can be established.
- Tries catch most errors with error handling.
- Contains a LFI scanner (only scans one parameter at once).
- Finds out how a LFI vulnerability can be exploited (e.g. directory depth).
- Supports nullbytes!
- Exploit features: Dumps a list of interesting files to your hard disk.
- Supports common *nix targets, but no Windows systems.
Wireshark:
is a network packet analyzer. A network packet analyzer will try to
capture network packets and tries to display that packet data as detailed as
possible.Wireshark can capture traffic from many different network media types - and
despite its name - including wireless LAN as well. Which media types are
supported, depends on many things like the operating system you are using
Download Link : https://www.wireshark.org/download.html
Capsa:
is the name for a family of packet analyzer developed by Colasoft for network administrators to monitor, troubleshoot and analyze wired & wireless networks. Currently, there are three editions available: Capsa Enterprise Edition, Capsa Professional Edition, and Capsa Free .
Freeware Network Analyzer (Packet Sniffer) for students, teachers, computer geeks and other non-commercial purposes.
Download Link : http://www.colasoft.com/download/products/capsa_free.php
NetworkMiner:
is a Network Forensic Analysis Tool (NFAT) for Windows (but also works in Linux / Mac OS X / FreeBSD).
NetworkMiner can be used as a passive network sniffer/packet
capturing tool in order to detect operating systems, sessions,
hostnames, open ports etc. without putting any traffic on the network.
NetworkMiner can also parse PCAP files for off-line analysis and to
regenerate/reassemble transmitted files and certificates from PCAP
files.
NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows that
can detect the OS, hostname and open ports of network hosts through
packet sniffing or by parsing a PCAP file. NetworkMiner can also extract
transmitted files from network traffic.
Download Link : http://sourceforge.net/projects/networkminer/files/latest/download
SharpPcap:
is a cross-platform packet capture framework for the .NET
environment, based on the famous pcap / WinPcap libraries. It provides
an API for capturing, injecting, analyzing and building packets using
any .NET language such as C# and VB.NET.
Download Link : http://sourceforge.net/projects/sharppcap/files/latest/download
Mobile device forensics :
is directly connected to digital forensics and
can be defined as being the recovery of digital information or data
which is often used for criminal evidence. Mobile Device Forensics by
definition applies only to mobile devices, e.g. tablets, cell phones
etc, but it the term also includes any portable digital device that has
both internal memory and communication abilities such as PDA devices and
also GPS devices.
iPhone Analyzer:
allows you to forensically examine or recover date from
in iOS device. It principally works by importing backups produced by
iTunes or third party software, and providing you with a rich interface
to explore, analyses and recover data in human readable formats. Because
it works from the backup files everything is forensically safe, and no
changes are made to the original data.
Features
Supports iOS 2, iOS 3, iOS 4 and iOS 5 devices
Multi-platform (Java based) product, supported on Linux, Windows and Mac
Fast, powerful search across device including regular expressions
Integrated mapping supports visualisation of geo-tagged information,
including google maps searches, photos, and cell-sites and wifi
locations observed by the device (the infamous "locationd" data)
Integrated support for text messages, voicemail, address book
entries, photos (including metadata), call records and many many others
Recovery of "deleted" sqlite records (records that have been tagged
as deleted, but have not yet been purged by the device can often be
recovered),/li>
Integrated visualisation of plist and sqlite files
Includes support for off-line mapping, supporting mapping on computers not connected to the Internet
Support for KML export and direct export to Google Earth
Browse the device file structure, navigate directly to key files or
explore the device using concepts such as "who", "when", "what" and
"where".
Analyse jail broken device directly over SSH without need for backup (experimental)
BitPim:
is a program that allows you to view and manipulate
data on many CDMA phones from LG, Samsung, Sanyo and other
manufacturers. This includes the PhoneBook, Calendar,
WallPapers, RingTones (functionality varies by phone) and the
Filesystem for most Qualcomm CDMA chipset based phones.
this tool which discusses a crucial aspect of Mobile Device Forensics,
i.e. the recovery of deleted SMS Text Messages. We are not 100% sure if
this tool is publically available and if anyone reading this can help us
locate where to find it we’d been very grateful!.
In examining the MIAT dump of the phone's
filesystem, I found the following interesting items of evidence (note
that these are not intended to be comprehensive):
\Windows\Profiles\guest\ - Contained the Pocket IE
cache, including Cookies, index.dat (which was not extracted due to the
previously specified issue), and Temporary Internet Files
\Windows\Messaging
- Contained various .mbp files which proved to hold the text of
downloaded email messages. There is also an Attachments folder under
this path that may hold downloaded attachments.
\Windows\ActiveSync - Contained various configuration and log files from Activesync
\Windows\Favorites - Contained Favorite links used by Pocket IE
\Application
Data\GoogleMaps - Contained configuration and cache files used by the
installed Google Maps application. These files are all binary, but one
of them, prefsext.dat, contains a variety of strings which match
searches that have been performed and results (street addresses) which
have been returned. Somebody could probably reverse engineer the format
and write a parser for this that would be really useful.
\*.vol
these files contain Embedded databases, which include all of the
phone-related information such as call logs, phone book, appointment
list, etc. I haven't yet found a free application to parse them, but
there's got to be something out there.
I also found a number of
other empty Attachments folders, as well as additional empty Profiles
and Temporary Internet Folders folders. This probably means that these
various locations are implementation dependant.
Download Link : http://www.dfrws.org/2008/proceedings/p121-distefano_pres.pdf
TULP2G:
is a .NET based forensic software framework for extracting and decoding data stored in electronic devices.
“TULP2G is a forensic software framework developed to make it easy to extract and decode data from digital devices.”
Santoku Community Edition: runs in the lightweight Lubuntu Linux distro.
It can be run in VirtualBox (recommended) or VMWare Player, both
available free and run on Linux, Mac or Windows. The Lubuntu download is
large because it is a full .iso. We recommend you download on a fast
connection.
Tools to acquire and analyze data
Firmware flashing tools for multiple manufacturers
Imaging tools for NAND, media cards, and RAM
Free versions of some commercial forensics tools
Useful scripts and utilities specifically designed for mobile forensics
UFED
Physical Analyzer is the most advanced analysis, decoding and reporting
application in the mobile forensic industry. It includes malware
detection, enhanced decoding and reporting functions, project analytics,
timeline graph, exporting data capabilities and much more. - See more
at:
http://www.toolwar.com/2014/04/ufed-physical-analyzer-mobile-forensics.html#sthash.ipUOiqQB.dpuf
UFED Physical Analyzer : is the most advanced analysis, decoding and reporting application in the mobile forensic industry. It includes malware detection, enhanced decoding and reporting functions, project analytics, timeline graph, exporting data capabilities and much more.
UFED
Physical Analyzer is the most advanced analysis, decoding and reporting
application in the mobile forensic industry. It includes malware
detection, enhanced decoding and reporting functions, project analytics,
timeline graph, exporting data capabilities and much more. - See more
at:
http://www.toolwar.com/2014/04/ufed-physical-analyzer-mobile-forensics.html#sthash.ipUOiqQB.dpuf
UFED
Physical Analyzer is the most advanced analysis, decoding and reporting
application in the mobile forensic industry. It includes malware
detection, enhanced decoding and reporting functions, project analytics,
timeline graph, exporting data capabilities and much more. - See more
at:
http://www.toolwar.com/2014/04/ufed-physical-analyzer-mobile-forensics.html#sthash.ipUOiqQB.dpuf
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Mobile Internal Acquisition Tool
Advanced capabilities for:
iOS ::
Bypassing simple and complex passcode while performing physical and file system extraction on selected devices running iOS 3.0 or higher including iOS 6. Real-time decryption and decoding of data, applications, and keychain real-time decryption while revealing user passwords. Advanced decoding of applications.
BlackBerry ::
Advanced decoding of BlackBerry Messenger (BBM), emails, locations, applications and more. Real-time decryption of protected content from selected BlackBerry devices running OS 4+ using a given password.
Android ::
Advanced decoding of all physical extractions performed on devices running any Android versions. Advanced decoding of applications and application files.
GPS ::
Portable GPS devices extraction and decoding. Exclusive – Physical extraction of Tom Tom trip-log files.
Oxygen Forensics Suite (Standard Edition) is a tool that will help you
achieve this. Features include the ability to gather Device Information
(Manufacturer, OS Platform, IMEI, Serial Number, etc.), Contacts,
Messages (Emails, SMS, MMS, etc.) and recovery of deleted messages, Call
Logs, and Calendar and Task information. It also comes with a file
browser which allows you to access and analyse user photos, videos,
documents and device databases.
Bypassing simple and complex passcode while performing physical and file system extraction on selected devices running iOS 3.0 or higher including iOS 6.
Real-time decryption and decoding of data, applications, and keychain real-time decryption while revealing user passwords.
Advanced decoding of applications.
BlackBerry ::
Advanced decoding of BlackBerry Messenger (BBM), emails, locations, applications and more.
Real-time decryption of protected content from selected BlackBerry devices running OS 4+ using a given password.
Android ::
Advanced decoding of all physical extractions performed on devices running any Android versions.
Advanced decoding of applications and application files.
GPS ::
Portable GPS devices extraction and decoding.
Exclusive – Physical extraction of Tom Tom trip-log files.
- See more at: http://www.toolwar.com/2014/04/ufed-physical-analyzer-mobile-forensics.html#sthash.ipUOiqQB.dpuf
SSLAuditor- Version 4 : GUI Utility to audit SSL services
Advantages:
Check all issues on SSL including ciphers, certificates and configuration issues.
Cipher issues: sslv2 support, weak ciphers
Certificate issues: selfsigned, wildcard, expiration, weak certificate key,
Configuration issues: CRIME, , preferred cipher - BEAST, renegotiation, resumption
Flexible input - file, individual or range with multiple ports
Internal timer to adjust according to the response of the server.
Detailed and professional reporting with mitigation procedures for identified issues.
No installer; unzip and click opabinia.exe to start the program.