Mobisec - Mobile Application Security Scanning Testing

MobiSec:

             makes mobile application penetration testing more streamlined for the tester, allowing more time to focus on the test objectives and progress, and less on the tools or the testing environment.

                               MobiSec - Live Environment Mobile Testing Framework project is a live environment for testing mobile environments, including devices, applications, and supporting infrastructure. The purpose is to provide attackers and defenders the ability to test their mobile environments to identify design weaknesses and vulnerabilities. The MobiSec Live Environment provides a single environment for testers to leverage the best of all available open source mobile testing tools, as well as the ability to install additional tools and platforms, that will aid the penetration tester through the testing process as the environment is structured and organized based on an industry­‐proven testing framework.
                                       Using a live environment provides penetration testers the  Ability to boot the MobiSec Live Environment on any Intel-­based system from a DVD or USB flash drive, or run the test environment within a virtual machine.


Features:

- Upgraded Ruby to 1.9.2p318 and installed for root account 
- Installed Ubuntu updates via Update Manager 
- Updated Metasploit to rev 15158 - Updated SET to rev 1262 
- Added SecurityCompass AndroidLabs apk to emulators 
- Added SecurityCompass LabServer 
- Updated Android SDK Manager to rev 17 
- Updated Eclipse and Android plugin 
- Updated android-emu.sh script to specify emulator to launch 
- Added Ettercap with GUI - Added SQLMap 
- Added pptpd, tcpick, tshark 
- Added SSLStrip
 - Added DroidBox with Android 2.1 emulator
 - Added iSniff SSL MitM tool for iPhone
 - Added dsniff 
- Added SQLiteSpy 
- Fixed Ruby install 
- Updated BeEF (from github) 
- Fixed install script on desktop 
- Added support for Lorcon2 msf module
 - Added Aircrack-ng and Airgraph-ng 
- Fixed Kismet install 
- Added Firefox plugins: - Cookies Manager+ - Greasemonkey - HackBar - HttpFox - JSView - MitM Me - Tamper Data - User Agent Quick Switch - XSS Me - Disabled login sound - Changed default user account lockout to 30 mins - Updated desktop background image.

 

Project Research Document : Click here

 

Installation Instruction : Doc click 

 

Download Link (iso) : MobiSec

Read more in here : https://www.owasp.org/index.php/OWASP_Mobile_Security_Project

 

Thanks for Visiting my Blog ...

 

WebSploit - Scan And Analysis Remote System From Vulnerability

WebSploit:
                is an open source project which is used to scan and analysis remote system
in order to find various type of vulnerabilites. This tool is very powerful and support multiple vulnerabilities

[+]Autopwn - Used From Metasploit For Scan and Exploit Target Service
[+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin
[+]format infector - inject reverse & bind payload into file format
[+]phpmyadmin - Search Target phpmyadmin login page
[+]lfi - Scan,Bypass local file inclusion Vulnerability & can be bypass some WAF
[+]apache users - search server username directory (if use from apache webserver)
[+]Dir Bruter - brute target directory with wordlist
[+]admin finder - search admin & login page of target
[+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks
[+]MITM - Man In The Middle Attack
[+]Java Applet Attack - Java Signed Applet Attack
[+]MFOD Attack Vector - Middle Finger Of Doom Attack Vector
[+]USB Infection Attack - Create Executable Backdoor For Infect USB For Windows

With New Features : Website Attack Vector : Scanner, crawler For WebsiteNetwork Attack Vestor : Network Attack ToolsAutomatic Exploits : Automatic Exploit VulnerabilityFormat Infector : Inject Custom Payload Into File FrmatDownload V1.4 : WebSploit Toolkit V.1.4.zip (1.1 MB)find Other version | read more in hereSecurity List Network™ Present.

Download Link : Websploit

Free Security Testing Service for Websites and Blogs

ScanMyServer.com

 

 Core Features:

• Get a detailed security report on your website and server
  
• Free, secure and confidential
  
• A service of Beyond Security, a PCI Approved Scanning Vendor
  
• Test for malware, SQL injection, XSS and other vulnerabilites
  
• Nothing to download or install, no interruption of your visitors
  
• No password access is required 

Scanning Link :  Click Here

 

 

 

MaxPatrol Network Security Scanner - Positive Technologies

MaxPatrol - Network & Web Application Security Testing Tool:

       

MaxPatrol Core Features:

Web-server and Web Application structure analysis.

        MaxPatrol analyzes the structure of Web Applications to determine
        weaknesses and potential vulnerabilities in both the Web Server
        Configuration and the Web Application. Discovers available web server
        technologies. Inspects the HTTP version banners and looks for
        vulnerable products and other..

  

Intelligent recognition of vulnerabilities in known web-server scripts.

    Automatically detects web vulnerabilities:

        - SQL injection
        - Blind SQL injection
        - Cross Site Scripting
        - UTF-7 Cross Site Scripting
        - HTTP Response Splitting
        - Code execution
        - File inclusion
        - Directory traversal
        - Input validation
        - Authentication attacks
          (brute force login/password and etc)
        - Script source code disclosure
        - Discovers directories with weak permissions
          (finds directory listings and etc)
        - Looks for common files,
          back-up files, logs or directories

Detection of vulnerabilities arising from configuration errors including
    cases of unprotected authorization, revealing of information by services,
    etc.

Download Link: Maxpatrol

Freeware Tools:   Click Here

Penetration Testing Using Mobile Phones & Tablets

Network Penetration Testing Using Mobile Phones:

Two Penetration Testing Suite Listed Below:

• ANTI - Android Network Toolkit - Android & Apple Phone
• Pwnie Express - Nokia phone

ANTI - Android Network Toolkit:

                                  Anti consists of 2 parts: The Anti version itself and extendable plugins. Upcoming updates will add functionality, plugins or vulnerabilities/exploits to Anti Using Anti is very intuitive - on each run, Anti will map your network, scan for active devices and vulnerabilities, and will display the information accordingly: Green led signals an 'Active device', Yellow led signals "Available ports", and Red led signals "Vulnerability found". Also, each device will have an icon representing the type of the device. When finished scanning, Anti will produce an automatic report specifying which vulnerabilities you have or bad practices used, and how to fix each one of them.

In-order to download the App (version 2.1) click on Register & Download, Choose email/password and you may download straight to your phone.

Make sure 3rd party application is enabled on your phone via Settings -> Applications -> Unknown Sources.

Download Link : ANTI


The app is also available via Android Market (lite version without *ANY* offensive capabilities in-order to fully comply with Android/Google ToS), named : "AntiLite".


  
Pwnie Express - Nokia phone

A Nokia N900-based penetration testing platform

• Includes Aircrack-NG, Metasploit, Kismet, GrimWEPa, SET, Fasttrack, Ettercap, nmap, and more
• Custom pentesting desktop with shortcuts to all tools!
• One-click evil AP, WEP cracker, and packet capture!
• Built-in wireless chipset supports packet injection, monitor mode, and promiscuous mode.
• Includes phone, all standard accessories, 2 batteries, & coupler for USB host mode.

 Testing Tools manual : Click here

Download Link :  Pwnie Express



 Enjoy & Thank you for all the feedback/support!!












 

Open Authendication Server - ClearBox

ClearBox Enterprise RADIUS TACACS+ Server:
                                                                           is a Windows application for the centralized control and management of remote access to the network through the use of RADIUS, standard protocol widely deployed by various network equipment for central user access and security administration.

                                                                         ClearBox Enterprise Server is capable to provide authentication and accounting services to medium and large wholesale providers, organizations and network operators with thousands and even millions of users.

ClearBox Enterprise Server deployment areas include (but are not limited to) the following:

• Wi-Fi networks with RADIUS-enabled access points (in WPA-Enterprise mode) for wireless clients authentication;
• Prepaid and postpaid voice-over-IP (VoIP) applications with RADIUS-enabled h323 and SIP gateways, gatekeepers, IP-PBX's such as Cisco, Quintum, Mera, Brekeke, OpenH323, OpenSER, Asterisk and many others;
• Wholesale providers with wide access networks who forward RADIUS authentication and accounting data to end-point providers;
• Internet service providers (ISP) who provide an access to dial-up/ADSL/PPPoE users;
• Networks with RADIUS-enabled firewalls (Cisco PIX, Microsoft Internet Security and Acceleration Server (ISA), etc), VPN hardware/software servers, routers (Cisco, Mikrotik, etc). 

Download Link: Click Here

Open Source SSL Implementaton Tools

SSL-Explorer:
              is the world's first open-source, browser-based SSL VPN solution. This unique remote access solution provides users and businesses alike with a means of securely accessing network resources from outside the network perimeter using only a standard web browser.

            It also provides users with WebDAV file access, intranet Web site proxying, Active Directory authentication, and Java application deployment using a standard Web browser.

            In contrast to a conventional IPsec-based solution, no client side code needs to be installed on your end user’s systems. SSL VPNs rely on Java &#153 based technology and hence require only a standard web browser to operate. Standard network protocols can be tunnelled through the SSL connection, meaning that email and intranet web/file resources are easily and securely accessible from outside the corporate network.

Download Link :  Click Here

OpenSSL :
         OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.

            Openssl command-line binary that ships with the OpenSSL libraries can perform a wide range of cryptographic operations. It can come in handy in scripts or for accomplishing one-time command-line tasks.


             Documentation for using the openssl application is somewhat scattered, however, so this article aims to provide some practical examples of its use. I assume that you’ve already got a functional OpenSSL installation and that the openssl binary is in your shell’s PATH.



Download Link for Unix/Linux : Click Here

Download Link for Windows   : Click Here