Wednesday, September 25, 2013

Best Wireless / Wi-Fi Password Cracker & Sniffer Tool List

Wireless / Wi-Fi Password Cracker & Sniffer Tool :

                      An internet connection has become a basic necessity in our modern lives. Wireless hot-spots (commonly known as Wi-Fi) can be found everywhere!

                      If you have a PC with a wireless network card, then you must have seen many networks around you. Sadly most of these networks are secured with a network security key.

                      Have you ever wanted to use one of these networks? You must have desperately wanted to check your mail when you shifted to your new house. The hardest time in your life is when your internet connection is down.

Steps to Crack / Sniff Wi-Fi Password:

                           Cracking those Wi-Fi passwords is your answer to temporary internet access. This is a comprehensive guide which will teach even complete beginners how to crack WEP encrypted networks, easily.

Table of Contents

  1. How are Wireless networks secured?
  2. What you'll need
  3. Setting up CommView for Wi-Fi
  4. Selecting the target network and capturing packets
  5. Waiting...
  6. Now the interesting part... CRACKING!
  7. Are you a visual learner?

How Are Wireless Networks Secured?

                                       In a secured wireless connection, internet data is sent in the form of encrypted packets. These packets are encrypted with network security keys. If you somehow manage to get hold of the key for a particular wireless network you virtually have access to the wireless internet connection.

Broadly speaking there are two main types of encryptions used:

WEP (Wired Equivalent Privacy):
                                          This is the most basic form of encryption. This has become an unsafe option as it is vulnerable and can be cracked with relative ease. Although this is the case many people still use this encryption.

WPA (Wi-Fi Protected Access):
                                          This is the more secure alternative. Efficient cracking of the passphrase of such a network requires the use of a wordlist with the common passwords. In other words you use the old fashioned method of trial and error to gain access. Variations include WPA-2 which is the most secure encryption alternative till date. Although this can also be cracked using a wordlist if the password is common, this is virtually uncrackable with a strong password. That is, unless the WPA PIN is still enabled (as is the default on many routers).

                                          Hacking WEP passwords is relatively fast, so we'll focus on how to crack them for this guide. If the only networks around you use WPA passwords, you'll want to follow this guide on how to crack WPA WiFi passwords instead.

What You'll Need...

  • A compatible wireless adapter:
This is by far the biggest requirement.The wireless card of your computer has to be compatible with the software CommVIew. This ensures that the wireless card can go into monitor mode which is essential for capturing packets.Click here to check if your wireless card is compatible.
 

Wireless / Wi-Fi Password Cracker & Sniffer Tool List :

Wi Fi Hacker Version 3.0 :

                       Wifi Hacker is a prank app that simulates obtaining passwords and cracking routers. It does so using automated task that pretend to hack wireless networks. Pretending to be a hacker in front of your friends was never so fun!
It is free and easy to use.


Download Link : http://jlyse.net/?DCUA4KX

Mobile Version :

Download Link : https://play.google.com/store/apps/details?id=com.mitevi.wifihack&hl=en

WiFi Password Decryptor v 2.0 :

                       WiFi Password Decryptor V 2.0 Tool by Security Xploid Team.

                       WiFi Password Decryptor is the FREE software to instantly recover Wireless account passwords stored on your system.

                         It automatically recovers all type of Wireless Keys/Passwords (WEP/WPA/WPA2 etc) stored by Windows Wireless Configuration Manager.

For each recovered WiFi account, it displays following information
  • WiFi Name (SSID)
  • Security Settings (WEP-64/WEP-128/WPA2/AES/TKIP)
  • Password Type
  • Password in Hex format
  • Password in clear text
                       After the successful recovery you can save the password list to HTML/XML/TEXT file. You can also right click on any of the displayed account and quickly copy the password.

                          Under the hood, 'WiFi Password Decryptor' uses System Service method (instead of injecting into LSASS.exe) to decrypt the WiFi passwords. This makes it more safer and reliable. Also it makes us to have just single EXE to work on both 32-bit & 64-bit platforms.

                        It also supports command-line mode making it useful for automation & penetration testers.

                           It has been successfully tested on Windows Vista and higher operating systems including Windows 8.

Download_Link 

http://securityxploded.com/wifi-password-decryptor.php#WiFiPasswordDecryptor_Download

WiHack 2.4.6:
          
              is the first working program for hacking Wi-Fi. This project was developed as a special software to work with protected wireless networks. WiHack is an improved version of Wi-FI Pirate 3 which we have previously tried to crack.

The program is able to analyze wireless Wi Fi for the presence of insecurity, then it becomes possible to perform the main hacking features such as:

1)Get the Users List
2)Guess the network password (crack Wifi password)
3)Sniffing Users Mode (you are able to see every User's movement)
4)Block the User (program will disconnect user from the network, it's useful when somebody is donwloading something and because of that your internet start lagging)

Demo :

 
Download Link : http://wihack.com/en/download.html

Aircrack-ng v 1.2 :
                Aircrack-ng is an absolute must for all serious penetration testers and security professionals. The suite of tools includes 802.11 WEP and WPA-PSK key cracking programs that are able to capture wireless packets and crack passwords once enough information (data/ packets) have been captured. YouTube is a big favourite of aircrack-ng, with there being close to 4,500 thousand wifi cracking tutorials using aircrack!

Download Link

Windows : http://download.aircrack-ng.org/aircrack-ng-1.2-beta1-win.zip

VMWare :

http://www.aircrack-ng.org/doku.php?id=install_aircrack#installing_vmware_image


Live CD :  http://www.aircrack-ng.org/doku.php?id=slitaz


Airjack:
               Airjack is a 802.11 packet injection tool. This wireless cracking tools is particularly useful in being able to inject forged deauthentication packets, a feature which is a must to execute and learn about how to defend denial-of-service and Man-in-the-Middle attacks. This tool is often used by hackers to inject deauthentication packets that results in bringing down networks.

Download Link : http://sourceforge.net/projects/airjack/files/latest/download

AirSnort:
             AirSnort is a useful tool. This program is able to obtain WEP encryption keys by remaining in monitor mode and capturing packets.

          AirSnort is a wireless LAN (WLAN) tool which cracks encryption keys on 802.11b WEP networks. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.


Download Link : http://sourceforge.net/projects/airsnort/files/airsnort/

Cain & Able:

              Another YouTube favourite. This program (which we believe hails from Italy) is a classic and must have for all pentesters and security professionals. Eric Reed, well known Certified Ethical Hacker instructor, demonstrated its’ use on a Hacker Hotshot episode a couple of weeks back. Simply called Cain by many, this tool is programmed to intercept network traffic. With the acquired information Cain is able to discover passwords by brute-force and cryptanalysis attack methods. Cain can also record VoIP conversations, recover wireless network keys, and analyze routing protocols. Bottom line, if you are serious about learning and educating yourself with wireless security then Cain is your friend.


Download Link : http://www.oxid.it/downloads/cain20.exe


Ettercap:
          Ettercap is used for man-in-the-middle attacks by initiating the attack by sniffing for live connections, and filter intercepted packets.

This program was recently updated and we think it has been included on Kali Linux.

Download Link : http://ettercap.github.io/ettercap/downloads.html

Firesheep:
             This Firefox addon caused quite a stir when it was released since it perfectly demonstrated just how insecure online sessions can be for those uneducated with basic internet (network) security. The addon allows the hacker to capture SSL session cookies sent over any unencrypted wireless network (like an open wifi network). Many websites initiate a session with their clients by forcing SSL login, but subsequently all traffic is sent over the network unencrypted – perfect for Firesheep and its’ effective side-jacking capabilities.

Download Link : https://github.com/codebutler/firesheep/downloads

IKECrack:
             We are not too familiar with this cracking tool but we have included it because it just sounds very interesting! This tool seems to be an open source IPsec VPN authentication tool which uses brute force attack processes to capture Internet Key Exchange (IKE) packets. The purpose of this security tool is to discover valid VPN user identities and secret key combinations. Clearly once this have been obtained then the discovered credentials can be used by a hacker to gain unauthorized access to a VPN.

Download Link : http://sourceforge.net/projects/ikecrack/files/latest/download

KARMA:
            This tool starts by being on monitor mode and sits there trying to work out SSID names and BSSID names. Once it has determined the SSID the tool will pretend to be that access point – rather similar to a MITM attack. If you are interested in this tool then you should also take a look at Hotspotter.

              KARMA is a set of tools for assessing the security of wireless clients at multiple layers. Wireless sniffing tools discover clients and their preferred/trusted networks by passively listening for 802.11 Probe Request frames. From there, individual clients can be targeted by creating a Rogue AP for one of their probed networks (which they may join automatically) or using a custom driver that responds to probes and association requests for any SSID.  Higher-level fake services can then capture credentials or exploit client-side vulnerabilities on the host.

Download Link : http://www.wirelessdefence.org/Contents/Files/karma-20060124.tar.gz

Kismet:
             Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT

            Another classic, Kismet adopts an intrusion detection policy to wireless security, and is used to detect and analyze access points within radio range of the network on which it is installed.

Download Link : http://www.kismetwireless.net/download.shtml

NetStumbler:
             A great tool for those that prefer using windows. NetStumbler can activate any WiFi-enabled Windows laptop into an 802.11 network detector. Several addons can be used with NetStumbler to hack and crack wireless networks.

              NetStumbler delivers a tool that helps you detect 802.11 a/b/g WLAN standards. While wardriving is its main use, the application also facilitates the verifying of network configurations. You can easily find locations that suffer from weak signal within a WLAN, detect issues of wireless interference and rogue access points. Thus, you are able to aim directional antennas in order to benefit from extended wireless signal quality and strength.

Download Link : http://www.netstumbler.com/downloads/

Wireshark:
             No list would be complete without WireShark. Basically WireShark monitors every single byte of data that is transmitted over a network. This tool is particularly useful for penetration testers or network administrators that want to understand what is happening on the networks that they are securing.


Download Link : http://www.wireshark.org/download.html

Other tools worth mentioning are Hotspotter, APsniff, APhunter, KNSGEM, HermesAP, OpenAP, Cowpatty and ASLeap.

Thanks,

RRN Technologies Team

Tuesday, September 24, 2013

PCI / PA DSS v3.0 - Payment Card Industry / Payment Application Data Security Standard Preview Released

PCI DSS v 3.0 and PA DSS v 3.0 :

                           Payment Card Industry / Payment Application Data Security Standard Version 3 Preview released and Change Highlighted below . 

 "PCI DSS and PA-DSS 3.0 will provide organizations the framework for assessing the risk involved with technologies and platforms and the flexibility to apply these principles to their unique payment and business environments, such as e-commerce, mobile acceptance or cloud computing,"

 

 

                           PCI Security Standards Council (PCI SSC) has published a highlights document outlining the coming enhancements to the PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) in version 3.0 of the two. The changes are oriented towards making PCI DSS part of companies’ business-as-usual activities rather than a yearly checkbox compliance act, by focusing on three key areas: introducing more flexibility, an increased focus on education and awareness, and security as a shared responsibility.

 

 

                                   PCI DSS applies to all organisations that process, store or transmit card holder data, whether as part of their merchant activities or as a service provider on behalf of a merchant. If as a merchant you contract all payment details to a 3rd party you still need to be compliant as you have responsibilities for ensuring the 3rd parties meet the standard.

The updated versions of PCI DSS and PA-DSS will:
  • Provide stronger focus on some of the greater risk areas in the threat environment
  • Provide increased clarity on PCI DSS & PA-DSS requirements
  • Build greater understanding on the intent of the requirements and how to apply them
  • Improve flexibility for all entities implementing, assessing, and building to the Standards
  • Drive more consistency among assessors
  • Help manage evolving risks / threats
  • Align with changes in industry best practices
  • Clarify scoping and reporting
  • Eliminate redundant sub-requirements and consolidate documentation
Over the next few months up to and including the new version of the PCI DSS we will be reviewing information from the PCI Security Standard Council and publicising the changes, so check our PCI DSS pages for updates.
Changes to the standards have been classified as Clarification, Additional Guidance and Evolving requirement. The evolving requirements are to ensure the standards are up to date with emerging threats and changes in the market such as mobile acceptance and cloud computing.
Throughout PCI DSS version 3.0 there are key themes that designed to help organisations take a proactive approach to cardholder data security:
  • Education and awareness
    Lack of education and awareness around payment security, coupled with poor implementation and maintenance of the PCI Standards, gives rise to too many of the security breaches happening today. Updates to the standards are geared towards helping organisations better understand the intent of requirements and how to properly implement and maintain controls across their business. Changes to PCI DSS and PA DSS will help drive education and build awareness internally and with business partners and customers.
  • Increased flexibility
    Changes to the standards focus on some of the most frequently seen risks that lead to incidents of cardholder data compromise - such as: weak passwords and authentication methods; malware; and poor self-detection - providing added flexibility on ways to meet the requirements. Increased flexibility will enable organisations to take a more customised approach to addressing and mitigating common risks and problem areas. At the same time, more rigorous testing procedures for validating proper implementation of requirements will help organisations drive and maintain controls across their business.
  • Security as a shared responsibility
    Securing cardholder data is a shared responsibility. Today’s payment environment has become ever more complex, creating multiple points of access to cardholder data. Changes introduced with PCI DSS and PA DSS focus on helping organisations understand their organisation’s PCI DSS responsibilities when working with different business partners to ensure cardholder data security.

Encryption and Key Management (section 3):

A lot of clarifications have been introduced in this part of the standard in order to ensure adequate protection of all encryption material. As an example of this, an additional emphasis has been put on testing procedures to specifically enforce things such as secure storage of the keys (HSM, etc.), separation of Key Encrypting Keys and Data Encrypting Keys, and to enforce Split Knowledge and Dual Control of the keys.

Secure Developments (section 6):

Again a lot of clarifications such as developers must be properly trained in secure coding techniques, developing secure applications also applies to applications developed by third parties and more stringent requirement on the use of a Web Application Firewall (WAF).It is also interesting to note that a new requirement will involve specifically protecting attacks again the PAN and SAD when insecurely handled in memory! This last requirement will be considered as best practice for the time being, before becoming mandatory on the 30th June 2015.

Role-base Access Control and User Management (sections 7 & 8):

Regarding access to systems, it is now made clear that each role must be clearly defined with all levels of privilege required for the role. We are also happy to see that an additional emphasis has been put on user IDs managed by vendors and third parties when they access their customer’s environment, yes, those account must be disabled when not in use. Also guidance on how to select strong authentication credentials (such as passwords!) must now be provided to users. 

Physical Security… now including POS devices! (section 9)

It is clearly making sense to include the protection of POS devices within the PCI DSS standard and things such as maintaining a list of such devices and training personnel on detecting tampering and substitution have now been included in the standard.

Penetration Testing (section 11)

The PCI community will be glad to know that a proper penetration testing methodology is now required. As per other requirements, it is now mandatory to ensure that those penetration tests follow industry-accepted best practices in order to ensure that their results are actually useful in evaluating the security of an environment. Interestingly, a number of new requirements are now enforcing things such as testing the efficiency of the controls used for segmentation, when segmentation is in place. 

Application Testing Boost in PCI 3.0

                     When it comes to application security, the Council will change some key requirements of the PA-DSS, according to a preview document released by the PCI SSC

Among them:

  • Requirement 5: this requirement governs development of secure applications. In Version 3.0, it will include enhanced requirements for system (read that “application”) development processes. Most important: PA-DSS version 3.0 will mandate periodic security reviews and require application threat modeling techniques and step to verify the integrity and security of application source code before an application is released to customers. The list of common vulnerabilities that application publishers must test against will also be brought into alignment with the latest version of common vulnerabilities from groups like OWASP, NIST, SANS, and so on, to make sure that that PA-DSS is aligned with current and emerging threats.
  • Requirement 7: this governs application requirements and testing procedures. It has been updated to make it clear that vendors must include release notes with each application update to help merchants determine whether the version of an application that they’re using is on the PA-DSS list of approved applications.
  • Requirement 14: this is a new requirement for the PA-DSS that will require training of integrators, resellers and vendor personnel.

 Download Link : 



 
Thanks,

RRN Technologies Team

Sunday, September 22, 2013

Malware / Application Exploit Analysis tool - Hook Analyser 2.6

Hook Analyser :
                        is a freeware project, started in 2011, to analyse an application during the run-time. The project can be potentially useful in analysing malwares (static and run time), and for performing application crash analysis.

The following sections break down the features (and functionality) of the Hook Analyser, and attempts to answer ‘How-to’ and ‘so-what’ queries.

Application UI – Significant updates have been performed on the latest release (v 2.2) to make it more verbose.

Hook Analyser is a hook tool which could be potentially helpful in reversing application and analyzing malwares.

The tool can hook to an API in a process and can do following tasks.

1. Hook to API in a process
2. Hook to API and search for pattern in memory of a process
3. Hook to API and dump buffer (memory).


It's completely automated where you need not to mention any specific API, it does all by itself and stores result in log file.

Needless to say : Support pattern searches , dump memory content and more..


Following is the change log -
  1. Added new signatures (and removed redundant ones) 
  2. Bug fixes - Many thanks for community users to reporting them.
  3. Fixed start-up error. 

Release of the Hook Analyser v2.6.

Following is the change log -

-- Added new signatures (and removed redundant ones)
-- Bug fixes - Many thanks for community users to reporting them.
-- Fixed start-up error.

  5 key functionalities -


  1. Spawn and Hook to Application - This feature allows analyst to spawn an application, and hook into it. The module flow is as following -
    1. PE validation
    2. Static malware analysis.
    3. Other options (such as pattern search or dump all)
    4. Type of hooking (Automatic, Smart or manual)
    5. Spawn and hook
         Currently, there are three types of hooking being supported –
  • Automatic – The tool will parse the application import tables, and based upon that will hook into specified APIs
  • Manual – On this, the tool will ask end-user for each API, if it needs to be hooked.
  • Smart – This is essentially a subset of automatic hooking however, excludes uninteresting APIs.
    2.  Hook to a specific running process-The option allows analyst to hook to a running (active) process. The program flow is –
  1. List all running process
  2. Identify the running process executable path.
  3. Perform static malware analysis on executable (fetched from process executable path)
  4. Other options (such as pattern search or dump all)
  5. Type of hooking (Automatic, Smart or manual)
  6.  Hook to a specific running process
  7. Hook and continue the process 

  3.   Static Malware Analysis  - This module is one of the most interesting and useful module of Hook Analyser, which performs scanning on PE or Widows executables to identify potential malware traces. The sub-components have been mentioned below (and this is not the full list) -

  1. PE file validation
  2. CRC and timestamps validation
  3. PE properties such as Image Base, Entry point, sections, subsystem
  4. TLS entry detection.
  5. Entry point verification (if falls in suspicious section)
  6. Suspicious entry point detection
  7. Packer detection
  8. Signature trace (extended from malware analyser project), such as Anti VM aware, debug aware, keyboard hook aware etc. This particular function searches for more than 20 unique malware behaviours (using 100’s of signature).
  9. Import intel scanning.
  10. Deep search (module)
    Online search of MD5 (of executable) on Threat Expert.
  11. String dump (ASCII)
  12. Executable file information
  13. Hexdump
  14. PEfile info dumping
  15. ...and more.

   4.   Application crash analysis - This module enables exploit researcher and/or application developer to analyse memory content when an application crashes.This module essentially displays data in different memory register (such as EIP).
  • Application crash analysis video demonstration – 
  • http://www.youtube.com/watch?v=msYo7pPsu6A
  5.   Exe extractor - This module essentially extracts executables from running process/s, which could then be further analysed using Hook Analyser , Malware Analyser or other solutions. This module is potentially useful for incident responders

Download Link :


http://www.ziddu.com/download/23012698/HookAnalyser2.6.zip.html



Mirror :

http://we.tl/R0iDHL2nlg

Saturday, September 21, 2013

Web Application Security Testing Platform - Websecurify

Websecurify :
                  is One of the powerful web application security testing platform designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies. It is available for all major desktop platforms including mobile devices and web via our online security.







Important Features of Websecurify:
                                             The major features of Websecurify are the following:
  • Nice, user-friendly interface which is simple and easy to use
  • Good testing and scanning technology
  • Strong testing engine to detect URLs automatically
  • Extensible with many available add-ons
  • Available for major desktop and mobile platforms
  • Free version also available on all major platforms
As I said, Websecurify is not a fully automatic tool; it will only generate the possible URLs and parameters where vulnerabilities can exist. You will need to verify all those possible URLs and test them manually to confirm the vulnerability. This may sometimes take a while, but the tool’s performance is good.

Which Vulnerabilities Can It Detect?
                                                These are the main vulnerabilities that Websecurify can detect:
  • Cross site scripting
  • Cross site request forgery
  • Path disclosure
  • Internal errors
  • SQL injection
  • URL redirection
  • HTTP response splitting
  • Local and remote file include
  • Session cookies problem
  • Information disclosure problems
  • And many other vulnerabilities
Almost all popular vulnerabilities can be detected with the help of this security tool. SQLI, XSS and CSRF are among the main vulnerabilities exploited by hackers.


A Complete Suite Of Web Security Tools :
                                        The Suite provides a complete and functional marketplace of highly integrated web application security tools. You will find that different areas are covered by various domain-specific solutions. The Suite consists of automated scanners, fuzzers, utilities and many other tools useful in numerous situations


Consistent And Easy To Use

                                           The look and feel is consistent across all applications, which makes them incredibly easy to work with. You no longer have to look for hidden options, remember commands or even change the way you go about doing your work. It all just makes sense.

Wide Coverage Of Security Vulnerabilities

                                         The Suite scanning technology is able to discover variety of issues from XSS, SQL Injection, Local File Includes to Default Logins, Session Problems and many others. OWASP TOP 10, WASC and variety of other lists are well supported. For the complete list of vulnerabilities we can discover just click here.


Pick The Tools You Need The Most

You don't have to pay for things you don't need. The Suite is customizable, which means that you can cherry-pick the tools, which provide most value to you and your team. The Suite Marketplace is proudly the first in the world app store for web application security tools and utilities.



Scalable Across Teams of Any Size

                                   All applications in the Suite run in standard browsers like as Google Chrome and Mozilla Firefox. They are available in online and offline modes. This characteristic makes the Suite extremely scalable. Software updates, installs and other nuisances are just problems of the past. This is perfect for large development, quality assurance and penetration testing teams.



Download and Installation :
                                            First of all, you need to download Websecurify from its Official Website. Although it is a commercial product, you can use the open source version of Websecurify to test your application for free. You can download the open source version from Google Code. This tool is available for all major desktop and mobile platforms, including:
  • Windows
  • Mac
  • Linux
  • iOS
  • Android
  • Web App
This nice penetration testing tool is also available for Google Chrome and Mozilla Firefox. One thing worth mentioning here is that WebSecurify is the first and only web application penetration testing tool that is also designed to run direct from the browser with support for both Google Chrome and Mozilla Firefox.
I personally recommend using the desktop app for better performance but using the web browser extension also works well.


Download Link : https://code.google.com/p/websecurify/downloads/list




Thursday, September 19, 2013

Passive Vulnerability Scanner ( PVS ) 4.0 - Nessus

Tenable Nessus -  Passive Vulnerability Scanner

                     provides visibility into both server and client-side vulnerabilities, discovers the use of common protocols and services (e.g., HTTP, SQL, file sharing), and performs full asset discovery for both IPv4 and IPv6, and even on hybrid networks.

                    Unique, real-time vulnerability scanner continuously uncovers hidden vulnerabilities
and provides full asset discovery of BYOD and virtual systems.

Nessus Passive Vulnerability Scanner (PVS) is perfect to drop into any network or network segment for continuous vulnerability detect and full asset discovery. Try it free to monitor vulnerabilities up to 16 IP addresses.

System Requirements

  • CPU: 1 x dual-core 2 GHz CPU (32 or 64 bit)
  • Memory: 2 GB RAM (4 GB RAM recommended)
  • OS: Windows, Red Hat ES 5, Red Hat ES 6

Passive Vulnerability Scanner Features

BYOD and Shadow IT Detection:
                                      The Tenable Passive Vulnerability Scanne (PV) continuously and passively detects mobile devices, virtual infrastructure, and cloud applications (often described as "shadow IT") used on your network. Whether these assets are managed or unmanaged, PVS is the only scanner that can detect them, their vulnerabilities, and behavior that create compliance risk and security exposure. PVS detects operating systems, services, and applications, as well as vulnerabilities in all network traffic.


Self-contained User Interface:
                                           PVS easily installs in networks to monitor network traffic at the packet level. The integrated web-based interface provides user management, scanner configuration, plugin updates, report set-up, and customization. This self-contained solution makes it easy to discover common protocols and services (e.g., HTTP, SQL, file sharing), eliminating gaps in time and covering areas of your network and assets that active scanners alone cannot. With its integrated interface, PVS provides unparalleled point monitoring for highly-sensitive networks or network segments.


Download Link : http://www.tenable.com/products/passive-vulnerability-scanner/download

Thanks,

RRN Technologies Team.




Wednesday, September 4, 2013

SAP ERP Penetration Testing framework / Tools List

SAP ERP Penetration Testing framework / Tools List :

  • Bizploit By Onapsis
  • Sapyto By Cyber System Security
  • ERPScan’s By SAP AG

                     
Bizploit :
            is the first Opensource SAP ERP Penetration Testing framework. Developed by the Onapsis Research Labs, Bizploit assists security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized ERP Penetration Tests.


Currently, Bizploit is shipped with many plugins to assess the security of SAP business platforms. Plugins for other popular ERPs will be included in the short term.



  • Download Bizploit v1.50-rc1 for Windows  
  • Download Bizploit v1.50-rc1 for Linux

  • Sapyto:
               is the first SAP Penetration Testing Framework. Fully developed at CYBSEC-Labs, sapyto provides support to information security professionals in SAP platform discovery, investigation and exploitation activities.

              Sapyto is periodically updated with the outcome of the deep research constantly carried out by CYBSEC-Labs on the various security aspects in SAP systems.

              Although sapyto is a versatile and powerful tool, it is of major importance for it to be used by consultants who are highly skilled and specialized in its usage, preventing any interference with your organization’s usual SAP operation.

               To obtain further information about specific SAP security services, please visit our SAP Security section.

    The following versions of sapyto are available at this moment:


    Sapyto Public Edition (v0.99) for Windows [DOWNLOAD]
    Sapyto Public Edition (v0.99) for Linux [DOWNLOAD]

    ERPScan's:
                     SAP Pentesting Tool is NOT a demo or part of professional product called ERPScan Security Scanner it is just a number of perl scripts for penetration testers.
    Overview
    ERPScan's SAP Pentesting Tool is a freeware tool that is intended for penetration testers and security officers for vulnerability assessment of SAP systems using Black Box testing methodologies. It means that you do not need to know any information about the target system or have a legal account in it. All the information will be collected by SAP Pentesting tool.


    Updated release 0.6 from 01.10.2012

    - Total 31 modules
    - 18 Information gathering
    - 3 Command execution
    - 8 Aux
    - 4 DoS
    - Exploit for Verb Tampering (add user and add role)
    - P4 password decryptor plugin
    - ~40 default public ICM pages scan

    Features
    Using ERPScan's SAP Pentesting Tool you can:
    • Obtain information using information disclosure vulnerability;
    • Exploit potential vulnerabilities;
    • Collect business critical data or the data for conducting other attacks
    If you want to test professional product please fill this form.

    Monday, September 2, 2013

    SpiderFoot : Multi-platform open-source footprinting and intelligence gathering tool.


    SpiderFoot:
                       is an open source footprinting tool, available for Windows and Linux. It is written in Python and provides an easy-to-use GUI. SpiderFoot obtains a wide range of information about a target, such as web servers, netblocks, e-mail addresses and more.

                       SpiderFoot is now entirely written in Python, with packages provided for running on Linux/BSD/Solaris systems as well as a py2exe package that can be run on Windows. Once started, SpiderFoot starts up an internal web server that you must then visit using a web browser (IE, FireFox and Chrome should be fine.

                       All data is stored locally in a SQLite database. This enables a lot of flexibility in data analysis, querying and reporting that I expect to become more fully available in future releases.






        - Collects SSL certificate information and performs a number of checks.
        - Identifies social media presence on LinkedIn, Twitter, Facebook, etc.
        - Identifies the use of Javascript frameworks like jQuery, etc.
        - Identifies the use of externally hosted Javascript.
        - Looks across all Internet TLDs for presence of the target.
        - Performs faster port scanning, with the addition of banner grabbing.
        - Performs more thorough DNS analysis of the target.
        - Includes many bug fixes and internal improvements.

     Download Link : http://sourceforge.net/projects/spiderfoot/files/

    More Info : https://github.com/smicallef/spiderfoot/wiki

    Grab it from: http://www.spiderfoot.net/