Http clear-text protocol is normally secured via an SSL or TLS tunnel,
resulting in https traffic. In addition to providing encryption of data
in transit, https allows the identification of servers (and, optionally,
of clients) by means of digital certificates.
SSL Testing Criteria :
Large number of available cipher suites and quick progress in
cryptoanalysis makes judging a SSL server a non-trivial task. These
criteria are widely recognised as minimum checklist:
SSLv2, due to known weaknesses in protocol design
SSLv3, due to known weaknesses in protocol design
Compression, due to known weaknesses in protocol design
Cipher suites with symmetric encryption algorithm smaller than 112 bits
X.509 certificates with RSA key smaller than 2048 bits
X.509 certificates with DSA key smaller than 2048 bits
X.509 certificates signed using MD5 hash, due to known collision attacks on this hash
TLS Renegotiation vulnerability
The following standards can be used as reference while assessing SSL servers:
NIST SP 800-52
recommends U.S. federal systems to use at least TLS 1.0 with
ciphersuites based on RSA or DSA key agreement with ephemeral
Diffie-Hellman, 3DES or AES for confidentality and SHA1 for integrity
protection. NIST SP 800-52 specifically disallows non-FIPS compliant
algorithms like RC4 and MD5. An exception is U.S. federal systems making
connections to outside servers, where these algorithms can be used in
SSL client mode.
PCI-DSS v1.2
in point 4.1 requires compliant parties to use "strong cryptography"
without precisely defining key lengths and algorithms. Common
interpretation, partially based on previous versions of the standard, is
that at least 128 bit key cipher, no export strength algorithms and no
SSLv2 should be used.
SSL Server Rating Guide has been proposed to standardize SSL server assessment and currently is in draft version.
SSL Server Database can be used to assess configuration of publicly available SSL servers based on SSL Rating Guide.
SSLDigger v1.02 :
is a tool to assess the strength of SSL servers by
testing the ciphers supported. Some of these ciphers are known to be
insecure
System Requirements:
Windows .NET Framework (can be installed using Windows Update)
is a tool that verifies SSL certificate and supported protocols/ciphers of a SSL-enabled webserver.
It is open source and is easily modified to support new protocols and
ciphers as they become available, the result is graded and it runs both
on Linux and Windows.
will help you diagnose problems with your
SSL certificate installation. You can verify the SSL certificate on
your web server to make sure it is correctly installed, valid, trusted
and doesn't give any errors to any of your users. To use the SSL
Checker, simply enter your server's hostname (must be public) in the box
below and click the Check SSL button.
is a suite of tools for security testing of web
applications. It was designed for security auditors to help them with
web application planning and exploitation.
Sunrise Technologies is proudly announces WebSurgery v1.1!
WebSurgery is a suite of tools for security testing of web applications. It is designed to address the ongoing needs of security auditors so to facilitate them with web application planning and exploitation. Suite currently contains a spectrum of efficient, fast and stable web tools
(Crawler, Bruteforcer, Fuzzer, Proxy, Editor) and some extra functionality tools (Scripting Filters, List Generator, External Proxy).
Tools Features
====
- Crawler
Crawler is designed to be fast, accurate, stable and completely parameterized using advanced techniques to extract links from HTML, CSS, Javascript and AJAX.
- Bruteforcer
Bruteforcer for files and directories within the web application which helps to identify the hidden structure.
- Fuzzer
Fuzzer is a highly advanced tool to create a number of requests based on one initial request. Can be used to exploit (Blind) SQL Injections, Cross Site Scripting (XSS), Denial of Service (DOS), Bruteforce for Username / Password Authentication Login Forms and identification of
Improper Input Handling and Firewall / Filtering Rules.
- Proxy
Proxy is a server running locally and will allow you to analyze, intercept and manipulate HTTP/HTTPS requests coming from your browser or other application which support proxies.
- Editor
Advanced ASCII/HEX Editor to manipulate individual requests.
Extra
====
- Scripting Filters
Advanced Scripting Filters to filter specific requests / responses with support of regular expressions and large number of variables.
- List Generator
List Generator for different list types (File, Charset, Numbers, Dates, IP Addresses, Custom) with additional rules support.
- External Proxy
External Proxy redirects suite's traffic to another HTTP/SOCKS proxy.
is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.
V4.5 Additions ========== JavaScript Beautifier Pause and Resume support for Scan Jump to Payload Cookie Support for POST Request Cookie Support and Custom Headers for Header Scanner Added TRACE method Support Improved Interface Better Proxy Support WAF Fingerprinting Load Files <exploitation module> Hash Calculator Hash Detector
is an integrated Web Application security assessment and exploitation
platform designed with the whole spectrum of security professionals to
web application hobbyists in mind. It suggests a security assessment
model which revolves around an extensible exploit database. Further, it
complements the power with various tools required to perform all stages
of a web application attack.
WAppEx is also equipped with a penetration testing
toolbox that makes an effective synergy with the Exploit Database and a
crafty security expert. The provided tools include Manual Request,
Exploit Editor, Dork Finder, Hidden File Checker… More tools, such as a
crawler, a multi-purpose fuzzer… are to be added to the arsenal in the
future releases of WAppEx.
Still, keep your eyes peeled as this is just the beginning of a new, powerful war machine in the pentest battleground.
The full list features is as below:
An exploit database covering a wide range of vulnerabilities.
A set of tools useful for penetration testing:
Manual Request
Dork Finder
Exploit Editor
Hidden File Checker
Neighbor Site Finder
Find Login Page
Online Hash Cracker
Encoder/Decoder
Execute multiple instances of one or more exploits simultaneously.
Execute multiple instances of one or more payloads (for every running exploit) simultaneously.
Test a list of target URL’s against a number of selected exploits.
Allows you to create your own exploits and payloads and share them online.
A number of featured exploits (6) and payloads (39) bundled within the software exploit database:
Testing and exploiting of Local File Inclusion vulnerabilities
Testing and exploiting of Local File Disclosure vulnerabilities
Testing and exploiting of Remote File Inclusion vulnerabilities
Testing and exploiting of SQL Injection vulnerabilities
Testing and exploiting of Remote Command Execution Inclusion vulnerabilities
Testing and exploiting of Server-side Code Injection vulnerabilities
W3AF ( Web Application Attack and Audit Framework) :
w3af core and
it's plugins are fully written in python. The project has more than 130
plugins, which check for SQL injection, cross site scripting (xss),
local and remote file inclusion and much more.
The project’s goal is to create a framework to help you secure your web
applications by finding and exploiting all web application
vulnerabilities. w3af to identify more than 200 vulnerabilities and
reduce your site’s overall risk exposure. Identify vulnerabilities like
SQL Injection, Cross-Site Scripting, Guessable credentials, Unhandled
application errors and PHP misconfigurations.
is a suite of tools for security testing of web applications. It was
designed for security auditors to help them with web application
planning and exploitation.
It currently contains a spectrum of efficient, fast and stable tools
such as Web Crawler with the embedded File/ Dir Brute forcer, Fuzzer
(for advanced exploitation of known and unusual vulnerabilities such as
SQL Injections, Cross site scripting (XSS)), Brute force (for login
forms and identification of firewall-filtered rules, DOS Attacks) and
WEB Proxy (to analyze, intercept and manipulate the traffic between your
browser and the target web application).
is an Open Source, feature-full, modular, high-performance Ruby
framework aimed towards helping penetration testers and administrators
evaluate the security of web applications.
It is smart, it
trains itself by learning from the HTTP responses it receives during the
audit process and is able to perform meta-analysis using a number of
factors in order to correctly assess the trustworthiness of results and
intelligently identify false-positives.
It is versatile enough
to cover a great deal of use cases, ranging from a simple command line
scanner utility, to a global high performance grid of scanners, to a
Ruby library allowing for scripted audits, to a multi-user multi-scan
web collaboration platform.
is a free and open source scanner and testing platform to test the
security of web applications. Vega can help you find and validate SQL
Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive
information,
and other vulnerabilities. It is written in Java, GUI based, and
runs on Linux,
OS X, and Windows.
Vega includes an automated scanner for quick tests and an
intercepting proxy for tactical inspection. The Vega scanner finds XSS
(cross-site scripting), SQL injection, and other vulnerabilities.
Vega can be extended using a powerful API in the language of the
web: Javascript.
is an open source project which is used to scan and analysis remote system
in order to find various type of vulnerabilities. This tool is very powerful
and support multiple vulnerabilities.
Description :
[+]Autopwn - Used From Metasploit For Scan and Exploit Target Service [+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin [+]format infector - inject reverse & bind payload into file format [+]phpmyadmin - Search Target phpmyadmin login page [+]lfi - Scan,Bypass local file inclusion Vulnerability & can be bypass some WAF [+]apache users - search server username directory (if use from apache webserver) [+]Dir Bruter - brute target directory with wordlist [+]admin finder - search admin & login page of target [+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks [+]MITM - Man In The Middle Attack [+]Java Applet Attack - Java Signed Applet Attack [+]MFOD Attack Vector - Middle Finger Of Doom Attack Vector [+]USB Infection Attack - Create Executable Backdoor For Infect USB For Windows [+]ARP DOS - ARP Cache Denial Of Service Attack With Random MAC [+]Web Killer Attack - Down Your WebSite On Network(TCPKILL) [+]Fake Update Attack - Create Fake Update Page For Target OS [+]Fake Access point Attack - Create Fake AP & Sniff Victims Information
a tool for developing and executing exploit code against a remote target machine.Metasploit Framework was completely rewritten in the Ruby programming language.
It helps security and IT professionals identify security issues, verify
vulnerability mitigations and manage expert-driven security assessments.
Metasploit Framework
The basic steps for exploiting a system using the Framework include:
Choosing and configuring an exploit (code that enters a target system by taking advantage of one of its bugs; about 900 different exploits for Windows, Unix/Linux and Mac OS X systems are included);
Optionally checking whether the intended target system is susceptible to the chosen exploit;
Choosing and configuring a payload (code that will be executed on the target system upon successful entry; for instance, a remote shell or a VNC server);
Choosing the encoding technique so that the intrusion-prevention system (IPS) ignores the encoded payload;
is a graphical cyber attack management tool for Metasploit that
visualizes targets, recommends exploits, and exposes the advanced
capabilities of the framework.
Advanced users will find Armitage valuable for managing remote
Metasploit instances and collaboration.
Armitage's red team
collaboration features allow your team to use the same sessions, share
data, and communicate through one Metasploit instance.
is a network tool designed to take advantage of some weakeness
in different network protocols. It pretends to be a solid framework for
analyzing and testing the deployed networks and systems.
Yersinia is a tool for performing layer 2 attacks, helping the
pen-tester in his daily work checking the robustness of layer 2
protocols configuration.
Attacks for the following network protocols are implemented (but of course you are free for implementing new ones):
It is a
penetration testing tool that focuses on the web browser. It allows the professional penetration tester to
assess the actual security posture of a target environment by using
client-side attack vectors. Unlike other security frameworks, BeEF looks
past the hardened network perimeter and client system, and examines
exploitability within the context of the one open door: the web browser.
BeEF will hook one or more web browsers and use them as beachheads for
launching directed command modules and further attacks against the
system from within the browser context.
is an open source network intrusion prevention and
detection system (IDS/IPS) developed by Sourcefire.
Combining the benefits of signature, protocol, and anomaly-based
inspection, Snort is the most widely deployed IDS/IPS technology
worldwide. With millions of downloads and nearly 400,000 registered
users, Snort has become the de facto standard for IPS.
It is based on the code
from the Analysis Console for Intrusion Databases (ACID) project. This
application provides a web front-end to query and analyze the alerts
coming from a SNORT IDS system.
BASE
is a web interface to perform analysis of intrusions that snort has
detected on your network. It uses a user authentication and role-base
system, so that you as the security admin can decide what and how much
information each user can see. It also has a simple to use, web-based
setup program for people not comfortable with editing files directly.
is an Open Source Host-based Intrusion Detection System that performs
log analysis, file integrity checking, policy monitoring, rootkit
detection, real-time alerting and active response.
It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows.
Check out OSSEC features and how it works for more information about how OSSEC can help you solve your host-based security problem.
is a high performance Network IDS, IPS and Network Security
Monitoring engine. Open Source and owned by a community run non-profit
foundation, the Open Information Security Foundation (OISF). Suricata is
developed by the OISF and its supporting vendors.
Open Information Security Foundation (OISF) is a non-profit foundation
organized to build a next generation IDS/IPS engine. The OISF has formed
a multi-national group of the leading software developers in the
security industry. In addition to developers and a consortium consisting
of leading cyber security companies, OISF has engaged the open source
security community to identify current and future IDS/IPS needs and
desires.
is a Universal "Security Information & Event Management"
(SIEM) system. Prelude collects, normalizes, sorts, aggregates,
correlates and reports all security-related events independently of the
product brand or license giving rise to such events; Prelude is
"agentless".
As well as being capable of recovering any type of log (system logs,
syslog, flat files, etc.), Prelude benefits from a native support with a
number of systems dedicated to enriching information even further
(snort, samhain, ossec, auditd, etc.).
is an easy to install intrusion detection system based upon
Snort. EasyIDS is designed for the network security beginner with
minimal Linux experience. EasyIDS includes CentOS linux, Snort,
Barnyard, mysql, BASE, ntop, arpwatch, and more.
open source Intrusion Detection System distribution based upon Snort,
EasyIDS takes the pain and frustration out of deploying an Intrusion
Detection Systems. Designed for the network security beginner with
minimal Linux experience, EasyIDS can convert almost any industry
standard x86 computer into a fully-functioning Intrusion Detection
System in as little as 15 minutes. EasyIDS lowers deployment and
maintenance costs for network security without compromising
functionality or performance.
provide host-level security services for the Unix
platform. PortSentry, Logcheck/LogSentry, and HostSentry protect against
portscans, automate log file auditing, and detect suspicious login
activity on a continuous basis.
is a lightweight and fully-ready IDS/IPS (Intrusion
Detection/Prevention System) Linux distribution based on Debian 7
(wheezy), available for 32 and 64 bit architecture. The distribution
includes the latest version of Snorby, Snort, Suricata, PulledPork and
Pigsty. An easy setup process allows to deploy a complete IDS/IPS System
within minutes, even for security beginners with minimal Linux
experience. Join the community, share your experiences, tips and ideas.
BETA protects you from zero-day exploits
targeting browser and application vulnerabilities. Its proprietary
technology protects you in that critical period between the release of a
new exploit and its subsequent security patch. And, unlike antivirus
products, Malwarebytes Anti-Exploit BETA proactively prevents the
exploit from installing its payload. Before it can do damage.
Malwarebytes Anti-exploit is a new application made by the makers of the freeware anti-virus, Malwarebytes.
Protects Internet Explorer, Firefox, Chrome, and Opera browsers
Protects browser components, including Java and Flash
One of the top free Anti-Malware programs out on the market today is Malwarebytes. Recommended by many professionals and our team.
How do I operate Malwarebytes?
You will need to download Malwarebytes, from below Download Link .
Once downloaded, double click the installer (Windows 7 & 8 users run as admin)
When installer is finished, you will be able to run Malwarebytes (Windows 7 & 8 again run as admin)
Go to the update tab and click “Check for Updates” (You can view where it’s located in the picture below)
Once Malwarebytes is finished updating you are now ready to scan
Click the “Scanner” tab and check “Preform quick scan”
Hit the “Scan” button below.
Malwarebytes should start scanning once it’s finished if anything is
detected you are able to click the “Removed selected” button which will
remove all infections. Depending on your infection you may have to
restart your computer, make sure you do so to complete the cleaning.
OTL by OldTimer is a flexible, multipurpose, diagnostic, and malware
removal tool. It's useful for identifying changes made to a system by
spyware, malware and other unwanted programs. It creates detailed
reports of registry and file settings, and also includes advanced tools
and scripting ability for manually removing malware.
OTL does not make any determination whether an entry is good or bad.
For help diagnosing the logs generated, view the tutorial, or ask for
free assistance.
Sometimes malware will block OTL.exe by name, or all executables. In that case try one of these alternatives.
is a program that searches for and deletes
Adware, Toolbars, Potentially Unwanted Programs (PUP), and browser
Hijackers from your computer. By using AdwCleaner you can easily remove
many of these types of programs for a better user experience on your
computer and while browsing the web.
The types of programs that AdwCleaner targets are typically bundled
with free programs that you download from the web. In many cases when
you download and install a program, the install will state that these
programs will be installed along with the program you downloaded.
Unless you perform a Custom install, these unwanted programs will
automatically be installed on your computer leaving you with extra
browser toolbars, adware, and other unwanted programs. AdwCleaner is
designed to search for and remove these types of programs.
is a program that will attempt to terminate all malicious
processes that are running on your machine, so that we will be able to
perform the next step without being interrupted by this malicious
software.
Because this utility will only stops the running process, and does not
delete any files, after running it you should not reboot your computer
as any malware processes that are configured to start automatically will
just be started again.
As part of its self defense mechanism, some types of malware will
install a rootkit on the infected computer, which will compromise the
Windows loading process.In this first step, we will run a system scan
with Kaspersky TDSSKiller to remove this rootkit
Using cutting edge technology found in our enterprise-grade software,
this powerful tool detects all types of malicious software on your
computer—including viruses, spyware, rootkits and Conficker—and returns
it to a working state.
The tool has direct access to virus data from SophosLabs, our global
network of threat researchers, ensuring that even the very latest
viruses are detected and removed. And it works alongside your existing
antivirus.
