List of Free Internet of Things (IoT) Security Scanner

Internet of Things (IoT) Security / Vulnerability Scanners:

Retina IoT (RIoT) Scanner:

Many ‘Internet of Things’ devices use default or hard-coded passwords, making them easy prey for attackers. A new generation of distributed denial of service (DDoS) attacks (think Mirai) have emerged, and they want your IoT devices. Take the first step toward protecting defenseless IoT devices.

  

Organizations now have the ability to reliably identify at-risk IoT devices, such as IP cameras, DVRs, printers, routers, and more. Powered by Retina , an award-winning vulnerability scanner trusted by thousands of organizations, and delivered via the simplicity of BeyondSaaS ’ cloud-based interface, RIoT gives you an attacker’s view of your IoT devices and their associated vulnerabilities.

Image Source & Download Link : https://www.beyondtrust.com/free-iot-vulnerability-scanner/

Shodan: is the world's first search engine for Internet-connected devices. 

Use Shodan to discover which of your devices are connected to the Internet, where they are located and who is using them.

Image Source & Download  URL : https://iotscanner.bullguard.com/



 Kaspersky IoT Scanner:

Android app analyzes your home network, makes a list of all connected devices, and reveals common vulnerabilities.

After installation, IoT Scanner scans your home network and locates all of the devices connected to it. Then, the application scans specific network ports on those devices and finds out which of the ports are open and which are closed.

If IoT Scanner detects that some devices have open ports that can be potentially exploited, then the app will notify and prompt the user to close those ports, thus patching the hole.

Image Source & Download URL : https://play.google.com/store/apps/details?id=com.kaspersky.iot.scanner

IoTSeeker -
                   is a free tool created for you by the Rapid7 Metasploit team, and we welcome your feedback. The tool will be periodically updated to include more device types which are of potential risk. 

Image Source & Download URL :https://information.rapid7.com/iotseeker.html

Bitdefender (IoT Scanner )

Bitdefender Home Scanner looks for vulnerable devices and passwords, and offers detailed security recommendations for your home network.

Image Source & Download URL : https://www.bitdefender.com/solutions/home-scanner.html

Internet of Things ( IoT ) -Botnet Scanner

Do you have open ports that botnets can exploit? Press the button below for a quick check.

Image Source & Download URL : https://scanme.iotdef.com/

Mirai Vulnerability Scanner : ( IoT)

Scan to see if your network hosts a device vulnerable to Mirai injection attacks. This scanner will identify and probe all devices that share your TCP/IP address. Mirai primarily targets Internet of Things (IoT) devices, such as routers, DVRS and CCTV cameras. The Mirai botnet has been used in some of the largest known DDoS attacks. This includes the recent takedown of Dyn DNS services, which led to the unavailability of major websites and services to many millions of users in Europe and North America.

Image Source & Downlaod Link :  https://www.incapsula.com/mirai-scanner/#

COBRA - Crysis / Dharma Ransomware

COBRA CRYSIS - NEW VARIANT OF RANSOMWARE

New variant of the Crysis / Dharma ransomware that adds the .cobra extension to the encrypted files

Recently, security researcher Jakub Kroustek discovered a new ransomware sample that appears to be a new variant of the ransomware Crysis that appends the .cobra extension to the file name of the encrypted file.

It is not known exactly how this variant is distributed, but in the past Crysis is normally propagated by piracy in remote desktop services and manually installs the ransomware.
When this variant of Cobra ransomware is installed, a computer will be scanned for data files and encryption of them. When you encrypt a file, an extension will be added in the .id- [id]. [E-mail] .cobra format .id- [id]. [E-mail] .cobra .id- [id]. [E-mail] .cobra . For example, a file called pepe.jpg was encrypted and the name was changed to pepe.jpg.id-BCBEF350.[Cranbery@colorendgrace.com].cobra .

 
It should be noted that this ransomware will encrypt assigned network drives and unassigned network shares. Therefore, it is important to make sure that the actions of your network are blocked so that only those who really need access have permission.
When this variant encodes a computer, it will also remove all plumes from volume snapshots on the machine so that they can not be used to recover encrypted files. It is removed by running the vssadmin delete shadows /all /quiet .
 
This ransomware will also create two different rescue notes on the infected machine. One of them is the file info.hta , which was launched by an automatic execution when a user initiates a session on the computer.

The other note is called encrypted files !!. Txt and can be found on the desktop.
Both rescue notes contain instructions to contact cranbery@colorendgrace.com in order to obtain payment instructions.
 
Finally, the ransomware will be configured to start automatically when it connects to Windows. This allows you to encrypt new files that are created since the last time executed.

It is not possible to decipher the new variant of Crysis Cobra

Unfortunately, at this time it is not possible to decrypt the files encrypted by the .cobra Crysis ransomware for free. The only way to recover the encrypted files is through a backup, or if you are unbelievably lucky, through volume snapshots. Although Crysis does not attempt to remove volume snapshots, in rare cases, ransomware infections do not do so for any reason.

How to protect yourself from the Crysis ransomware

In order to protect yourself from Crysis, or from any ransomware, it is important that you use good computer habits and security software. First and foremost, you should always have a reliable and proven backup of data that can be restored in the event of an emergency, such as an attack on the ransomware. You must also have security software that contains behavioral detections such as squared Anti-Malware, Malwarebytes, or HitmanPro

IOC :

COBRA SHA256: de6376e23536b3039afe6b0645da4fc180969b1dc3cc038b1c6bd5941d88c4d8

Cobra Associated Emails:

cranbery@colorendgrace.com

 Ref Link :

https://www.hybrid-analysis.com/sample/45fb6d93d7bbfdde3d56ddad3861d85e94551c86bd1409c709ad5895d5f7e4ae?environmentId=100

https://virustotal.com/ru/file/de6376e23536b3039afe6b0645da4fc180969b1dc3cc038b1c6bd5941d88c4d8/analysis/
 

QRadar Community Edition - Free

QRadar Community Edition:

 Download and use the QRadar Community Edition for free.!!!!

Install on your laptop, run it at home, try out apps, build apps, or just have some fun !

 

Download Link :

https://www-01.ibm.com/marketing/iwm/iwm/web/preLogin.do?source=swg-qradarcom

Videos / Other Resources :

https://ibm.ent.box.com/s/ich0yyiw54y0ek6s9a66xvtjku8e42rc

Janusec - WebCruiser Ultimate Web Penetration Testing Tool

WebCruiser:-
                   Web Vulnerability Scanner for Windows, Mac OS, and iOS (iPhone/iPad) , HTTP Replay/Repeater for iPhone and iPad, SQL Injection, XSS. Also an effective and powerful web penetration testing tool that will aid you in auditing your website! It can support scanning website as well as POC (Proof of concept) for web vulnerabilities: SQL Injection, Cross Site Scripting, Local File Inclusion, Remote File Inclusion, Redirect, Obsolete Backup etc.

The most typical feature of WebCruiser comparing with other Web Vulnerability Scanners is that WebCruiser Web Vulnerability Scanner focuses on high risk vulnerabilities, and WebCruiser can scan a designated vulnerability type, or a designated URL, or a designated page separately, while the others usually will not.

 

WebCruiser v3.4.0 is available, new feature: support scanning absolete backup files which may cause potential information leakage.

User Guide : http://www.janusec.com/download/WebCruiserUserGuide.pdf

Download Link : http://www.janusec.com/download/WebCruiserPro.zip 

http://www.janusec.com/download/WebCruiser.zip

 

FireEye - GoCrack Password Cracking tool

FireEye - GoCrack Tool

                           FireEye's Innovation and Custom Engineering (ICE) team released a tool called GoCrack that allows red teams to efficiently manage password cracking tasks across multiple GPU servers by providing an easy-to-use, web-based real-time UI (Below Figure shows the dashboard) to create, view, and manage tasks. Simply deploy a GoCrack server along with a worker on every GPU/CPU capable machine and the system will automatically distribute tasks across those GPU/CPU machines.

GoCrack provides APIs to manage password cracking tasks across supported cracking engines.

Prerequisites

• Linux (Ubuntu 16.04+ although other distributions may work) or MacOS
• Computer(s) with NVIDIA or AMD GPUs

Some use cases for a password cracking tool can include cracking passwords on exfil archives, auditing password requirements in internal tools, and offensive/defensive operations. We’re releasing GoCrack to provide another tool for distributed teams to have in their arsenal for managing password cracking and recovery tasks.

Keeping in mind the sensitivity of passwords, GoCrack includes an entitlement-based system that prevents users from accessing task data unless they are the original creator or they grant additional users to the task. Modifications to a task, viewing of cracked passwords, downloading a task file, and other sensitive actions are logged and available for auditing by administrators. Engine files (files used by the cracking engine) such as Dictionaries, Mangling Rules, etc. can be uploaded as “Shared”, which allows other users to use them in task yet do not grant them the ability to download or edit. This allows for sensitive dictionaries to be used without enabling their contents to be viewed.

GoCrack is shipping with support for hashcat v3.6+, requires no external database server (via a flat file), and includes support for both LDAP and database backed authentication. In the future, we plan on adding support for MySQL and Postgres database engines for larger deployments, ability to manage and edit files in the UI, automatic task expiration, and greater configuration of the hashcat engine. We’re shipping with Dockerfile’s to help jumpstart users with GoCrack. The server component can run on any Linux server with Docker installed. Users with NVIDIA GPUs can use NVIDIA Docker to run the worker in a container with full access to the GPUs.

GoCrack is available immediately for download along with its source code on the project's GitHub page. If you have any feature requests, questions, or bug reports, please file an issue in GitHub.

 Ref Link : https://github.com/fireeye/gocrack

Best / Open Source Wordpress Vulnerability Scanner

WPScan :

                 is a black box WordPress vulnerability scanner.

WPScan comes pre-installed on the following Linux distributions:

• BackBox Linux
• Kali Linux
• Pentoo
• SamuraiWTF
• ArchAssault

Prerequisites:

• Ruby >= 1.9.2 - Recommended: 2.2.1
• Curl >= 7.21 - Recommended: latest - FYI the 7.29 has a segfault
• RubyGems - Recommended: latest
• Git

 Download Link : https://github.com/wpscanteam/wpscan

Flunym0us :

                   is a Vulnerability Scanner for Wordpress and Moodle.

                 Flunym0us has been developed in Python. Flunym0us performs dictionary attacks against Web sites. By default, Flunym0us includes a dictionary for Wordpress and other for Moodle.


Flunym0us requires python.

Arguments allowed:

-h, --help: Show this help message and exit

-wp, --wordpress: Scan WordPress site

-mo, --moodle: Scan Moodle site

-H HOST, --host HOST: Website to be scanned

Download Link : https://code.google.com/p/flunym0us/downloads/list

 Timthumb :

                Vulnerability Scanner plugin will scan your entire wp-content directory for instances of any outdated and insecure version of the timthumb script, and give you the option to automatically upgrade them with a single click. Doing so will protect you from hackers looking to exploit this particular vulnerability.

            Scans your wp-content directory for vulnerable instances of timthumb.php, and optionally upgrades them to a safe version.

Download Link : https://downloads.wordpress.org/plugin/timthumb-vulnerability-scanner.zip

 Vane :

          is a GPL fork of the now non-free popular WordPress vulnerability scanner WPScan.

Prerequisites

• Windows not supported
• Ruby => 1.9
• RubyGems
• Git

Download Link : https://github.com/delvelabs/vane

WordPress Security Scan

                           Online WordPress Security Scanner to test vulnerabilities of a WordPress installation. Checks include application security, WordPress plugins, hosting environment and web server.

Online URL : http://hackertarget.com/wordpress-security-scan/

 

Best / Open Source Tools for Security / Network Monitoring

Nagios:

              is a powerful monitoring system that enables organizations to identify and resolve IT infrastructure problems before they affect critical business processes. 

              

             Nagios is a powerful, enterprise-class host, service, application, and network monitoring program. Designed to be fast, flexible, and rock-solid stable. Nagios runs on *NIX hosts and can monitor Windows, Linux/Unix/BSD, Netware, and network devices.

             Designed with scalability and flexibility in mind, Nagios gives you the peace of mind that comes from knowing your organization's business processes won't be affected by unknown outages.

             Nagios is a powerful tool that provides you with instant awareness of your organization's mission-critical IT infrastructure. Nagios allows you to detect and repair problems and mitigate future issues before they affect end-users and customers.

Download Link : http://sourceforge.net/projects/nagios/

or

http://www.nagios.org/download/

 

OpenSMART :

Open (Source|System) Monitoring and Reporting Tool, can do that for you.

OpenSMART is a rich featured monitoring and reporting tool, including:

• easy to use web frontend
• many predefined checks for application and system monitoring
• abiltiy to monitor HA cluster applications
• notification of administrators by email / SMS or anything else you can script
• collection and ad-hoc reporting of many system figures like disk space or CPU consumption
• many checks for application monitoring report their response time, too

OpenSMART saves its data (monitoring data and reporting data) in a database. This enables you to

• get your SLA reporting data from your database
• get your monthly/weekly/daily performance data from your database
• do trend analyses with your response times.

 Download Link : http://opensmart.sourceforge.net/index.php/downloads

 Icinga :

               is an enterprise grade open source monitoring system which keeps watch over networks and any conceivable network resource, notifies the user of errors and recoveries and generates performance data for reporting. Scalable and extensible, Icinga can monitor complex, large environments across dispersed locations.

Features

• Monitor host and service status
• View the whole network and map dependencies
• Gather performance and utilization data
• Build in redundancy with distributed monitoring
• Customize multiple users access, notifications and views

Download Link : https://www.icinga.org/download/

or

http://sourceforge.net/projects/icinga/

 

 Cacti :

              is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices.

 

               Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and  populate them with data in a MySQL database. The frontend is completely PHP driven.

 

Download Link : http://www.cacti.net/download_cacti.php

or 

http://sourceforge.net/projects/cacti/

NeDi :

         is a lightwheight network management framework, which is based on a scheduled discovery, a SQL backend and a web based user interface.

         NeDi proofs to be a valuable tool for the security team as well. Keep track of wired and wireless clients throughout your entire network. You’ll be able to see IP changes and which hosts have more than one address. The upcoming host identification feature, expands NeDi’s awareness beyond the network layers and can locate vulnerable SSH servers for example…

Download Link : http://www.nedi.ch/download/

or

http://sourceforge.net/projects/nedi/?source=navbar

Observium :

                 is an autodiscovering PHP/MySQL based network monitoring system focused primarily on Cisco and Linux networks but includes support for a wide range of network hardware and operating systems.

                 Observium is an autodiscovering network monitoring platform supporting a wide range of hardware platforms and operating systems including Cisco, Windows, Linux, HP, Juniper, Dell, FreeBSD, Brocade, Netscaler, NetApp and many more. Observium seeks to provide a powerful yet simple and intuitive interface to the health and status of your network.

                 Observium Community is available free and open source. Observium Professional adds rapid patches, security fixes and additional features and hardware support for a small yearly license fee.

Download Link : http://observium.org/wiki/Download

or

http://sourceforge.net/projects/projectobserver/

ZABBIX :

                is an enterprise-class open source distributed monitoring solution designed to monitor and track performance and availability of network servers, devices and other IT resources. It supports distributed and WEB monitoring, auto-discovery, and more.

An enterprise-class distributed monitoring solution for networks & apps

Zabbix Features

•     Monitor Everything
•     Enterprise Ready
•     Proactive Monitoring
•     Capacity Planning
•     True Open Source
•     Business Solutions

Download Link : http://www.zabbix.com/download.php

or

http://sourceforge.net/projects/zabbix/