Friday, August 10, 2018

Packet Capture ( PCAP ) File Analysis Tools

PacketTotal:

                  allows you to upload a PCAP, or packet capture, file and have it automatically analyzed and parsed against BRO IDS and Suricata signatures in order to provide information on what may have been detected in the capture file.

                         


URL : https://packettotal.com/

Microsoft Message Analyzer:

 is the successor to Microsoft Network Monitor. It is helpful in capturing, displaying, and analyzing protocol messaging traffic and other system messages. It is not only an effective tool for troubleshooting network issues, but for testing and verifying protocol implementations as well.
                  




              

Message Analyzer can certainly be used to analyze .pcap files.  The tool is generic and not specific to Microsoft, but certainly more focus is put on the Windows scenarios so Microsoft related parsers are kept up to date.  However, you can analyze virtually any kind of data, going beyond network captures like EVT, ETW, CSV and many more.

Tools -> Options -> Parsing

Download Link : https://www.microsoft.com/en-in/download/details.aspx?id=44226

CapAnalysis:

               is a web visual tool for information security specialists, system administrators and everyone who needs to analyze large amounts of captured network traffic.



                      

CapAnalysis performs indexing of data set of PCAP files and presents their contents in many forms, starting from a list of TCP, UDP or ESP streams/flows, passing to the geo-graphical representation of the connections.

CapAnalysis is Open Source.

Download Link : https://www.capanalysis.net/ca/#download 

 Tcpdump

                a powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture.

                 

Its a premier network analysis tool.

Download Link : http://www.tcpdump.org/#latest-releases


PCAP Analyzer:

  is a fully graphical tool that has been developed by Daniel Botterill as part of his MSc Computer Security degree, it has been designed to take in a PCAP capture file and report back any malicious behaviour identified.
It includes the following major features:

  • Displaying of packets with support for major protocols
  • Reassembly of TCP/UDP streams and HTTP response/reply streams
  • Detection of ICMP IPV4/IPV6 address sweeps
  • Importable blacklists with settable formats
  • Detection of denial of service attacks
  • Detection of domain name fluxing & similar domains detection
  • Detection of downloaded files with support for file identifier and virus scanner input
  • Detection of port scans & port knocks
  • Detection of single fast fluxing domains & multiple IP usage domains
  • Automated parsing of Snort log for PCAP files
  • Detection of various traffic patterns: constant HTTP requests, multiple Host User-Agent Referer requests and TCP/UDP similar messages
  • Draggable and filterable network map displaying computers, connections and malicious behaviour
  • Malware release automation (Windows Only)
  • Malicious behaviour summary & uncategorised traffic


Monday, July 2, 2018

Jackhammer - Security vulnerability assessment / management tool


Jackhammer:

Security vulnerability assessment / management tool to solve all the security scanning related tasks.

What is Jackhammer?

Jackhammer is a collaboration tool built with an aim of bridging the gap between Security team vs dev team, QA team and being a facilitator for TPM to understand and track the quality of the code going into production. It could do static code analysis and dynamic analysis with inbuilt vulnerability management capability. It finds security vulnerabilities in the target applications and it helps security teams to manage the chaos in this new age of continuous integration and continuous/multiple deployments.



Key Features:

  • Provides unified interface to collaborate on findings
  • Scanning (code) can be done for all code management repositories
  • Scheduling of scans based on intervals # daily, weekly, monthly
  • Advanced false positive filtering
  • Publish vulnerabilities to bug tracking systems
  • Keep a tab on statistics and vulnerability trends in your applications
  • Integrates with majority of open source and commercial scanning tools
  • Users and Roles management giving greater control
  • Configurable severity levels on list of findings across the applications
  • Built-in vulnerability status progression
  • Easy to use filters to review targeted sets from tons of vulnerabilities
  • Asynchronous scanning (via sidekiq) that scale
  • Seamless Vulnerability Management
  • Track statistics and graph security trends in your applications
  • Easily integrates with a variety of open source, commercial and custom scanning tools.

Video demonstration for adding a new tool

Example: Nikto integration file



https://jch.olacabs.com/

Default credentials:

Username: admin@admin.com
password: admin@admin.com


Download Link :


https://github.com/olacabs/jackhammer

User / Admin Guide :


https://jch.olacabs.com/userguide/ 


Ref:
https://github.com/olacabs/jackhammer
https://jch.olacabs.com/userguide/

Monday, February 26, 2018

List of Free Internet of Things (IoT) Security Scanner

Internet of Things (IoT) Security / Vulnerability Scanners:

Retina IoT (RIoT) Scanner:

Many ‘Internet of Things’ devices use default or hard-coded passwords, making them easy prey for attackers. A new generation of distributed denial of service (DDoS) attacks (think Mirai) have emerged, and they want your IoT devices. Take the first step toward protecting defenseless IoT devices.


  

Organizations now have the ability to reliably identify at-risk IoT devices, such as IP cameras, DVRs, printers, routers, and more. Powered by Retina , an award-winning vulnerability scanner trusted by thousands of organizations, and delivered via the simplicity of BeyondSaaS ’ cloud-based interface, RIoT gives you an attacker’s view of your IoT devices and their associated vulnerabilities.




Shodan: is the world's first search engine for Internet-connected devices. 




Use Shodan to discover which of your devices are connected to the Internet, where they are located and who is using them.

Image Source & Download  URL : https://iotscanner.bullguard.com/



 Kaspersky IoT Scanner:

Android app analyzes your home network, makes a list of all connected devices, and reveals common vulnerabilities.

After installation, IoT Scanner scans your home network and locates all of the devices connected to it. Then, the application scans specific network ports on those devices and finds out which of the ports are open and which are closed.


If IoT Scanner detects that some devices have open ports that can be potentially exploited, then the app will notify and prompt the user to close those ports, thus patching the hole.

Image Source & Download URL : https://play.google.com/store/apps/details?id=com.kaspersky.iot.scanner

IoTSeeker -
                   is a free tool created for you by the Rapid7 Metasploit team, and we welcome your feedback. The tool will be periodically updated to include more device types which are of potential risk. 


Image Source & Download URL :https://information.rapid7.com/iotseeker.html


Bitdefender (IoT Scanner )

Bitdefender Home Scanner looks for vulnerable devices and passwords, and offers detailed security recommendations for your home network.


Image Source & Download URL : https://www.bitdefender.com/solutions/home-scanner.html


Internet of Things ( IoT ) -Botnet Scanner


Do you have open ports that botnets can exploit? Press the button below for a quick check.




Image Source & Download URL : https://scanme.iotdef.com/


Mirai Vulnerability Scanner : ( IoT)

Scan to see if your network hosts a device vulnerable to Mirai injection attacks. This scanner will identify and probe all devices that share your TCP/IP address. Mirai primarily targets Internet of Things (IoT) devices, such as routers, DVRS and CCTV cameras. The Mirai botnet has been used in some of the largest known DDoS attacks. This includes the recent takedown of Dyn DNS services, which led to the unavailability of major websites and services to many millions of users in Europe and North America.


Image Source & Downlaod Link :  https://www.incapsula.com/mirai-scanner/#