CyberChef is a simple, intuitive web app for carrying out all manner of “cyber” operations within a web browser. These operations include simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more.
The tool is designed to enable both technical and non-technical analysts to manipulate data in complex ways without having to deal with complex tools or algorithms. It was conceived, designed, built and incrementally improved by an analyst in their 10% innovation time over several years. Every effort has been made to structure the code in a readable and extendable format, however it should be noted that the analyst is not a professional developer.
- Drag and drop
- Operations can be dragged in and out of the recipe list, or reorganised.
- Files can be dragged over the input box to load them directly.
- Auto Bake
- Whenever you modify the input or the recipe, CyberChef will automatically “bake” for you and produce the output immediately.
- This can be turned off and operated manually if it is affecting performance (if the input is very large, for instance).
- If any bake takes longer than 200 milliseconds, auto bake will be switched off automatically to prevent further performance issues.
- You can set breakpoints on any operation in your recipe to pause execution before running it.
- You can also step through the recipe one operation at a time to see what the data looks like at each stage.
- Save and load recipes
- If you come up with an awesome recipe that you know you’ll want to use again, just click save and add it to your local storage. It’ll be waiting for you next time you visit CyberChef.
- You can also copy a URL which includes your recipe and input which can be shared with others.
- If you know the name of the operation you want or a word associated with it, start typing it into the search field and any matching operations will immediately be shown.
- When you highlight text in the input or output, the offset and length values will be displayed and, if possible, the corresponding data will be highlighted in the output or input respectively
- Save to file and load from file
- You can save the output to a file at any time or load a file by dragging and dropping it into the input field (note that files larger than about 500kb may cause your browser to hang or even crash due to the way that browsers handle large amounts of textual data).
- CyberChef is entirely client-side
- It should be noted that none of your input or recipe configuration is ever sent to the CyberChef web server – all processing is carried out within your browser, on your own computer.
- Due to this feature, CyberChef can be compiled into a single HTML file. You can download this file and drop it into a virtual machine, share it with other people, or use it independently on your desktop.
CyberChef is built to support
- Google Chrome 40+
- Mozilla Firefox 35+
- Microsoft Edge 14+
You can find a live demo here: CyberChef
You can download CyberChef here:
Or read more here.
Ghost Phisher is a Wireless and Ethernet security auditing and phishing attack tool written using the Python Programming Language and the Python Qt GUI library, the program is able to emulate access points and deploy.
The tool comes with a fake DNS server, fake DHCP server, fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database. It could be used as a honey pot and could be used to service DHCP requests, DNS requests or phishing attacks.
- HTTP Server
- Inbuilt RFC 1035 DNS Server
- Inbuilt RFC 2131 DHCP Server
- Webpage Hosting and Credential Logger (Phishing)
- Wifi Access point Emulator
- Session Hijacking (Passive and Ethernet Modes)
- ARP Cache Poisoning (MITM and DOS Attacks)
- Penetration using Metasploit Bindings
- Automatic credential logging using SQlite Database
- Update Support
The Program requires the following to run properly:
The following dependencies can be installed using the Debian package installer command on Debian based systems using “apt-get install program” or otherwise downloaded and installed manually.
- Python Qt4
- Metasploit Framework (Optional)
You can download Ghost Phisher here:
Or you can read more here.
Following shortly after the .io domain cock-up that left thousands vulnerable to domain hijacking, this week more than 750 domains were jacked via registrar Gandi.
Seems like some pretty sloppy administration going on, but that’s how business goes sadly security is still a very much reactive trade. People don’t enable strict controls and audit unless it’s either a) legally mandated or b) sh*t hits the fan.
More than 750 domain names were hijacked through the internet’s own systems, registrar Gandi has admitted.
Late last week, an unknown individual managed to get hold of the company’s login to one of its technical providers, which then connects to no fewer than 27 other top-level domains, including .asia, .au, .ch, .jp and .se.
Using that login, the attacker managed to change the domain details on the official name servers for 751 domains on a range of top-level domains, and redirect them all to a specific website serving up malware.
The changes went unnoticed for four hours until one the registry operators reported the suspicious changes to Gandi. Within an hour, Gandi’s technical team identified the problem, changed all the logins and started reverting the changes made – a process that took three-and-a-half hours, according to the company’s incident report, published this week.
Fortunately, the malicious changes didn’t last too long, somewhere between 8 and 11 hours (as DNS propagation takes time), someone noticed 4 hours after the changes had been made.
I wonder if the attack actually had any effect though and if anyone really installed the malware from the redirected domains, without seeing the real website? I guess it depends on each site demographics and how tech savvy the userbases are.
Taking into account the delay in updating the DNS, the domain names had been hijacked for anywhere between eight and 11 hours, Gandi admits.
Ironically, one website impacted by the attack was Swiss information security company SCRT, which has written a blog post about the hijack of its website. It notes that all of its emails were also redirected during the attack, but fortunately whoever carried out the attack did not set up email servers to grab them.
Gandi meanwhile has reset all its logins and has launched a security audit of its entire infrastructure in an effort to figure out how its logins were stolen.
“We sincerely apologize that this incident occurred,” said its report. “Please be assured that our priority remains on the security of your data and that we will continue to protect your security and privacy in the face of ever-evolving threats.”
It’s one of those things that just happens, and no one is really likely to get punished, everyone is really sorry and well tomorrow business goes on as usual.
Gandi.net is generally thought of as a solid reliable operator so I don’t think this will adversley affect them in the long term.
Source: The Register
Bluto is a Python-based tool for DNS recon, DNS zone transfer testing, DNS wild card checks, DNS brute forcing, e-mail enumeration and more.
The target domain is queried for MX and NS records. Sub-domains are passively gathered via NetCraft. The target domain NS records are each queried for potential Zone Transfers. If none of them gives up their spinach, Bluto will attempt to identify if SubDomain Wild Cards are being used.
If they are not Bluto will brute force sub-domains using parallel sub processing on the top 20000 of the ‘The Alexa Top 1 Million subdomains’ If Wild Cards are in place, Bluto will still Brute Force SubDomains but using a different technique which takes roughly 4 x longer.
NetCraft results are then presented individually and are then compared to the brute force results, any duplications are removed and particularly interesting results are highlighted.
Bluto now does email address enumeration based on the target domain, currently using Bing and Google search engines plus gathering data from the Email Hunter service and LinkedIn. https://haveibeenpwned.com/ is then used to identify if any email addresses have been compromised. Previously Bluto produced an ‘Evidence Report’ on the screen, this has now been moved off screen and into an HTML report.
Search engine queries are configured in such a way to use a random
User Agent: on each request and does a country look up to select the fastest Google server in relation to your egress address. Each request closes the connection in an attempt to further avoid captchas, however, excessive lookups will result in captchas (Bluto will warn you if any are identified).
bluto [--domain=<domain>] [-e] [-u] [--timeout=<timeout>] [--api=<key>]
bluto -h | --help
bluto -e Large Subdomain list used for bruteforcing
bluto -u Check for latest version of Bluto
bluto --timeout Set DNS timeout in seconds
bluto --domain Set target domain
bluto --api Set Hunter API key
bluto --help Help menu
bluto --version Current Bluto version
You can download Bluto here:
Or read more here.
dork-cli is a Python-based command-line Google Dork Tool to perform searches againsts Google’s custom search engine. A command-line option is always good as it allows you to script it in as part of your automated pen-testing suite. It will return a list of all the unique page results it finds, optionally filtered by a set […]
Drones have been taking over the world, everyone with a passing interest in making videos has one and DJI firmware hacking gives you the ability to remove all restrictions (no-fly zones, height and distance) which under most jurisdictions is illegal (mostly EU and FAA for the US). It’s an interesting subject, and also a controversial […]
T50 (f.k.a. F22 Raptor) is a high performance mixed packet injector tool designed to perform Stress Testing. The concept started on 2001, right after release ‘nb-isakmp.c‘, and the main goal was to have a tool to perform TCP/IP protocol fuzzing, covering common regular protocols, such as: ICMP, TCP and UDP. Why Stress Testing? Why Stress […]
PenTools is a bundle of Python and Bash penetration testing tools for the recon and information gathering stage of a PT or VA. They are fairly simple scripts but might be interesting if you are new and want to see how some things are done, or how things can be automated using Python or Bash. […]
Some clever boffins including Internet software pioneer djb have gotten libgcrypt cracked via a Side-Channel attack which has to do with the direction of a sliding window carried out in the library. Patches have already been released so update your Linux servers ASAP, even though honestly it seems like a fairly theoretical attack (this side-channel […]
OpenPuff is a professional steganography tool, with unique features you won’t find among any other free or commercial software. OpenPuff is 100% free and suitable for highly sensitive data covert transmission. The tool contains deniable steganography, carrier chains, unique layers of security and obfuscation, multiple carrier formats, is portable and is freeware (ad-free). Features Carrier […]