HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers. It supports custom rules with netfilter (block ports, hidden mode, rootkit functions etc).
The motivation is basically another layer of protection, much like a hidden firewall – setting securelevel to 2 on BSD would have a similar effect.
In a typical attack, the bad actor can alter your IPTables or UFW rules – with HiddenWall you still have another layer that can block external access because it hooks directly into netfilter from kernel land.
The author created it to protect his own servers but realised it also helps people who can’t write low-level code roll their own customized, hidden kernel modules.
If you can write low-level code, you can always add more module templates to HiddenWall.
Installing HiddenWall to Create Hidden Kernel Modules
Verify if the kernel version is 3.x, 4.x or 5.x:
|
1 |
uname -r |
Clone the repository
|
1 |
git clone https://github.com/CoolerVoid/HiddenWall |
Enter the folder
|
1 |
cd HiddenWall/module_generator |
Edit your firewall rules in directory rules/server.yaml, the python scripts use that file to generate a new firewall module.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
$ cat rules/server.yaml module_name: SandWall public_ports: 80,443,53 unhide_key: AbraKadabra hide_key: Shazam fake_device_name: usb14 liberate_in_2_out: True whitelist: - machine: ip: 192.168.100.181 open_ports: 22,21 - machine: ip: 192.168.100.22 open_ports: 22 |
If you want to study the static code to generate, look the content at directory “templates”.
Then you would want to generate a kernel module following your YAML file of rules:
|
1 |
$ python3 WallGen.py --template template/hiddenwall.c -r rules/server.yaml |
Then install it with insmod.
You can download HiddenWall here:
Or read more here.
Topic: Security Software
Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of nominated strings, filenames, binaries, deprecated functions, staging environment code/credentials etc.
It’s main function is to block content based on regular expressions.
Anything that can be specified with regular expression syntax, can be sniffed out by Anteater. You tell Anteater exactly what you don’t want to get merged, and anteater looks after the rest.
How Anteater CI/CD Security Gate Check Framework Works
If Anteater finds something, it exits with a non-zero code which in turn fails the build of your CI tool, with the idea that it would prevent a pull request merging. Any false positives are easily negated by using the same RegExp framework to cancel out the false match.
Entire projects may also be scanned also, using a recursive directory walk. With a few simple steps, it can be easily implemented into a CI/CD workflow with tooling such as Travis CI, CircleCI, Gitlab CI/CD and Jenkins.
Anteater also provides integrates with the Virus Total API, so any binaries, public IP addresses or URL’s found by Anteater, will be sent to the Virus Total API and a report will be returned. If any object is reported as malicious, it will fail the CI build job.
You can also set it to block all binaries or tamper with existing binaries (this includes PDFs, Images etc.) and you can whitelist desired binaries using a SHA256 checksum.
Using Anteater CI/CD Security Gate Checks
There is some excellent documentation for Anteater here:
Docs » Anteater – CI/CD Gate Check Framework
This includes how to get it working with CircleCI which is my personal choice for CI tooling.
In order to use the VirusTotal API, you will first require an API key. These are free to get and can be obtained by signing up to the service here.
Once you have your key, it needs to be set as an environment variable.
You can download Anteater here:
Or read more here.
Topic: Countermeasures
Stardox – Github Stargazers Information Gathering Tool
Stardox is a Python-based GitHub stargazers information gathering tool, it scrapes Github for information and displays them in a list tree view. It can be used for collecting information about your or someone else’s repository stargazers details.
GitHub allows visitors to star a repo to bookmark it for later perusal. Stars represent a casual interest in a repo, and when enough of them accumulate, it’s natural to wonder what’s driving interest. Stargazers attempts to get a handle on who these users are by finding out what else they’ve starred, which other repositories they’ve contributed to, and who’s following them on GitHub.
The Data Collected by Stardox Github Stargazers Information Gathering Tool
- Total repositories
- Total stars
- Total followers
- Total following
- Stargazer’s e-mail address
How to Install Stardox Github Stargazers Information Gathering Tool
|
1 2 3 |
git clone https://github.com/0xprateek/stardox cd stardox pip install -r requirements.txt |
Using Stardox Github Stargazers Information Gathering Tool
|
1 |
stardox.py [-h] [-v] repositoryURL |
Positional arguments:
|
1 |
repositoryURL Path to repository |
Optional arguments:
|
1 2 |
-h, --help show this help message and exit -v, --verbose Verbose |
You can download Stardox here:
Or read more here.
Topic: Hacking Tools
ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.
ZigBee continues to grow in popularity as a method for providing simple wireless communication between devices (i.e. low power/traffic, short distance), & can be found in a variety of consumer products that range from smart home automation to healthcare. Security concerns introduced by these systems are just as diverse and plentiful, underscoring a need for quality assessment tools.
This ZigBee penetration testing framework enables cybersecurity professionals, auditors, and developers to run complex interactions with ZigBee networks using a single device.
The current version of ZigDiggity is solely designed for use with the Raspbee, the RaspBee premium is ZigBee addon for Raspberry Pi with Firmware.
The RaspBee provides:
- Pluggable add on with radio module (IEEE 802.15.4) for Raspberry Pi
- Brings Raspberry Pi as LAN-ZigBee gateway
- Frequency: 2.4 GHz ISM band, can be used worldwide
- Based on Atmel´s single chip microcontroller ATmega256RFR2
- With ZigBee firmware and extensive software package to control up to 200 devices
Using ZigDiggity the ZigBee Hacking Toolkit
Currently, scripts are available in the root of the repository, they can all be run using Python3:
|
1 |
python3 listen.py -c 15 |
When running with Wireshark, root privileges may be required.
Scripts for ZigBee Hacking
- ack_attack.py – Performs the acknowledge attack against a given network.
- beacon.py – Sends a single beacon and listens for a short time. Intended for finding which networks are near you.
- find_locks.py – Examines the network traffic on a channel to determine if device behavior looks like a lock. Displays which devices it thinks are locks.
- insecure_rejoin.py – Runs an insecure rejoin attempt on the target network.
- listen.py – Listens on a channel piping all output to wireshark for viewing.
- scan.py – Moves between channels listening and piping the data to wireshark for viewing.
- unlock.py – Attempts to unlock a target lock
You can download ZigDiggity here:
Or read more here.
Topic: Hardware Hacking
RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH. RandIP – Network Mapper Features HTTP and HTTPS enumeration Python enumeration exploits SSH enumeration exploits Logger and error-code handler SSH and Telnet Timeouts to […]
Topic: Networking Hacking
Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network through which you can surf the internet anonymously without having to worry about being tracked or traced back. Tor enables users to surf the internet, chat […]
Topic: Privacy