sheep-wolf is a tool to help you Exploit MD5 Collisions in software, specially malware samples which are commonly detected using MD5 hash signatures.
and then a malicious one (Wolf) that have the same MD5 hash. Please use this code to test if the security products in your reach use MD5 internally to fingerprint binaries and share your results by issuing a pull request updating the contents of
- 32-bit Windows (virtual) machine (64-bit breaks stuff)
- Visual Studio 2012 to compile the projects (Express will do)
- Fastcoll for collisions
- Optional: Cygwin+MinGW to compile Evilize
How does it work?
shepherd.exewith the user supplied command line arguments
shepher.exegenerates a header file (
sc.h) that contains the encrypted shellcode, the password and the CRC of the plain shellcode
shepherd.batexecutes the build process of
sheep.exeis built with
sc.hincluded by Visual Studio
evilize.execalculates a special IV for the chunk of
sheep.exeright before the block where the collision will happen
fastcoll.exewith the IV as a parameter
fastcoll.exegenerates two 128 byte colliding blocks:
evilize.exereplaces the original string buffers of
sheep.exeso that they contain combinations
- The resulting files (
evilize/sheep.exe) have the same MD5 hashes but behave differently. The real code to be executed only appears in the memory of
You can download sheep-wolf here:
Or read more here.
So there’s been a massive Acunetix Online update that has pushed out a brand new UI plus a whole bunch of new features and capabilities, including really powerful stuff for security professionals and organisations who take their security seriously
The update has focused a lot on Usability of the UI and features for infosec pros with more powerful filtering, ability to mark things as resolved or as a false positive.
Plus some really powerful stuff like being able to assign targets scores based on their business criticality.
- New web-based user interface
- Targets and Vulnerabilities configured by business criticality
- Integration with popular WAFs and Issue Tracking Systems
- Mark Vulnerabilities as Fixed or False Positives
- Custom Scan Types
- Enhanced Reporting
- Network Security Scanning
- Added functionality for Acunetix Integrators
The reporting function is also much more powerful now with reports available in PDF and HTML plus the functionality to run a comparison to highlight differences between 2 reports.
You can read the full details of the update here:
Sn1per is a penetration testing automation scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.
- Automatically collects basic recon (ie. whois, ping, DNS, etc.)
- Automatically launches Google hacking queries against a target domain
- Automatically enumerates open ports via NMap port scanning
- Automatically brute forces sub-domains, gathers DNS info and checks for zone transfers
- Automatically checks for sub-domain hijacking
- Automatically runs targeted NMap scripts against open ports
- Automatically runs targeted Metasploit scan and exploit modules
- Automatically scans all web applications for common vulnerabilities
- Automatically brute forces ALL open services
- Automatically test for anonymous FTP access
- Automatically runs WPScan, Arachni and Nikto for all web services
- Automatically enumerates NFS shares
- Automatically test for anonymous LDAP access
- Automatically enumerate SSL/TLS ciphers, protocols and vulnerabilities
- Automatically enumerate SNMP community strings, services and users
- Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067
- Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers
- Automatically tests for open X11 servers
- Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
- Performs high level enumeration of multiple hosts and subnets
- Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
- Automatically gathers screenshots of all web sites
- Create individual workspaces to store all scan output
- REPORT: Outputs all results to text in the loot directory for later reference. To enable reporting, append ‘report’ to any sniper mode or command.
- STEALTH: Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking
- DISCOVER: Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.
- PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.
- FULLPORTONLY: Performs a full detailed port scan and saves results to XML.
- WEB: Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.
- NOBRUTE: Launches a full scan against a target host/domain without brute forcing services.
- AIRSTRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IP’s that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.
- NUKE: Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke.
- LOOT: Automatically organizes and displays loot folder in your browser and opens Metasploit Pro and Zenmap GUI with all port scan results. To run, type ‘sniper loot’.
There’s a sample report availabe here.
You can download Sn1per here:
Or read more here.
Tags: automated pen-testing, automated penetration testing, automated-hacking, hacking tool, hacking toolkit, Hacking Tools, kali, kali hacking tools, pen-testing, penetration-testing, sn1per, sn1per hacking kitPosted in: Exploits/Vulnerabilities, Hacking Tools, Network Hacking, Web Hacking | Add a Comment
Pybelt is a Python-based hackers tool belt capable of cracking hashes without prior knowledge of the algorithm, scanning ports on a given host, searching for SQLi vulnerabilities in a given URL, verifying that your Google dorks work like they should, verifying the algorithm of a given hash, scanning a URL for XSS vulnerability, and finding usable HTTP proxies.
Pybelt is an open source python hacking kit that comes with:
- Port Scanner
- SQL Injection scanner
- Dork Checker
- Hash Cracker
- Hash Type Verification
- Proxy Finder
- XSS Scanner
Clone the repository:
git clone https://github.com/ekultek/pybelt.git
Or download the latest release.
Once you have the program installed cd into the directory and run the following command:
pip install -r requirements.txt
This will install all of the programs needed libraries and should be able to be run from there.
You can download Pybelt here:
Or read more here.
Finally UK Schedule 7 of the Terrorism Act 2000 is finally being enacted and is no longer an idle threat, so be aware it’s not only the USA that has these kind of draconian laws. A man who refused to share his phone and laptop passwords has been charged under Schedule 7, which is pretty […]
Github search is quite a powerful and useful feature and can be used to search for sensitive data in repositories, this Github security scanning tool comes with a collection of Github dorks that can reveal sensitive personal and/or other proprietary organisational information such as private keys, credentials, authentication tokens and so on. github-dork.py is a […]
Whilst I was away on a tropical island enjoying myself the Infosec Internet was on fire with news of the global WannaCry ransomware threat which showed up in the UK NHS and was spreading across 74 different countries. The Ransomware seems to be the first that is P2P using an SMB exploit from the NSA […]
scanless is a Python-based command-line utility that functions as a public port scan scraper, it can use websites that can perform port scans on your behalf. This is useful for early stages of penetration tests when you’d like to run a port scan on a host without having it originate from your IP address. Public […]
PwnBin is a webcrawler or Pastebin search tool which searches public pastebins for specified keywords. All pastes are then returned after sending completion signal CTRL+C. Apart from being a great tool for developers, Pastebins are often used by hackers to leak stolen credentials or d0x people. This tool can help you search pastebins for your […]
Intel finally patches the critical AMT bug discovered in March by security researcher Maksim Malyutin at Embedi, I say ‘kinda’ because it’s not really up to Intel to deploy the fix to the problem. They can’t really push out updates to CPUs, but at least they have fixed it in the firmware and now the […]