Archive | March, 2015

Pentoo – Gentoo Based Penetration Testing Linux LiveCD

Use Netsparker


Pentoo is a Gentoo based penetrating testing linux LiveCD. It’s basically a Gentoo install with lots of customized tools, customized kernel, and much more. Here is a non-exhaustive list of the features currently included:

  • Hardened Kernel with aufs patches
  • Backported Wifi stack from latest stable kernel release
  • Module loading support ala slax
  • Changes saving on usb stick
  • XFCE4 wm
  • Cuda/OPENCL cracking support with development tools
  • System updates if you got it finally installed

Pentoo - Gentoo Based Penetration Testing Linux LiveCD

Put simply, Pentoo is Gentoo with the Pentoo overlay. This overlay is available in layman so all you have to do is layman -L and layman -a pentoo. We have a pentoo/pentoo meta ebuild and multiple pentoo profiles, which will install all the pentoo tools based on USE flags.

Pentoo has been around for a LONG time, it even got a brief mention in our epic 2006 article 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) with over a million views. But it was pretty new back then, 9 years later it’s still around (unlike most of the other LiveCD distros which have disappeared).

It’s also still active and has a 2015 just released! It’s great to see such a dedicated team working on something for so many years.


Tool Categories

  • Analyzer
  • Bluetooth
  • Cracker
  • Database
  • Development
  • Exploit
  • Footprint
  • Forensics
  • Forging
  • Fuzzers
  • Misc
  • MitM
  • Pentoo
  • Proxy
  • RCE
  • Scanner
  • SIP-VOIP
  • Wireless

Notable Changes in 2015.0 RC3.7

  • Changes saving (including unetbooting support)
  • CUDA/OpenCL Enhanced cracking software
  • Kernel 3.15.5 and all needed patches for injection
  • XFCE 4.10

The full tool list is available here (it’s HUGE):

tools_list_x86_64_2014_0_RC3_5

You can download Pentoo 2015.0 RC3.7 here:

Direct – pentoo-amd64-hardened-2015.0_RC3.7.iso
Torrent – Pentoo_Linux_amd64_hardened_2015.0_RC3.7.torrent

Or read more here.

Posted in: Hacking Tools, Linux Hacking, Web Hacking

Topic: Hacking Tools, Linux Hacking, Web Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Onapsis Bizploit v1.50 – SAP Penetration Testing Framework

The New Acunetix V12 Engine


Onapsis Bizploit is an SAP penetration testing framework to assist security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized SAP security assessment. The framework currently ships with many plugins to assess the security of SAP Business Platforms. Additional plugins are available for broader platform support including Oracle.

Onapsis Bizploit v1.50 - SAP Penetration Testing Framework

Nowadays, most organizations which use SAP are going beyond the simple definition of SAP roles and profiles. They have incorporated the technical layer of their SAP platform into their regular risk assessment processes, in order to address the increased threat of cyber-attacks to their business-critical systems.


With Bizploit, you can perform basic analysis of some of the existing technical vulnerabilities affecting your SAP systems, which often pose critical risks to the integrity of the entire platform.

New in v1.50

  • New exploits for Management Console.
  • New modules for SAProuter.
  • New modules for remote execution of RFC Functions.
  • Module to detect the CTC Verb Tampering vulnerability.
  • Several bug fixes.

You can download Bizploit here (requires registration):

Windows
Linux

Or read more here.

Posted in: Database Hacking, Hacking Tools

Topic: Database Hacking, Hacking Tools


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Yasca – Multi-Language Static Analysis Toolset

Use Netsparker


Yasca is an open source program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source code. It’s basically a tool-kit for multi-language static analysis.

Yasca can scan source code written in Java, C/C++, HTML, JavaScript, ASP, ColdFusion, PHP, COBOL, .NET, and other languages

Yasca - Multi-Language Static Analysis Toolset

It leverages on external open source programs, such as:


Yasca can be used to scan specific file types, and also contains many custom scanners developed just for it. It is a command-line tool that generates reports in HTML, CSV, XML, SQLite, and other formats. Yasca is easily extensible via a plugin-based architecture, so scanning any particular file is as simple as coming up with the rules or integrating external tools. Yasca also features a simple regular-expression plugin that allows new rules to be written in less than a minute.

Yasca is written in command-line PHP and released under the BSD license.

Usage

You can download Yasca here:

yasca-2.1.zip

Or read more here.

Posted in: Secure Coding, Security Software

Topic: Secure Coding, Security Software


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


XSSYA v2.0 Released – XSS Vulnerability Confirmation Tool

Use Netsparker


We first published about XSSYA back in 2014, and it seemed to be pretty popular, there’s not a whole lot of tools in the XSS (Cross Site Scripting) space.

For those who are unfamiliar, XSSYA used to be Cross Site Scripting aka XSS Vulnerability Scanner & Confirmation tool – the scanning portion has been removed to reduce false positives and it now focuses on XSS Vulnerability Confirmation.

It uses two main methods:

  • Method number 1 for Confirmation Request and Response
  • Method number 2 for Confirmation Execute encoded payload and search for the same payload in web HTML code but decoded

XSSYA v2.0 Released - XSS Vulnerability Confirmation Tool

We have written about a couple of XSS related tools before:

XSS-Proxy – Cross Site Scripting Attack Tool
XSS Shell v0.3.9 – Cross Site Scripting Backdoor Tool


Features

  • Supports HTTPS
  • After Confirmation (execute payload to get cookies)
  • Identify 3 Types of WAF (Mod_Security – WebKnight – F5 BIG IP)
  • Can be run in Windows & Linux
  • XSSYA has a library of encoded payloads To bypass WAF (Web Application Firewall)
  • Supports saving the HTML before executing the payload

What’s new in v2.0?

  • More payloads; library contains 41 payloads to enhance detection level
  • XSS scanner is now removed from XSSYA to reduce false positive
  • URLs to be tested used to not allow any character at the end of the URL except (/ – = -?) but now this limitation has been removed
  • HTML5 Payloads
  • IP Address Conversion (Hex, DWORD, Octal etc)
  • XST (Cross Site Tracing) Detection

You can download XSSYA here:

master.zip

Or read more here.

Posted in: Hacking Tools, Web Hacking

Topic: Hacking Tools, Web Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Pinterest Bug Bounty Program Starts Paying

Use Netsparker


There’s been a fair bit of news about bug bounty programs in the past year or so, with Twitter officially starting to pay bug bounties at the end of 2014 and Google recently removing the caps from their program and making Pwnium all year round.

Pinterest Bug Bounty Program Starts Paying

The latest news is Pinterest bug bounty program has started paying (finally), before this they just offered t-shirts and were sceptical about opening up paid bounties as they were exposed to multiple flaws because they hadn’t fully adopted HTTPS.

Pinterest’s journey toward becoming a fully HTTPS website opened a lot of doors, including a potentially profitable one for hackers.

The social networking site this week announced that it would begin paying cash rewards through its bug bounty program, upping the stakes from the T-shirt it originally offered last May when it kicked off the Bugcrowd-hosted initiative.

The news complements Pinterest’s full adoption of encrypted communication and traffic from its website.

“I feel HTTPS will soon be seen as a requirement for anyone doing business online,” said Paul Moreno, security engineering lead on Pinterest’s cloud team.

Pinterest spells out the scope of its bounty program on its Bugcrowd page. The company said it will start paying between $25 and $200 for vulnerabilities found on a number of Pinterest properties, including its developer site, iOS and Android mobile applications, API, and ads pages among others.

“We have a strong experimentation culture and we feel that HTTPS foundation provides the minimal baseline for us to get higher value bugs,” Moreno told Threatpost. “We are experimenting with the paid approach for these community sourced higher value bugs and will evaluate the program periodically.”


The bug bounty payout was discussed during the announcement of their full move to HTTPS and discusses some of the issues they faced and of course the good parts of moving to a full HTTPS site.

You can read the original full blog post here: Making Pinterest HTTPS

Many high-value Internet properties have moved to HTTPS in the wake of the Snowden revelations. The continuous flow of leaked documents demonstrating the breadth of government surveillance and collection of personal data has accelerated a number of tech companies’ migrations to HTTPS.

Moreno said that Pinterest’s move to HTTPS, however, was not without its challenges. Standing out among them was the site’s working relationships with content delivery networks (CDNs) that support HTTPS and Pinterest’s digital certificates. Other expected challenges, Moreno said, were some marginal performance issues, older browser support, mixed content warnings, and referral header removal from HTTPS to HTTP sites.

Once a test was rolled out to its large Pinner community in the U.K., Moreno said some unexpected issues cropped up including CDN content that broke the site’s Pin It functionality and some sitemap files that were not updated to point to HTTPS domains. Those were addressed respectively by orchestrating a DNS change to a new CDN provider, and the implementation of a meta referrer header to support HTTPS tracking to HTTP sites.

“In addition, having multiple CDN providers that supported HTTPS gave us options for performance as well as commercial leverage,” Moreno said in a blogpost announcing the move.

“In the end, we enhanced the privacy of Pinners by enabling encryption while also hindering exploitation by way of man-in-the-middle attacks, session hijacking, content injection, etc. This also paved the way for future products that may require HTTPS to launch,” Moreno said.

The bug bounty program with more details can be found here: Pinterest @ Bugcrowd with outlines for minimum rewards.

It basically covers all Pinterest domains, mobile apps and subdomains, and there’s been a 10x increase of bugs submitted – which is not surprising really. Money is WAY better than a t-shirt.

Source: ThreatPost

Posted in: Exploits/Vulnerabilities, Web Hacking

Topic: Exploits/Vulnerabilities, Web Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


wig – CMS Identification & Information Gathering Tool

Use Netsparker


wig is a web application information gathering tool, which can identify numerous Content Management Systems and other administrative applications. It’s strength is CMS identification, it can also attempt to do OS fingerprinting.

wig - CMS Identification & Information Gathering Tool

The application fingerprinting is based on checksums and string matching of known files for different versions of CMSes. This results in a score being calculated for each detected CMS and its versions. Each detected CMS is displayed along with the most probable version(s) of it. The score calculation is based on weights and the amount of “hits” for a given checksum.

wig also tries to guess the operating system on the server based on the ‘server’ and ‘x-powered-by’ headers. A database containing known header values for different operating systems is included in wig, which allows wig to guess Microsoft Windows versions and Linux distribution and version.

Version 0.5 has just been tagged/released on Github and there are a bunch of changes since our previous posting in 2014 – wig – WebApp Information Gatherer – Identify CMS

There are various other tools which perform similar functions such as CMS identification and issue detection:

CMSmap – Content Management System Security Scanner
Droopescan – Plugin Based CMS Security Scanner
WhatWeb – Identify CMS, Blogging Platform, Stats Packages & More
BlindElephant – Web Application Fingerprinter
Web-Sorrow v1.48 – Version Detection, CMS Identification & Enumeration
Wappalyzer – Web Technology Identifier (Identify CMS, JavaScript etc.)
WPScan – WordPress Security/Vulnerability Scanner

Features

  • CMS version detection by: check sums, string matching and extraction
  • Lists detected package and platform versions such as asp.net, php, openssl, apache
  • Detects JavaScript libraries
  • Operation system fingerprinting by matching php, apache and other packages against a values in wig’s database
  • Checks for files of interest such as administrative login pages, readmes, etc
  • Currently the wig’s databases include 28,000 fingerprints
  • Reuse information from previous runs (save the cache)
  • Implement a verbose option
  • Remove dependency on ‘requests’
  • Support for proxy
  • Proper threading support
  • Included check for known vulnerabilities

Changes Since wig v.01

  • Added fingerprints for more CMS, OS, platforms
  • Improved and updated old fingerprints
  • Proxy support
  • List vulnerabilies associated with detected software version
  • Added detection of JavaScript libs
  • General site information (currently title, cookie, ip)
  • Removed requirement for 3rd party python libs (requests). Now only requires Python3
  • Improved verbose output
  • Added a cache
  • Improved structure of the output
  • Detection of generally interesting files (readme, backups, etc)
  • Implemented proper threading via thread pool

Requirements

wig is built with Python 3, and is therefore not compatible with Python 2.

Usage

You can download wig v0.5 here:

0.5.1.zip

Or read more here.

Posted in: Hacking Tools, Web Hacking

Topic: Hacking Tools, Web Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.