Archive | July, 2016

Automater – IP & URL OSINT Tool For Analysis


Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, and VirusTotal.

Automater - IP & URL OSINT Analysis

By default, if Automater does not find data available it will not submit the target to that site to get data. If you would like Automater to use an HTTP POST to send target data to a source like IPVoid or URLVoid use –p

There are also new output methods. –o will output to a file in the same format that is printed to screen, -c will output a csv, and –w will output an html file.

Usage

It does take Automater a little longer to run then it used to. That is because a delay of 2 seconds between requests was implemented to ensure sources don’t get overloaded. You can modify this delay with a –d .

Automater is now very easily extensible even for those that are not familiar with python. All the sources that are queried and what they are queried for are contained in sites.xml. This must be in the same directory as Automater.py and all the other .py’s that Automater ships with.

You can download Automater here:

TekDefense-Automater-master.zip

Or read more here.

Posted in: Hacking Tools, Networking Hacking Tools

Topic: Hacking Tools, Networking Hacking Tools


Latest Posts:


LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.


Android Malware Giving Phones a Hummer


So Android Malware has always been quite a problem, especially with it being so easy to install random .apk files and the proliferation of 3rd party app stores. Also so many people with rooted phones and the fact that software installed can root your phone and take complete control.

Android Malware Giving Phones a Hummer

The current worry is the Hummer trojan which is spreading and is hard to stop plus it’s quite invasive as it downloads porn app and displays pop-ups.

Security researchers are warning about the continuing spread of Hummer, a powerful trojan that roots handsets, downloads pornographic applications, and displays pop-up ads at random intervals.

Hummer first came up on the logs of Cheetah Mobile’s security team in August 2014, but spent eight months in obscurity before starting to blow up. By March of this year, 1.4 million handsets were infected on a given day and many users were powerless to get rid of it.

“If the virus developer were able to make $0.50 USD (the average cost of getting a new installation) every time the virus installed an application on a smartphone, the group behind this trojan family would be able to make over $500,000 USD daily,” the company said in a blog post.

The problem lies in the rooting capabilities of the malware. With the most recent iterations of the Hummer code, there are 18 separate software tools for rooting a handset once the code has been downloaded. Once rooted, even a factory reset may not fully wipe up after a Hummer infection.


It’s a pretty powerful set of tools this Hummer with 18 different ways to root a handset, there aren’t many details out – but I’d imagine most of them focus on older versions of Android.

This would also explain the greater spread in Asia where phones tend to be lower end, with older versions of Android and a lot of alternative app stores come pre-installed on Indian and Chinese hand-sets.

Indian users are the hardest hit by the malware, with Indonesia second and China third. The bulk of infections are found among Asian users, although Hummer has popped up in most locations around the world in smaller numbers.

It appears that the people spreading Hummer are Chinese – the malware uses 12 domain names to update the apps it pushes onto the phones, and some of these domains lead back to a single email address in the Middle Kingdom. A Chinese member of an open source message-board also uploaded part of the code that makes up Hummer – by accident, the researchers believe.

The infection point is thought to be third-party app stores. While Google has largely cleaned malware out of its official Play store, secondary markets are less careful about checking code and Hummer can be disguised as a legitimate-looking app.

Surprise, surprise it appears to come from China. With the complexity of the rooting capabilities it’s probably some kind of team, or company churning out these things. Even with the rough calculations above, they could be making millions of dollars a day.

And, there will be more – so be on guard always.

Source: The Register

Posted in: Malware

Topic: Malware


Latest Posts:


LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.


ERTS – Exploit Reliability Testing System


ERTS or Exploit Reliability Testing System is a Python based tool to calculate the reliability of an exploit based on the number of times the exploit is able to control EIP register with the desired address/value.

Exploit Reliability Testing System

It’s created to help you code reliable exploits and take the manual parts out of running and re-running exploits and targets apps to assess the damage.

ERTS is a very simple script for Windows to determine with a percentage score, how reliable an exploit is. The script uses CDB.EXE to detect the crash and record the registers state.

You can download ERTS here:

ERTS.py

Or read more here.

Posted in: Exploits/Vulnerabilities, Secure Coding

Topic: Exploits/Vulnerabilities, Secure Coding


Latest Posts:


LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.