Archive | December, 2016

Minion – Mozilla Security Testing Framework


Minion is a security testing framework built by Mozilla to bridge the gap between developers and security testers. To do so, it enables developers to scan with a wide variety of security tools, using a simple HTML-based interface.

Minion - Mozilla Security Testing Framework

It consists of three umbrella projects:


  • Minion Frontend, a Python, angular.js, and Bootstrap-based website that provides a HTML interface to authenticate and authorize users, manage sites, initiate scans, and report issues
  • Minion Backend, a Python, Flask, and Twisted-based backend that provides an API for the Minion Frontend, and acts as a middleman between the frontend and external security tools
  • Minion VM, a repository of recipes to allow quick installations of Minion either via Vagrant or Docker

Functionality

Minion has limited scanning functionality built into itself. Instead, it relies on the large variety of pre-existing open source and commercial scanning tools. These plugins include:

You can download Minion here:

Back-end: minion-backendv0.3.zip
Front-end: minion-frontend-v0.4.zip

Or read more here.

Posted in: Countermeasures, Security Software, Web Hacking

Topic: Countermeasures, Security Software, Web Hacking


Latest Posts:


Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).


HexorBase – Administer & Audit Multiple Database Servers


HexorBase is a database application designed to administer and to audit multiple database servers simultaneously from a centralised location, it is capable of performing SQL queries and brute-force attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL).

HexorBase - Administer & Audit Multiple Database Servers

It allows packet routing through proxies or even Metasploit pivoting antics to communicate with remotely inaccessible servers which are hidden within local subnets.


Requirements

  • python
  • python-qt4
  • cx_Oracle
  • python-mysqldb
  • python-psycopg2
  • python-pymssql
  • python-qscintilla2

You can download HexorBase here:

hexorbase_1.0_all.deb

Or read more here.

Posted in: Database Hacking, Hacking Tools

Topic: Database Hacking, Hacking Tools


Latest Posts:


Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).


UK Encryption Backdoor Law Passed Via Investigatory Powers Act


The latest news out of my homeland is not good, the UK encryption backdoor law passed via Investigatory Powers Act or the IPA Bill as it’s commonly known. And itself was passed through a kind of backdoor route, which avoided the scorn of the public.

UK Encryption Backdoor Law Passed Via Investigatory Powers Act

Which was good for the lawmakers, but not for the citizens as with the case of the Burr-Feinstein Bill proposed in the US which was turned around by a huge backlash.

Among the many unpleasant things in the Investigatory Powers Act that was officially signed into law this week, one that has not gained as much attention is the apparent ability for the UK government to undermine encryption and demand surveillance backdoors.

As the bill was passing through Parliament, several organizations noted their alarm at section 217 which obliged ISPs, telcos and other communications providers to let the government know in advance of any new products and services being deployed and allow the government to demand “technical” changes to software and systems.

As per the final wording of the law, comms providers on the receiving end of a “technical capacity notice” will be obliged to do various things on demand for government snoops – such as disclosing details of any system upgrades and removing “electronic protection” on encrypted communications.


There is no point at which forcing companies or service providers to develop or utilise less secure products is a good idea. That’s the problem when policy makers have no real depth in their understanding of the subject and how dangerous the decisions they are making really are.

So now browsing logs are available to the UK government and any form of encryption will be backdoored to allow the government to decrypt it if they feel like it. Great.

Thus, by “technical capability,” the government really means backdoors and deliberate security weaknesses so citizens’ encrypted online activities can be intercepted, deciphered and monitored.

In effect, the UK government has written into law a version of the much-derided Burr-Feinstein Bill proposed in the US, which would have undermined encryption in America. A backlash derailed that draft law.

No such backlash happened in the UK over the Investigatory Powers Bill, though, and so here we are. Web browser histories logged by ISPs 24/7, and the looming possibility of crippled cryptography. There may be not much point using a VPN to conceal your web activities if it can be blown open by a technical capability notice.

To be fair, there were some fears that Blighty’s law would effectively kill off the UK software industry as well as undermine Brits’ privacy, and expose them to surveillance and hacking by criminals exploiting these mandatory backdoors. This mild panic did bring about some changes to the UK’s Investigatory Powers Bill before it was passed.

Next UK will finally be introducing a mandatory ID system scheme, seen as though soon enough everyone will be linked to every transaction they conduct online, on their smart phone or on their TV.

It’s really turning into a draconian state.

Source: The Register

Posted in: Cryptography, Legal Issues, Privacy

Topic: Cryptography, Legal Issues, Privacy


Latest Posts:


Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.
Cameradar - Hack RTSP Video Surveillance CCTV Cameras Cameradar – Hack RTSP Video Surveillance CCTV Cameras
Cameradar is a Go-based tool to hack RTSP Video Surveillance CCTV Cameras, it can detect open RTSP hosts, detect device models and launch automated attacks.
dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).