Archive | May, 2017

evilscan – Massive IP Port Scanner

Last updated: May 30, 2017 | 3,965 views

evilscan is a Node.js based massive IP Port scanner designed for concurrency, speed and scanning large ranges of IP addresses.

evilscan - Massive IP Port Scanner

Features

Individual IP or IP range scan
Individual port, ports list, or port range
Banner grabbing (not fully implemented, works with verbose ports only)
IAC negotiation
Reverse dns
Geolocation information
Shell or JSON output
Optional progress details

Usage

Usage:

evilscan <fqdn|ipv4|cidr> [options]

1	evilscan <fqdn\|ipv4\|cidr> [options]

Example:

root@debian:~# evilscan 192.168.0.0/24 --port=21-23,80

1	root@debian:~# evilscan 192.168.0.0/24 --port=21-23,80

Options:

--port          port(s) you want to scan, examples:
                  --port=80
                  --port=21,22
                  --port=21,22,23,5900-5902
                                                                                
  --reverse       display DNS reverse lookup                                    
  
  --reversevalid  only display results having a valid reverse dns, except if
                  ports specified                                               
  
  --geo           display geoip (free maxmind)                                  
  
  --banner        display banner                                                
 
  --bannerlen     set banner length grabing
                  default 512

  --bannerraw     display raw banner (as a JSON Buffer)                         
  
  --progress      display progress indicator each seconds
                                                                                
  --status        ports status wanted in results (example --status=OT)
                  T(timeout)
                  R(refused)
                  O(open, default)
                  U(unreachable)
                                                                                
  --scan          scan method
                  tcpconnect (full connect, default)
                  tcpsyn (half opened, not yet implemented)
                  udp (not yet implemented)
                                                                                
  --concurrency   max number of simultaneous socket opened
                  default 500
                                                                                
  --timeout       maximum number of milliseconds before closing the connection
                  default 2000
                                                                                
  --display       display result format (json,xml,console)
                  default console
                                                                                
  --json          shortcut for --display=json                                   
  
  --xml           shortcut for --display=xml                                    
  
  --console       shortcut for --display=console                                
  
  --help          display help                                                  
  
  --about         display about                                                 
  
  --version       display version number

--port port(s) you want to scan, examples:

--port=80

--port=21,22

--port=21,22,23,5900-5902

--reverse display DNS reverse lookup

--reversevalid only display results having a valid reverse dns, except if

ports specified

--geo display geoip (free maxmind)

--banner display banner

--bannerlen set banner length grabing

default 512

--bannerraw display raw banner (as a JSON Buffer)

--progress display progress indicator each seconds

--status ports status wanted in results (example --status=OT)

T(timeout)

R(refused)

O(open, default)

U(unreachable)

--scan scan method

tcpconnect (full connect, default)

tcpsyn (half opened, not yet implemented)

udp (not yet implemented)

--concurrency max number of simultaneous socket opened

default 500

--timeout maximum number of milliseconds before closing the connection

default 2000

--display display result format (json,xml,console)

default console

--json shortcut for --display=json

--xml shortcut for --display=xml

--console shortcut for --display=console

--help display help

--about display about

--version display version number

Sample Output

root@debian:~# evilscan 127.0.0.1 --port=0-65535 --banner
127.0.0.1|111||open
127.0.0.1|53||open
127.0.0.1|23|Debian GNU/Linux jessie/sid\r\ndebian login:|open
127.0.0.1|5432||open
127.0.0.1|27017||open
127.0.0.1|28017||open
127.0.0.1|35223||open
127.0.0.1|35491||open
127.0.0.1|39619||open

root@debian:~# evilscan 127.0.0.1 --port=0-65535 --banner

127.0.0.1|111||open

127.0.0.1|53||open

127.0.0.1|23|Debian GNU/Linux jessie/sid\r\ndebian login:|open

127.0.0.1|5432||open

127.0.0.1|27017||open

127.0.0.1|28017||open

127.0.0.1|35223||open

127.0.0.1|35491||open

127.0.0.1|39619||open

You can download evilscan here: evilscan-master.zip

Or read more here.

Topic: Hacking Tools, Networking Hacking Tools

Latest Posts:

Quasar RAT – Windows Remote Administration Tool
Quasar is a fast and light-weight Windows remote administration tool coded in C#. Used for user support through day-to-day administrative work to monitoring.

May 28, 2020 - 211 Shares

Pingcastle – Active Directory Security Assessment Tool
PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level based on a risk and maturity framework.

May 19, 2020 - 222 Shares

Second Order – Subdomain Takeover Scanner Tool
Second Order Subdomain Takeover Scanner Tool scans web apps for second-order subdomain takeover by crawling the application and collecting URLs (and other data)

April 30, 2020 - 264 Shares

Binwalk – Firmware Security Analysis & Extraction Tool
Binwalk is a fast and easy to use Python-based firmware security analysis tool that allows for firmware analysis, reverse engineering & extracting of firmware.

April 15, 2020 - 448 Shares

zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors

March 31, 2020 - 348 Shares

Memhunter – Automated Memory Resident Malware Detection
Memhunter is an Automated Memory Resident Malware Detection tool for the hunting of memory resident malware at scale, improving threat hunter analysis process.

March 29, 2020 - 459 Shares

sheep-wolf – Exploit MD5 Collisions For Malware Detection

Last updated: May 26, 2017 | 3,223 views

sheep-wolf is a tool to help you Exploit MD5 Collisions in software, specially malware samples which are commonly detected using MD5 hash signatures.

sheep-wolf - Exploit MD5 Collisions For Malware Detection and then a malicious one (Wolf) that have the same MD5 hash. Please use this code to test if the security products in your reach use MD5 internally to fingerprint binaries and share your results by issuing a pull request updating the contents of results/!

Dependencies

32-bit Windows (virtual) machine (64-bit breaks stuff)
Visual Studio 2012 to compile the projects (Express will do)
Fastcoll for collisions
Optional: Cygwin+MinGW to compile Evilize

How does it work?

shepherd.bat executes shepherd.exe with the user supplied command line arguments
- shepher.exe generates a header file (sc.h) that contains the encrypted shellcode, the password and the CRC of the plain shellcode
shepherd.bat executes the build process of sheep.exe
- sheep.exe is built with sc.hincluded by Visual Studio
shepherd.bat executes evilize.exe
- evilize.exe calculates a special IV for the chunk of sheep.exe right before the block where the collision will happen
- evilize.exe executes fastcoll.exe with the IV as a parameter
  - fastcoll.exe generates two 128 byte colliding blocks: a and b
- evilize.exe replaces the original string buffers of sheep.exe so that they contain combinations a and b
- The resulting files (evilize/wolf.exe and evilize/sheep.exe ) have the same MD5 hashes but behave differently. The real code to be executed only appears in the memory of evilize/wolf.exe.

You can download sheep-wolf here:

sheep-wolf-master.zip

Or read more here.

Posted in: Cryptography, Forensics, Malware

Topic: Cryptography, Forensics, Malware

Latest Posts:

May 28, 2020 - 211 Shares

May 19, 2020 - 222 Shares

April 30, 2020 - 264 Shares

April 15, 2020 - 448 Shares

March 31, 2020 - 348 Shares

March 29, 2020 - 459 Shares

Massive Acunetix Online Update Brings New Features & UI

Last updated: May 24, 2017 | 1,050 views

So there’s been a massive Acunetix Online update that has pushed out a brand new UI plus a whole bunch of new features and capabilities, including really powerful stuff for security professionals and organisations who take their security seriously

Massive Acunetix Online Update Brings New Features & UI

The update has focused a lot on Usability of the UI and features for infosec pros with more powerful filtering, ability to mark things as resolved or as a false positive.

Plus some really powerful stuff like being able to assign targets scores based on their business criticality.

Updates

New web-based user interface
Targets and Vulnerabilities configured by business criticality
Integration with popular WAFs and Issue Tracking Systems
Mark Vulnerabilities as Fixed or False Positives
Custom Scan Types
Enhanced Reporting
Network Security Scanning
Added functionality for Acunetix Integrators

The reporting function is also much more powerful now with reports available in PDF and HTML plus the functionality to run a comparison to highlight differences between 2 reports.

You can read the full details of the update here:

Major Update of Acunetix Online out now!

Posted in: Advertorial, Countermeasures, Security Software

Topic: Advertorial, Countermeasures, Security Software

Latest Posts:

May 28, 2020 - 211 Shares

May 19, 2020 - 222 Shares

April 30, 2020 - 264 Shares

April 15, 2020 - 448 Shares

March 31, 2020 - 348 Shares

March 29, 2020 - 459 Shares

Sn1per – Penetration Testing Automation Scanner

Last updated: November 7, 2017 | 11,329 views

Sn1per is a penetration testing automation scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.

Sn1per - Penetration Testing Automation Scanner

Features

Automatically collects basic recon (ie. whois, ping, DNS, etc.)
Automatically launches Google hacking queries against a target domain
Automatically enumerates open ports via NMap port scanning
Automatically brute forces sub-domains, gathers DNS info and checks for zone transfers
Automatically checks for sub-domain hijacking
Automatically runs targeted NMap scripts against open ports
Automatically runs targeted Metasploit scan and exploit modules
Automatically scans all web applications for common vulnerabilities
Automatically brute forces ALL open services
Automatically test for anonymous FTP access
Automatically runs WPScan, Arachni and Nikto for all web services
Automatically enumerates NFS shares
Automatically test for anonymous LDAP access
Automatically enumerate SSL/TLS ciphers, protocols and vulnerabilities
Automatically enumerate SNMP community strings, services and users
Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067
Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers
Automatically tests for open X11 servers
Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
Performs high level enumeration of multiple hosts and subnets
Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
Automatically gathers screenshots of all web sites
Create individual workspaces to store all scan output

Modes

REPORT: Outputs all results to text in the loot directory for later reference. To enable reporting, append ‘report’ to any sniper mode or command.
STEALTH: Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking
DISCOVER: Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.
PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.
FULLPORTONLY: Performs a full detailed port scan and saves results to XML.
WEB: Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.
NOBRUTE: Launches a full scan against a target host/domain without brute forcing services.
AIRSTRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IP’s that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.
NUKE: Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke.
LOOT: Automatically organizes and displays loot folder in your browser and opens Metasploit Pro and Zenmap GUI with all port scan results. To run, type ‘sniper loot’.

There’s a sample report availabe here.

You can download Sn1per here:

Sn1per-v2.4.zip

Or read more here.

Posted in: Hacking Tools

Topic: Hacking Tools

Latest Posts:

May 28, 2020 - 211 Shares

May 19, 2020 - 222 Shares

April 30, 2020 - 264 Shares

April 15, 2020 - 448 Shares

March 31, 2020 - 348 Shares

March 29, 2020 - 459 Shares

Pybelt – The Hackers Tool Belt

Last updated: May 20, 2017 | 5,609 views

Pybelt is a Python-based hackers tool belt capable of cracking hashes without prior knowledge of the algorithm, scanning ports on a given host, searching for SQLi vulnerabilities in a given URL, verifying that your Google dorks work like they should, verifying the algorithm of a given hash, scanning a URL for XSS vulnerability, and finding usable HTTP proxies.

Pybelt - The Hackers Tool Belt

Features

Pybelt is an open source python hacking kit that comes with:

Port Scanner
SQL Injection scanner
Dork Checker
Hash Cracker
Hash Type Verification
Proxy Finder
XSS Scanner

Installation

Clone the repository:

git clone https://github.com/ekultek/pybelt.git

1	git clone https://github.com/ekultek/pybelt.git

Or download the latest release.

Once you have the program installed cd into the directory and run the following command:

pip install -r requirements.txt

1	pip install -r requirements.txt

This will install all of the programs needed libraries and should be able to be run from there.

You can download Pybelt here:

Pybelt-1,0.zip

Or read more here.

Posted in: Cryptography, Hacking Tools, Networking Hacking Tools

Topic: Cryptography, Hacking Tools, Networking Hacking Tools

Latest Posts:

May 28, 2020 - 211 Shares

May 19, 2020 - 222 Shares

April 30, 2020 - 264 Shares

April 15, 2020 - 448 Shares

March 31, 2020 - 348 Shares

March 29, 2020 - 459 Shares

UK Schedule 7 – Man Charged For Not Sharing Password

Last updated: May 19, 2017 | 1,154 views

Finally UK Schedule 7 of the Terrorism Act 2000 is finally being enacted and is no longer an idle threat, so be aware it’s not only the USA that has these kind of draconian laws.

UK Schedule 7 - Man Charged For Not Sharing Password

A man who refused to share his phone and laptop passwords has been charged under Schedule 7, which is pretty shitty.

British police have charged a man under antiterror laws after he refused to hand over his phone and laptop passwords.

Muhammad Rabbani, international director of CAGE, was arrested at Heathrow in November after declining to unlock his devices, claiming they contained confidential testimony describing torture in Afghanistan as well as information on high-ranking officials. CAGE positions itself as a non-profit organization that represents and supports families affected by the West’s TWAT (aka The War On Terror).

On Wednesday this week, he was charged under Schedule 7 of the Terrorism Act 2000: specifically, he is accused of obstructing or hampering an investigation by refusing to cough up his login details.

“On 20 November 2016, at Heathrow Airport, he did willfully obstruct, or sought to frustrate, an examination or search under Schedule 7 of the Terrorism Act 2000, contrary to paragraph 18(1)(c) of that Schedule,” London’s Metropolitan Police alleged. “He is due to appear in Westminster Magistrates’ Court on 20 June.”

Rabbani apparently committed the offense last November and was protecting some pretty heavy evidence it seems and he also been stopped under Schedule 7 many times.

This time it’s going to court and three months jail time is no joke.

If found guilty, Rabbani could face up to three months in prison and a fine of £2,500 (US$3,242). He has said he will fight the case and is hopeful of winning. He claims he has been stopped under Schedule 7 about 20 times and has always refused to hand over his passwords. However, it appears that the Met is now ready to test this case in court, so formal charges have been brought.

Schedule 7 was controversial when it was first introduced by the Blair administration. Back then it was claimed by the Labour government that it would be used only in extreme terrorism cases, but since then has been used plenty of times – most notably to hold the partner of Glenn Greenwald over the leaking of the Snowden archives.

What makes Schedule 7 rather tricksy is that no evidence is required to pull someone over for questioning under the law. Usually, Brit officers must have at least reasonable suspicion of a crime before collaring a suspect, but under these antiterror rules, they can hold and quiz people for up to nine hours with no evidence at all.

To be fair Cage does have a bit of a dodgy reputation for being terrorism apologists, so he does fit a certain profile that would explain the 20+ Schedule 7 stops.

And if he’s really carrying such sensitive data in the open on his laptop and phone he’s a bit of a n00b ain’t he?

Source: The Register

Posted in: Legal Issues, Privacy

Topic: Legal Issues, Privacy

Latest Posts:

May 28, 2020 - 211 Shares

May 19, 2020 - 222 Shares

April 30, 2020 - 264 Shares

April 15, 2020 - 448 Shares

March 31, 2020 - 348 Shares

March 29, 2020 - 459 Shares

1 2 Next →

Navigation

Archive | May, 2017

Features

Usage

Sample Output

Latest Posts:

Dependencies

How does it work?

Latest Posts:

Updates

Latest Posts:

Features

Modes

Latest Posts:

Features

Installation

Latest Posts:

Latest Posts: