Archive | June, 2018

Metta – Information Security Adversarial Simulation Tool

Use Netsparker


Metta is an information security preparedness tool in Python to help with adversarial simulation, this can help you check various detection and control capabilities within your organisation.

Metta - Information Security Adversarial Simulation Tool


This project uses Redis/Celery, python, and vagrant with virtualbox to do adversarial simulation. This allows you to test (mostly) your host based instrumentation but may also allow you to test any network based detection and controls depending on how you set up your vagrants.

Metta parses yaml files with a list of “actions” [multistep attacker behavior] and uses Celery to queue these actions up and run them one at a time requiring no manual interaction with the hosts.

You can also craft Scenarious which chain a bunch of Actions together.

Metta Adversarial Simulation Tool FAQ

1. Doesn’t atomic testing do this? Yes, but it is a manual tool. We’ve ported a bunch of the functionality into Metta.

2. Doesn’t $X do this? Maybe, create an GitHub issue and we’ll see if it makes sense to partner or port the functionality.

3. I changed some code but things aren’t working like they should. Any ideas? Try stopping your start_vagrant_celery.sh session and restarting it should pick up changes you made. In general it keeps the state of your code until you restart it. Didn’t work? create a GitHub issue.

You can download Metta here:

metta-master.zip

Or read more here.

Posted in: Countermeasures

Topic: Countermeasures


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Powershell-RAT – Gmail Exfiltration RAT

Use Netsparker


Powershell-RAT is a Python-based Gmail exfiltration RAT that can be used a Windows backdoor to send screenshots or other data as an e-mail attachment.

Powershell-RAT - Gmail Exfiltration RAT


This RAT will help you during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends the information to an attacker as an e-mail attachment.

It claims to not need Administrator access and is not currently detected by Anti-virus software.

How to setup Powershell-RAT Gmail Exfiltration RAT

  1. You need a throwaway Gmail email address
  2. Then enable “Allow less secure apps” by going to https://myaccount.google.com/lesssecureapps
  3. Modify the $username & $password variable for your account in the Mail.ps1 Powershell file
  4. Modify $msg.From & $msg.To.Add with the throwaway Gmail address

How I do use Powershell-RAT Gmail Backdoor?

  • Press 1: This option sets the execution policy to unrestricted using Set-ExecutionPolicy Unrestricted. This is useful on administrator machine
  • Press 2: This takes the screenshot of the current screen on the user machine using Shoot.ps1 Powershell script
  • Press 3: This option backdoors the user machine using schtasks and sets the task name to MicrosoftAntiVirusCriticalUpdatesCore
  • Press 4: This option sends an email from the user machine using Powershell. These uses Mail.ps1 file to send screenshot as attachment to exfiltrate data
  • Press 5: This option backdoors the user machine using schtasks and sets the task name to MicrosoftAntiVirusCriticalUpdatesUA
  • Press 6: This option deletes the screenshots from user machine to remain stealthy
  • Press 7: This option backdoors the user machine using schtasks and sets the task name to MicrosoftAntiVirusCriticalUpdatesDF
  • Press 8: This option performs all of the above with a single button press 8 on a keyboard. Attacker will receive an email every 5 minutes with screenshots as an email attachment. Screenshots will be deleted after 12 minutes
  • Press 9: Exit gracefully from the program or press Control+C

Some other related tools are:

PyExfil – Python Data Exfiltration Tools
DET – Data Exfiltration Toolkit
dnsteal – DNS Exfiltration Tool

And using Gmail as a backchannel there is:

Gdog – Python Windows Backdoor With Gmail Command & Control
Gcat – Python Backdoor Using Gmail For Command & Control

You can download Powershell-RAT here:

Powershell-RAT-master.zip

Or read more here.

Posted in: Hacking Tools

Topic: Hacking Tools


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


SCADA Hacking – Industrial Systems Woefully Insecure

The New Acunetix V12 Engine


It seems like SCADA hacking is still a topic in hacker conferences, and it should be with SCADA systems still driving power stations, manufacturing plants, refineries and all kinds of other powerful and dangerous things.

SCADA Hacking - Industrial Systems Woefully Insecure

The latest talk given on the subject shows with just 4 lines of code and a small hardware drop device a SCADA based facility can be effectively DoSed by sending repeated shutdown commands to suscpetible systems.


Industrial control systems could be exposed not just to remote hackers, but to local attacks and physical manipulation as well.

A presentation at last week’s BSides conference by researchers from INSINIA explained how a device planted on a factory floor can identify and list networks, and trigger controllers to stop processes or production lines.

The talk – Hacking SCADA: How We Attacked a Company and Lost them £1.6M with Only 4 Lines of Code – reviewed 25 years of industrial control kit, going back to the days of proprietary equipment and X21 connections before discussing proof-of-concept attacks.

Mike Godfrey, chief exec at INSINIA, told El Reg that industrial control kit has long been developed with safety, longevity and reliability in mind. Historically everything was “air-gapped” but this has changed as the equipment has been adapted to incorporate internet functionality. This facilitates remote monitoring without having to physically go around and take readings and check on devices, which are often as not in hazardous environments.


It was ok before everything started getting wired up to networks, but with SCADA systems pre-dating the kind of security controls we need to stay safe, it’s hard to retrofit them.

Especially with the control software being on outdated versions of Windows dating back to Windows 98, which is so easily popped it’s laughable (and in this case, scary).

Industrial control systems run water supply, power grid and gas distribution systems as well as factories, building management systems and more. INSINIA has developed test rigs to assess the effectiveness of real-world systems that the security consultancy is asked to check. Testing attacks such as spoofing on real-world systems is likely to bring things down, Godfrey added.

Denial-of-service in industrial control environments is easy and fuzzing (trying a range of inputs to see which causes an undesigned effect) also offers a straightforward way to uncover hacks.

INSINIA has developed a device that automatically scans networks and shuts down components. The “weaponised” Arduino micro-controller looks like a regular programmable logic controller (PLC) to other devices on the network. If it is physically planted on a targeted environment, it can quickly enumerate networks before sending stop commands. It can “kill industrial processes with only four lines of code”, according to Godfrey.

He added that it wouldn’t be possible to apply a simple reset in the event of such an attack, so a targeted environment could be taken down again and again.

BSides presentations are often accompanied by the release of proof-of-concept code but the software here exploits systemic vulnerabilities that are unlikely to be resolved any time soon, so INSINIA is not releasing the tech even to its ethical hacker peers.

Godfrey said that for industrial control plants, keeping the processes running is the prime concern. He claimed many plants “self-insure” to cover for the losses and disruption caused by security incidents, which he said already happen on an under-publicised scale.

In this case not releasing the code is a good idea as these systems are not likely to get updated ever, the more likely move forward is to decomission them and replace them with more modern, native network connected systems or even cloud based controllers – which is the direction Industrial IoT is moving in.

It’s an area which is lagging far behind other industries and is ripe for nation state attacks, if you can take another countries power grid offline, that’s a pretty significant win.

Source: The Register

Posted in: Exploits/Vulnerabilities

Topic: Exploits/Vulnerabilities


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


airgeddon – Wireless Security Auditing Script

Use Netsparker


Airgeddon is a Bash powered multi-use Wireless Security Auditing Script for Linux systems with an extremely extensive feature list.

airgeddon - Wireless Security Auditing Script


Airgeddon Wireless Security Auditing Features

  • Interface mode switcher (Monitor-Managed) keeping selection even on interface name changing
  • DoS over wireless networks using different methods. “DoS Pursuit mode” available to avoid AP channel hopping (available also on DoS performed on Evil Twin attacks)
  • Full support for 2.4Ghz and 5Ghz band
  • Assisted Handshake file capturing
  • Cleaning and optimizing Handshake captured files
  • Offline password decrypting on WPA/WPA2 captured files (dictionary, bruteforce and rule based) based on aircrack, crunch and hashcat tools.
  • Evil Twin attacks (Rogue AP)
    • Only Rogue/Fake AP version to sniff using external sniffer (Hostapd + DHCP + DoS)
    • Simple integrated sniffing (Hostapd + DHCP + DoS + Ettercap)
    • Integrated sniffing, sslstrip (Hostapd + DHCP + DoS + Ettercap + Sslstrip)
    • Integrated sniffing, sslstrip2 and BeEF browser exploitation framework (Hostapd + DHCP + DoS + Bettercap + BeEF)
    • Captive portal with “DNS blackhole” to capture wifi passwords (Hostapd + DHCP + DoS + Dnsspoff + Lighttpd)
    • Optional MAC spoofing for all Evil Twin attacks
  • WPS features
    • WPS scanning (wash). Self parameterization to avoid “bad fcs” problem
    • Custom PIN association (bully and reaver)
    • Pixie Dust attacks (bully and reaver)
    • Bruteforce PIN attacks (bully and reaver)
    • Parameterizable timeouts
    • Known WPS PINs attack (bully and reaver), based on online PIN database with auto-update
    • Integration of the most common PIN generation algorithms (ComputePIN, EasyBox, Arcadyan, etc.)
    • Offline PIN generation and the possibility to search PIN results on database for a target
  • WEP All-in-One attack (combining different techniques: Chop-Chop, Caffe Latte, ARP Replay, Hirte, Fragmentation, Fake association, etc.)
  • Compatibility with many Linux distributions
  • Easy targeting and selection in every section
  • Drag and drop files on console window for entering file paths
  • Dynamic screen resolution detection and windows auto-sizing for optimal viewing
  • Controlled Exit. Cleaning tasks and temp files. Restoring iptables after an attack that require changes on them. Option to keep monitor mode if desired on exit
  • Multilanguage support and autodetect OS language feature
  • Help hints in every zone/menu for easy use
  • Auto-update. Script checks for newer version if possible
  • Docker image for easy and quick container deployment.
  • HTTP proxy auto detection for updates

Requirements for Airgeddon Wifi Hacking Script

Airgeddon needs Bash 4.2 or later and it is compatible with any Linux distribution that has the tools needed installed. The script checks for them at the beginning.

  • ifconfig
  • iw
  • airmon-ng
  • aircrack-ng

Tested on these compatible Linux distributions

– Arch 4.6.2-1 to 4.16.4-1
– Backbox 4.5.1 to 5
– BlackArch 2016.01.10 to 2017.12.11
– CentOS 6 and 7
– Cyborg Hawk 1.1
– Debian 7 (Wheezy) to 9 (Stretch)
– Fedora 24 to 27
– Gentoo 20160514 to 20180206
– Kali 2.0, 2016.1 to 2018.2 and arm versions (Raspberry Pi)
– OpenMandriva LX3
– OpenSUSE Leap 42.1 to 42.3
– Parrot Security 2.2.1 to 3.10 and arm versions (Raspberry Pi)
– Raspbian 7 (Wheezy) to 9 (Stretch) (Raspberry Pi)
– Red Hat 7 (Maipo)
– Ubuntu/Xubuntu 15.10 to 18.04
– Wifislax 4.11.1 to 64-1.1

You can download airgeddon here:

airgeddon-v8.10.zip

Or read more here.

Posted in: Hacking Tools

Topic: Hacking Tools


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.