... neuere Einträge
Thursday, 7. July 2011
Durandal - Distributed CPU/GPU Hash Cracker v 0.5
Am Thursday, 7. Jul 2011 im Topic 'Tools'
Durandal is a distributed GPU/CPU computing software that aims to crack passwords. Mostly written in C++ with the Boost library, it works on many systems, however it is only
built for Windows and GNU/Linux for the moment, on the x86 and x64 platforms.
Durandal is freely available under the GPLv3 license.
Features
Windows (XP, Vista, 7) and GNU/Linux support
32bits and 64bits support
Usual hash functions : MD5, SHA1, SHA256, SHA512, NTLMv1, MySQL (all versions)
SSE2 optimized, Nvidia CUDA support
Server, agent and administration console
Network communications with XML over HTTP (proxy support)
Download
http://durandal-project.org/download.html
built for Windows and GNU/Linux for the moment, on the x86 and x64 platforms.
Durandal is freely available under the GPLv3 license.
Features
Windows (XP, Vista, 7) and GNU/Linux support
32bits and 64bits support
Usual hash functions : MD5, SHA1, SHA256, SHA512, NTLMv1, MySQL (all versions)
SSE2 optimized, Nvidia CUDA support
Server, agent and administration console
Network communications with XML over HTTP (proxy support)
Download
http://durandal-project.org/download.html
Wednesday, 6. July 2011
Sniffjoke 0.4.2 - Linux
Am Wednesday, 6. Jul 2011 im Topic 'Tools'
“SniffJoke (Sj) implements a set of anti sniffing technology itself, but begins developed as a modular framework.
Will easily be supported by a security community that want to exploit and explore sniffing faults. SniffJoke is an application for Linux that handle transparently your TCP connection, delaying, modifying and injecting fake packets inside your transmission, make them almost impossible to be correctly read by a passive wiretapping technology (IDS or sniffer). An internet client running SniffJoke injects in the transmission flow some packets able to seriously disturb passive analysis like sniffing, interception and low level information theft. No server supports needed!“
Download Sniffjoke v0.4.2 (sniffjoke-0.4.2.tar.bz2)
https://github.com/vecna/sniffjoke/downloads
Will easily be supported by a security community that want to exploit and explore sniffing faults. SniffJoke is an application for Linux that handle transparently your TCP connection, delaying, modifying and injecting fake packets inside your transmission, make them almost impossible to be correctly read by a passive wiretapping technology (IDS or sniffer). An internet client running SniffJoke injects in the transmission flow some packets able to seriously disturb passive analysis like sniffing, interception and low level information theft. No server supports needed!“
Download Sniffjoke v0.4.2 (sniffjoke-0.4.2.tar.bz2)
https://github.com/vecna/sniffjoke/downloads
Skipfish-2.01b - Linux
Am Wednesday, 6. Jul 2011 im Topic 'Tools'
A fully automated, active web application security reconnaissance tool. Key features:
High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.
Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.
Download:
http://code.google.com/p/skipfish/downloads/list
High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.
Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.
Download:
http://code.google.com/p/skipfish/downloads/list
Monday, 4. July 2011
HTTrack Windows
Am Monday, 4. Jul 2011 im Topic 'Tools'
What is HTTrack:
It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arranges the original site's relative link-structure. Simply open a page of the "mirrored" website in your browser, and you can browse the site from link to link, as if you were viewing it online. HTTrack can also update an existing mirrored site, and resume interrupted downloads. HTTrack is fully configurable, and has an integrated help system. WinHTTrack is the Windows 2000/XP/Vista/Seven release of HTTrack.
Where is the home page?
You can find the official homepage at this URL:
http://www.httrack.com/
It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arranges the original site's relative link-structure. Simply open a page of the "mirrored" website in your browser, and you can browse the site from link to link, as if you were viewing it online. HTTrack can also update an existing mirrored site, and resume interrupted downloads. HTTrack is fully configurable, and has an integrated help system. WinHTTrack is the Windows 2000/XP/Vista/Seven release of HTTrack.
Where is the home page?
You can find the official homepage at this URL:
http://www.httrack.com/
Thursday, 30. June 2011
Exe2Vbs v1.6
Am Thursday, 30. Jun 2011 im Topic 'Tools'
Convert exe file to vbs & hta file
Download
http://purgatory-vx.host.sk/index.php?Tools:Utility:Exe2Vbs_v1.6
Download
http://purgatory-vx.host.sk/index.php?Tools:Utility:Exe2Vbs_v1.6
Social-Engineer Toolkit v1.5 - Fast-Track Linux
Am Thursday, 30. Jun 2011 im Topic 'Tools'
The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.
Official change log:
Added shell.py to support both Linux and OSX for the SET Interactive Shell, uses same code repository
Added shell to support Linux/OSX for SET Interactive Shell
Added download to support Linux/OSX for SET Interactive Shell
Added upload to support Linux/OSX for SET Interactive Shell
Added ps to support Linux/OSX for SET Interactive Shell
Added kill to support Linux/OSX for SET Interative Shell
Fixed a bug in mass mailer where TLS would execute after ehlo not before. Thanks pr1me
Changed download path to replace forward and back slashes with a _ so it would not cause strange nix issues with back slashes and forward slashes in the SET Interactive Shell
Added better integer handling when running listener.py by itself without specifying a port
Redesignated filename shell.binary to shell.windows and shell.linux (PE vs. ELF binary)
Added separate installers for shell.linux and shell.osx, to many differences between the two and needed different compiling.
Added instructions in shell.py how to compile for each flavor operating system including windows, linux, and osx
Added reboot now into the SET interactive Shell
Added persistence to the SET interactive shell with a completely custom written python-bytecompiled service. Essentially uploads service to victim, that calls interactive shell every 30 minutes
Added name distinguishing per windows/posix systems so it will show up POSIX or WINDOWS on interactive shell, will also show WINDOWSUAC-SAFE and WINDOWSSYSTEM.
Added the MS11-050 IE mshtml!CObjectElement Use After Free exploit from Metasploit
Added dynamic packing to download/upload for persistence, better AV avoidance
Added MS11-050, Adobe Flash 10.2.153.1, and Cisco AnyConnect Metasploit exploits to the SET web gui
Added ‘clear’ and ‘cls’ in the SET Interactive Menu to remove whats in the screen, etc.
When using the java docbase exploit, removed ‘Client Login’ for title frame, isn’t needed
Added back command to the SET interactive shell to go back when in different menus
Fixed a bug where it would state payloadprep not defined, it was caused to UPX not fully packing the device at time of upload, a 3 second delay has been added
To download the Social-Engineer Toolkit, type the following:
root@fortress:/pentest/exploits/# svn co http://svn.secmaniac.com/social_engineering_toolkit set/
Or you can download the tarball here: Download here
http://www.secmaniac.com/files/set.tar.gz
To download Fast-Track, type the following:
root@fortress:/pentest/exploits/# svn co http://svn.secmaniac.com/fasttrack fasttrack/
Official change log:
Added shell.py to support both Linux and OSX for the SET Interactive Shell, uses same code repository
Added shell to support Linux/OSX for SET Interactive Shell
Added download to support Linux/OSX for SET Interactive Shell
Added upload to support Linux/OSX for SET Interactive Shell
Added ps to support Linux/OSX for SET Interactive Shell
Added kill to support Linux/OSX for SET Interative Shell
Fixed a bug in mass mailer where TLS would execute after ehlo not before. Thanks pr1me
Changed download path to replace forward and back slashes with a _ so it would not cause strange nix issues with back slashes and forward slashes in the SET Interactive Shell
Added better integer handling when running listener.py by itself without specifying a port
Redesignated filename shell.binary to shell.windows and shell.linux (PE vs. ELF binary)
Added separate installers for shell.linux and shell.osx, to many differences between the two and needed different compiling.
Added instructions in shell.py how to compile for each flavor operating system including windows, linux, and osx
Added reboot now into the SET interactive Shell
Added persistence to the SET interactive shell with a completely custom written python-bytecompiled service. Essentially uploads service to victim, that calls interactive shell every 30 minutes
Added name distinguishing per windows/posix systems so it will show up POSIX or WINDOWS on interactive shell, will also show WINDOWSUAC-SAFE and WINDOWSSYSTEM.
Added the MS11-050 IE mshtml!CObjectElement Use After Free exploit from Metasploit
Added dynamic packing to download/upload for persistence, better AV avoidance
Added MS11-050, Adobe Flash 10.2.153.1, and Cisco AnyConnect Metasploit exploits to the SET web gui
Added ‘clear’ and ‘cls’ in the SET Interactive Menu to remove whats in the screen, etc.
When using the java docbase exploit, removed ‘Client Login’ for title frame, isn’t needed
Added back command to the SET interactive shell to go back when in different menus
Fixed a bug where it would state payloadprep not defined, it was caused to UPX not fully packing the device at time of upload, a 3 second delay has been added
To download the Social-Engineer Toolkit, type the following:
root@fortress:/pentest/exploits/# svn co http://svn.secmaniac.com/social_engineering_toolkit set/
Or you can download the tarball here: Download here
http://www.secmaniac.com/files/set.tar.gz
To download Fast-Track, type the following:
root@fortress:/pentest/exploits/# svn co http://svn.secmaniac.com/fasttrack fasttrack/
Wednesday, 29. June 2011
OWASP Mantra - Security Framework v.6.1
Am Wednesday, 29. Jun 2011 im Topic 'Tools'
Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers, security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. Mantra is a security framework which can be very helpful in performing all the five phases of attacks including reconnaissance, scanning and enumeration, gaining access, escalation of privileges, maintaining access, and covering tracks. Apart from that it also contains a set of tools targeted for web developers and code debuggers which makes it handy for both offensive security and defensive security related tasks.
Download: http://www.getmantra.com
More: https://www.owasp.org
Download: http://www.getmantra.com
More: https://www.owasp.org
XSSF - Cross-Site Scripting Framework v.2.0 Released Linux
Am Wednesday, 29. Jun 2011 im Topic 'Tools'
XSSF - Cross-Site Scripting Framework v.2.0 Released
The Cross-Site Scripting Framework (XSSF) is a security tool designed to turn the XSS vulnerability exploitation task into a much easier work. The XSSF project aims to demonstrate the real dangers of XSS vulnerabilities, vulgarizing their exploitation. This project is created solely for education, penetration testing and lawful research purposes.
XSSF allows creating a communication channel with the targeted browser (from a XSS vulnerability) in order to perform further attacks. Users are free to select existing modules (a module = an attack) in order to target specific browsers.
XSSF provides a powerfull documented API, which facilitates development of modules and attacks. In addition, its integration into the Metasploit Framework allows users to launch MSF browser based exploit easilly from an XSS vulnerability.
Download: https://code.google.com/p/xssf/downloads/list
Video demo: http://www.youtube.com/user/X0x1RG9f
The Cross-Site Scripting Framework (XSSF) is a security tool designed to turn the XSS vulnerability exploitation task into a much easier work. The XSSF project aims to demonstrate the real dangers of XSS vulnerabilities, vulgarizing their exploitation. This project is created solely for education, penetration testing and lawful research purposes.
XSSF allows creating a communication channel with the targeted browser (from a XSS vulnerability) in order to perform further attacks. Users are free to select existing modules (a module = an attack) in order to target specific browsers.
XSSF provides a powerfull documented API, which facilitates development of modules and attacks. In addition, its integration into the Metasploit Framework allows users to launch MSF browser based exploit easilly from an XSS vulnerability.
Download: https://code.google.com/p/xssf/downloads/list
Video demo: http://www.youtube.com/user/X0x1RG9f
