Quantcast
Channel: Scanner – Security List Networkβ„’
Viewing all 271 articles
Browse latest View live
↧

Swissnet – The swiss army knife of net utilities and penetration testing.

$
0
0

Swissnet is the swiss army knife of net utilities and penetration testing. By malforming packets, or poisoning caches, you too can gain complete power over your network. Swissnet has an easy to use graphical interface, and a CLI, for which ever fits your needs. DoS an entire network with DHCP Starvation, or quietly listen in to confedential conversations with ARP poisoning. Plus, Swissnet has built in tools to keep your IP confidential from your victim. With Swissnet at the ease of your disposal, you can gain control over your network, easily, swiftly, and quietly.

swissnet cli

swissnet cli

Dependencies:
+ Python 3.5
+ aircrack-ng

Features:
* Dos Attack
++ dhcpimage/ DHCP Starvation: Starve your current network of DHCP resources DoSing every client connected.
++ reflect attack: Scans IPs, then performs a reflection attack with scanned ips on a specified VICTIM.
++ Syn Flood: Flood specified VICTIM with TCP SYN requests. Set PORT to β€˜all’ to flood all ports.
++ Udp Flood: Flood specifed VICTIM with UDP requests on all ports.
* Poison
++ Mac Table Overflow: Overflow a network switch’s [VICTIM’s] MAC table, causing all traffic to flood out all ports. Use the Packet Sniffer to pick up this traffic.
++Arp Poison: Send spoofed ARP packets to VICTIM, so that the VICTIM beleives you are HOST.
* Scanner
++ Quiet Scan: Quietly scan for IPs connected to BSSID by monitoring frames. This way, no packets will be sent. Plus, you do not need to be connnected to the network for this to work
++ Ip Scan: Scan for all IPs currentlty on the network. NOTE: This method is fast, but not quiet and your IP will be recorded.
++ PortScan: Scan ports 1 to MAXPORT of specified VICTIM to see which are open. NOTE: This method is not quiet and your IP will be recorded.
++ Lookup: Lookup information about HOST.
* Sniffers
++ SSID Snifer: Sniff for wireless networks in your area.
++ Packet Sniffer: Sniff for incoming Packets and display packet info.

swissnet gui

swissnet gui

Usage and Download:

git clone https://github.com/SemiDev/Swissnet && cd Swissnet
cd src
sudo python3 main.py [For GUI]
sudo python3 main.py -c -h [NOTE: Swissnet will not work without root privileges]

Source: https://github.com/SemiDev

↧

sqlmap v1.0.11 – Automatic SQL injection and database takeover tool.

$
0
0

Changelog sqlmap v1.0.11:
+ Fix several typos
+ Extra: Preventing obnoxious β€˜install git’ on MacOS.
+ xml: Revisiting banner xmls (Issue #2239).
+ bug fixes sql error? (Android Qpython) #2245
+ txt: Unhandled exception bug fixes #2257

sqlmap v1.0.11

sqlmap v1.0.11

sqlmap v1.0.10

sqlmap v1.0.10

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

SqlmaThis Tools has been tested on Kali-Sana, Arch Linux, Ubuntu, Debian platform.

SqlmaThis Tools has been tested on Kali-Sana, Arch Linux, Ubuntu, Debian platform & Mac OSX.

Installation :

git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
cd sqlmap-dev
python sqlmap.py -hh (for basic full Option)

Update:
python sqlmap.py --update

Source : http://sqlmap.org | Our Post Before | Download: 1.0.11.zip | 1.0.11.tar.gz

↧
↧

BBScan v1.1 – is a tiny Batch weB vulnerability Scanner.

$
0
0

BBScan is a tiny Batch weB vulnerability Scanner with
Features:
+ Backup_Files : urls for Info Disclosure.
+ Directory traversal
+ Java web Config detection
+ php info and test.
+ regex function to search doc extension
+ zabbix jsrpc sql injection.

BBScan v1.1

BBScan v1.1

Requirement:
+ python 2.7.x
+ BeautifulSoup4==4.3.2
+ py2-ipaddress==3.4.1

Use and Download:

git clone https://github.com/lijiejie/BBScan && cd BBScan
pip install -r requirements.txt
Example:
python BBScan.py --host www.a.com www.b.com --browser

Upgrade:
git pull origin master

Source: https://github.com/lijiejie

↧

wpscan v2.9.2 – is a black box WordPress vulnerability scanner.

$
0
0

Changelog wpscan v2.9.2 Released 2016-11-15:
* Fixed error when detecting plugins with UTF-8 characters
* Use all possible finders to verify a detected version
* Fix error when detecting a WordPress version not in our database
* Added some additional clarification on error messages
* Upgrade terminal-table gem
* Add –cache-dir option
* Add –disable-tls-checks options
* Improve/add additional plugin passive detections
* Remove scripts when calculating page hashes
* Many other small bug fixes.

WPScan Database Statistics:
+ Total tracked wordpresses: 194
+ Total tracked plugins: 63703
+ Total tracked themes: 13835
+ Total vulnerable wordpresses: 177
+ Total vulnerable plugins: 1382
+ Total vulnerable themes: 379
+ Total wordpress vulnerabilities: 2617
+ Total plugin vulnerabilities: 2190
+ Total theme vulnerabilities: 452

wpscan v2.9.2

wpscan v2.9.2

wpscan v2.9.1

wpscan v2.9.1

WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach. details :

+ Username enumeration (from author querystring and location header)
+ Weak password cracking (multithreaded)
+ Version enumeration (from generator meta tag and from client side files)
+ Vulnerability enumeration (based on version)
+ Plugin enumeration (2220 most popular by default)
+ Plugin vulnerability enumeration (based on plugin name)
+ Plugin enumeration list generation
+ Other misc WordPress checks (theme name, dir listing,

Installation using git:

Debian:
sudo apt-get install git ruby ruby-dev libcurl4-openssl-dev make zlib1g-dev
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler
bundle install --without test --path vendor/bundle

Fedora:
sudo dnf install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel patch rpm-build
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test

ArchLinux:
pacman -Syu ruby
pacman -Syu libyaml
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test
gem install typhoeus
gem install nokogiri

Ubuntu 14.04:
sudo apt-get install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential libgmp-dev
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test

Mac OSX:
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && sudo bundle install --without test

Download :Β 2.9.2.zipΒ |Β 2.9.1.tar.gz
Source : http://wpscan.org/ | Our Post Before

↧

YAWAST v0.5.0.beta2 – The YAWAST Antecedent Web Application Security Toolkit

$
0
0

Changelog yawast v0.5.0 – In Development:
+ #75 – Use internal SSL scanner for non-standard ports
+ #84 – Improve the display of ct_precert_scts
+ #86 – Add check for Tomcat Manager & common passwords
+ #87 – Tomcat version detection via invalid HTTP verb
+ #88 – Add IP Network Info via api.iptoasn.com
+ #89 – Add IP Location Info
+ #76 – Bug: Handle error for OpenSSL version support error
+ Various code and other improvements.

YAWAST v0.5.0.beta2

yawast v0.4.0

yawast v0.4.0

This application is still very much in the early development phase; as such it should be viewed as alpha software, and thus may have bugs, perform unexpectedly, or be missing features you’d expect from a tool like this. Please keep this in mind as you use this.

yawast

yawast

Why?
Because.
This is meant to provide a easy way to perform initial analysis and information discovery. It’s not a full testing suite, and it certainly isn’t Metasploit. The idea is to provide a quick way to perform initial data collection, which can then be used to better target further tests

Tests
The following tests are performed:
+ (Generic) Info Disclosure: X-Powered-By header present
+ (Generic) Info Disclosure: X-Pingback header present
+ (Generic) Info Disclosure: X-Backend-Server header present
+ (Generic) Info Disclosure: X-Runtime header present
+ (Generic) Info Disclosure: Via header present
+ (Generic) X-Frame-Options header not present
+ (Generic) X-XSS-Protection disabled header present
+ (Generic) SSL: HSTS not enabled
+ (Generic) Source Control: Common source control directories present
+ (Generic) Presence of crossdomain.xml or clientaccesspolicy.xml
+ (Generic) Presence of WS_FTP.LOG
+ (Apache) Info Disclosure: Module listing enabled
+ (Apache) Info Disclosure: Server version
+ (Apache) Info Disclosure: OpenSSL module version
+ (Apache) Presence of /server-status
+ (Apache) Presence of /server-info
+ (IIS) Info Disclosure: Server version
+ (ASP.NET) Info Disclosure: ASP.NET version
+ (ASP.NET) Info Disclosure: ASP.NET MVC version
+ (ASP.NET) Presence of Trace.axd
+ (ASP.NET) Presence of Elmah.axd
+ (nginx) Info Disclosure: Server version
+ (PHP) Info Disclosure: PHP version
+ CMS Detection: Generic (Generator meta tag) [Real detection coming as soon as I get around to it…]
++ SSL Information:
– Certificate details
– Certification chain
– Supported Chippers
In addition to these tests, certain basic information is also displayed, such as IPs (and the PTR record for each IP), HTTP HEAD request, and others

Usage:

makesure you have ruby language
git clone https://github.com/adamcaudill/yawast && cd yawast
gem install bundler
bundle install

Ubuntu/Debian7&8/Kali2.0/Rolling
sudo apt-get install ruby ruby-dev
sudo gem install yawast

Mac OSX:
gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
\curl -sSL https://get.rvm.io | bash -s stable
source ~/.rvm/scripts/rvm
rvm install 2.2
rvm use 2.2 --default
gem install yawast

update
git pull origin master

Source: https://github.com/adamcaudill | Our Post Before

↧
↧

dork-cli ~ Command line Google dork tool.

$
0
0

dork-cli performs searches against a Google custom search engine and returns a list of all the unique page results it finds, optionally filtered by a set of dynamic page extensions. Any number of additional query terms / dorks can be specified. dork-cli was designed to be piped into an external tool such as a vulnerability scanner for automated testing purposes.
Dependencies:
– Python 2.7.x

dork-cli

Custom Search Engine:
+ Create a custom search engine via https://www.google.com/cse/
+ Add your desired domain(s) under β€œSites to search”
+ Click β€œSearch engine ID” button to reveal the id, or grab it from the β€œcx” url paramter

API key:
+ Open the Google API console at https://code.google.com/apis/console
+ Enable the Custom Search API via APIs & auth > APIs
+ Create a new API key via APIs & auth > Credentials > Create new Key
+ Select β€œBrowser key”, leave HTTP Referer blank and click Create

Usage and Dwonload:

git clone https://github.com/jgor/dork-cli && cd dork-cli
python dork-cli.py

Source: https://github.com/jgor

↧

CyberCrowl is a python Web path scanner tool.

$
0
0

CyberCrowl is a python Web path scanner tool.
Operating Systems supported:
+ Windows XP/7/8/10
+ GNU/Linux
+ MacOSX

Dependencies:
+ python 2.7.x
+ tldextract python module
+ requests python module

CyberCrowl

Latest Version v1.4 :
– Fix url redirect issue & add some features

Usage and download:

git clone https://github.com/chamli/CyberCrowl.git && cd CyberCrowl
pip install tldextract
pip install requests
python cybercrowl.py -h

Source: https://github.com/chamli

↧

wpscan v3 beta – is a black box WordPress vulnerability scanner.

$
0
0

Changelog wpscan v3 Beta Released 2017-1-27:
* All Prerequisites Changes:
+ Ruby >= 2.3.3
+ Curl >= 7.21 – Recommended: latest – FYI the 7.29 has a segfault
+ RubyGems – Recommended: latest

wpscan-v3

wpscan v2.9.2

wpscan v2.9.2

wpscan v2.9.1

wpscan v2.9.1

WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach. details :

+ Username enumeration (from author querystring and location header)
+ Weak password cracking (multithreaded)
+ Version enumeration (from generator meta tag and from client side files)
+ Vulnerability enumeration (based on version)
+ Plugin enumeration (2220 most popular by default)
+ Plugin vulnerability enumeration (based on plugin name)
+ Plugin enumeration list generation
+ Other misc WordPress checks (theme name, dir listing,

Installation using git:

Debian:
sudo apt-get install git ruby ruby-dev libcurl4-openssl-dev make zlib1g-dev
git clone https://github.com/wpscanteam/wpscan-v3.git
cd wpscan
sudo gem install bundler
bundle install --without test --path vendor/bundle

Fedora:
sudo dnf install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel patch rpm-build
git clone https://github.com/wpscanteam/wpscan-v3.git
cd wpscan
sudo gem install bundler && bundle install --without test
rake install

ArchLinux:
pacman -Syu ruby
pacman -Syu libyaml
git clone https://github.com/wpscanteam/wpscan-v3.git
cd wpscan
sudo gem install bundler && bundle install --without test
gem install typhoeus
gem install nokogiri
rake install

Ubuntu 14.04:
sudo apt-get install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential libgmp-dev
git clone https://github.com/wpscanteam/wpscan-v3.git
cd wpscan
sudo gem install bundler && bundle install --without test 
rake install

Mac OSX:
git clone https://github.com/wpscanteam/wpscan-v3.git
cd wpscan
sudo gem install bundler && sudo bundle install --without test
rake install

cd bin
./wpscan -h

Download V2 :Β 2.9.2.zipΒ |Β 2.9.1.tar.gz
Source : http://wpscan.org/ | Our Post Before

↧

iis Short name scanner v2.3.9 – scanners for IIS short filename disclosure vulnerability.

$
0
0

Changelog IIS-ShortName-Scanner v2.3.9:
+ Server Side Request Forgery)
+-+ added a new option called β€œuseProvidedURLWithoutChange”.

IIS Short Name Scanner v2.3.9

Microsoft IIS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered during the parsing of a request that contains a tilde character (~). This may allow a remote attacker to gain access to file and folder name information.

iis-short-name-scanner

iis-short-name-scanner

It is possible to detect short names of files and directories which have an 8.3 equivalent in Windows by using some vectors in several versions of Microsoft IIS. For instance, it is possible to detect all short-names of β€œ.aspx” files as they have 4 letters in their extensions.

Note: new techniques have been introduced to the latest versions of this scanner and it can now scan IIS8.5 when it is vulnerable.

It is not easy to find the original file or folder names based on the short names. However, the following methods are recommended as examples:

If you can guess the full extension (for instance .ASPX when the 8.3 extension is .ASP), always try the short name with the full extension.
Sometimes short names are listed in Google which can be used to find the actual names
Using text dictionary files is also recommended. If a name starts with another word, the second part should be guessed based on a dictionary file separately. For instance, ADDACC~1.ASP can be AddAccount.aspx, AddAccounts.aspx, AddAccurateMargine.aspx, etc
Searching in the website contents and resources can also be useful to find the full name. This can be achieved for example by searching Site Map in the Burp Suite tool.
Installation :
It has been compiled by using JDK 7. You only need to download the following files if you do not want to build this yourself:
+ IIS_shortname_scanner.jar
+ config.xml
+ run.bat
Remember to use Java v7.
You can also compile this application yourself. Please submit any issues in GitHub for further investigation. It should be straight forward to open this project in Eclipse as well.
Original research file: http://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf
Sample Usage :r988930_865622946813638_7833206368373794127_n

Usage:

git clone https://github.com/irsdl/IIS-ShortName-Scanner && cd IIS-ShortName-Scanner
java -jar iis_shortname_scanner.jar

Updates:
cd IIS-ShortName-Scanner
git pull

Download : Master.zip Β | Clone UrlΒ  | Our Post Before
Source : https://github.com/irsdl

↧
↧

Lynis v2.4.4 – is a system and security auditing tool for Unix/Linux.

$
0
0

Changelog Lynis v2.4.4 (2017-03-01):
* Changes:
+ Fix for upload function to be used from profile
+ Reduce screen output for mail section, unless –verbose is used
+ Code cleanups and removed β€˜update release’ command

* Tests:
+ AUTH-9308 – Improved test for sulogin string (Debian systems)
+ FILE-6372 – Properly deal with comment on lines in /etc/fstab
+ MAIL-8817 – New test to check Postfix configuration for errors
+ SSH -7408 – Corrected SSH check

Lynis v2.4.4

Lynis 2.4.1

lynis v2.4.0

lynis v2.4.0

lynis v2.3.3

lynis v2.3.3

lynis-v2-3-0

lynis v2.2.1

lynis v2.2.1

lynis v2.2.0

lynis v2.2.0

lynis-v-2-1-8

lynis-v-2-1-8

Lynis is a security auditing for Unix derivatives like Linux, BSD, and Solaris. It performs an in-depth security scan on the system to detect software and security issues. Besides information related to security, it will also scan for general system information, vulnerable software packages, and possible configuration issues.
We believe software should be simple, updated on a regular basis and open. You should be able to trust, understand, and even alter the software. Many agree with us, as the software is being used by thousands every day to protect their systems.

Main goals:
+ Security auditing (automated)
+ Compliance testing (e.g. PCI-DSS, HIPAA)
+ Vulnerability testing

The software aims to also assist with:
+ Configuration management
+ Software patch management
+ System hardening
+ Penetration testing
+ Malware scanning
+ Intrusion detection
Installation:

git clone https://github.com/CISOfy/lynis
cd lynis
./lynis audit system
-----------------------------------------
update
cd <your lynis folder>
git pull origin master

Or

Download : 2.4.4.zipΒ  | 2.4.4.tar.gz
Our post Before | Source: https://cisofy.com/lynis/

↧

droopescan v1.35.3 – a cms vulnerability scanner functionality.

$
0
0

Changelog droopescan v1.35.3 5/3/2017:
* New versions for all CMS: drupal, joomla, wordpress, moodle and silverstripe.

droopescan v1.35.3

droopescan

A plugin-based scanner that aids security researchers in identifying issues with several CMS:
+ Drupal.
+ SilverStripe.
+ WordPress.
Partial functionality for:
+ Joomla (version enumeration and interesting URLs only)

droopescan

droopescan

Because droopescan:
+ is fast
+ is stable
+ is up to date
+ allows simultaneous scanning of multiple sites
+ is 100% python

Features:
+ Scan types: Droopescan aims to be the most accurate by default, while not overloading the target server due to excessive concurrent requests.
+ Target specification: You can specify a particular host to scan by passing url parameter.
+ Authentication : The application fully supports .netrc files and http_proxy environment variables.
+ Output: This application supports both β€œstandard output”, meant for human consumption, or JSON, which is more suitable for machine consumption. This output is stable between major versions.

installation:

git clone https://github.com/droope/droopescan.git && cd droopescan
pip install -r requirements.txt
./droopescan scan --help
or install using pip: pip install droopescan

Updates:
git pull origin master
pip install droopescan --upgrade

Source: https://github.com/droopeΒ | Our Post Before

↧

Lynis v2.4.5 – is a system and security auditing tool for Unix/Linux.

$
0
0

Changelog Lynis 2.4.5 (2017-03-09):
Changes:
+ Allow host alias to be specified in profile
+ Code readability enhancements
+ Solaris support has been improved

Tests:
– AUTH-9328 – Add missing 0027 and 0077 umasks
– BOOT-5104 – Add initsplash and minor code enhancements
– DBS-1882 – Include Redis configuration file
– FIRE-4502 – Improved detection for iptables modules when using OpenVZ
– PKGS-7381 – Enhanced package audit for FreeBSD

Lynis v2.4.5

Lynis v2.4.4

Lynis 2.4.1

lynis v2.4.0

lynis v2.4.0

lynis v2.3.3

lynis v2.3.3

lynis-v2-3-0

lynis v2.2.1

lynis v2.2.1

lynis v2.2.0

lynis v2.2.0

lynis-v-2-1-8

lynis-v-2-1-8

Lynis is a security auditing for Unix derivatives like Linux, BSD, and Solaris. It performs an in-depth security scan on the system to detect software and security issues. Besides information related to security, it will also scan for general system information, vulnerable software packages, and possible configuration issues.
We believe software should be simple, updated on a regular basis and open. You should be able to trust, understand, and even alter the software. Many agree with us, as the software is being used by thousands every day to protect their systems.

Main goals:
+ Security auditing (automated)
+ Compliance testing (e.g. PCI-DSS, HIPAA)
+ Vulnerability testing

The software aims to also assist with:
+ Configuration management
+ Software patch management
+ System hardening
+ Penetration testing
+ Malware scanning
+ Intrusion detection
Installation:

git clone https://github.com/CISOfy/lynis
cd lynis
./lynis audit system
-----------------------------------------
update
cd <your lynis folder>
git pull origin master

Or

Download : 2.4.4.zipΒ  | 2.4.4.tar.gz
Our post Before | Source: https://cisofy.com/lynis/

↧

Multiscanner – Analyse files against multiple engines.

$
0
0

Introduction:
MultiScanner is a file analysis framework that assists the user in evaluating a set of files by automatically running a suite of tools for the user and aggregating the output. Tools can be custom built python scripts, web APIs, software running on another machine, etc. Tools are incorporated by creating modules that run in the MultiScanner framework.
Modules are designed to be quickly written and easily incorporated into the framework. Currently written and maintained modules are related to malware analytics, but the framework is not limited to that scope. For a list of modules you can look in modules, descriptions and config options can be found in docs/modules.md

multiscanner:
Modular file scanning/analysis framework

Requirements:
Python 2.7 is recommended. Compatibility with 2.7+ and 3.3+ is supported but not thoroughly maintained and tested. Please submit an issue or a pull request fixing any issues found with other versions of Python.

Usage:

git clone https://github.com/MITRECND/multiscanner && cd multiscanner
pip install -r requirements.txt
for build and install ssdeep
sudo BUILD_LIB=1 pip install ssdeep

./install.sh
python multiscanner.py init
python2 multiscanner.py -h

Source: https://github.com/MITRECND

↧
↧

Hawkeye is A project security/vulnerability/risk scanning tool.

$
0
0

Hawkeye is a project security, vulnerability and general risk highlighting tool. It has a few goals:
+ Designed to be entirely extensible by just adding new modules with the correct signature to lib/modules
+ Modules return results via a common interface, which permits consolidated reporting and artefact generation
+ Should be easy to run, be it via NPM, or Docker, on your Host, or in a CI Server

Hawkeye v0.13.2

Modules
Modules are basically little bits of code that either implement their own logic, or wrap a third party tool and standardise the output. They only run if the required criteria are met, for example; the nsp module would only run if a package.json is detected in the scan target – as a result, you don’t need to tell Hawkeye what type of project you are scanning. The modules implemented so far are:
Generic Modules:
+ File Names (files): Scan the file list recursively, looking for patterns as defined in data.js, taken from gitrob. We’re looking for things like id_rsa, things that end in pem, etc.
+ File Content Patterns (contents): Looks for patterns as defined in data.js within the contents of files, things like β€˜password: β€˜, and β€˜BEGIN RSA PRIVATE KEY’ will pop up here.
+ File Content Entropy (entropy): Scan files for strings with high (Shannon) entropy, which could indicate passwords or secrets stored in the files, for example: β€˜kwaKM@Β£rFKAM3(a2klma2d’

Node JS:
+ Node Security Project (nsp): Wraps Node Security Project to check your package.json for known vulnerabilities.
+ NPM Check Updates (ncu): Wraps NPM Check Updates to check your package.json for outdated modules.

Ruby:
+ Bundler Audit (bundlerAudit): Wraps Bundler Audit to check your Gemfile/Gemfile.lock for known vulnerabilities.

Usage and Install:

git clone https://github.com/Stono/hawkeye && cd hawkeye
npm install -g hawkeye-scanner

Docker:
docker run --rm -v $PWD:/target stono/hawkeye
docker-compose run --rm --no-deps hawkeye

hawkeye -h
hawkeye scan

Source: https://github.com/Stono

↧

Whitewidow v2.0 – an open source automated SQL vulnerability scanner.

$
0
0

Changelog whitewidow v2.0:
+ Deprecated the old payloads
+ Created a new payload file for payload extraction
+ Added compatibility for multiple different DB types
+ Complete refactor of the searching and how it works
+ Bumped version number

whitewidow v2.0

whitewidow v1.5.0

whitewidow v1.5.0

Whitewidow is an open source automated SQL vulnerability scanner, that is capable of running through a file list, or can scrape Google for potential vulnerable websites.

whitewidow v1.0.6

whitewidow v1.0.6

Dependencies:
– gem β€˜mechanize’
– gem β€˜nokogiri’, β€˜~> 1.6.7.2’
– gem β€˜rest-client’
– gem β€˜colored’

To install all gem dependencies, follow the following template:
+ cd whitewidow
+ bundle install
This should install all gems needed, and will allow you to run the program without trouble.

Usage:

git clone https://github.com/Ekultek/whitewidow && cd whitewidow
gem install bundler
bundle install

upgrade:
ruby whitewidow.r -u
git pull origin master

Download: 2.0.zipΒ  | 2.0.tar.gz
Source: https://github.com/Ekultek | Our Post Before

↧

quicksand_lite – Command line tool for scanning streams within office documents plus xor db attack.

$
0
0

Latest Change 12/5/2017:
+ added detection for EPS obfuscation using xor.
+ Remove tempnam calls.

quicksand_lite is a compact C framework to analyze suspected malware documents to 1) identify exploits in streams of different encodings, 2) locate and extract embedded executables. By having the ability to locate embedded obfuscated executables, QuickSand could detect documents that contain zero-day or unknown obfuscated exploits.

File Formats For Exploit and Active Content Detection;
– doc, docx, docm, rtf, etc
– ppt, pptx, pps, ppsx, etc
– xls, xlsx, etc
– mime mso
– eml email

quicksand – Office document malware analysis.

Features:
+ Fast document deconstruction
+ Yara API integration: Executable | Exploits | Trojans
+ Run yara signatures against decoded streams and unxored executables
+ Cryptanalysis of obfuscated executables and extraction: xor | rol/ror
+ Non bruteforce instant cracking of long 256 byte XOR keys (20-10 bytes).
+ Optional brute force 1 byte xor attack.
+ Optional brute force math cipher attack.
+ Optional xor-lookahead algorithm (xorla).
+ Pre-sandbox processing of phishing samples to extract executables/implant installers
+ Integratabtle cross platform Ansi C

Installation;

#mac: brew install automake libtool wget
#ec2 aws ami: yum install automake libtool


wget https://github.com/VirusTotal/yara/archive/v3.5.0.tar.gz
gunzip v3.5.0.tar.gz
tar -xvf v3.5.0.tar
cd yara-3.5.0
chmod 777 ./build.sh
LD_LIBRARY_PATH=/usr/local/lib
export LD_LIBRARY_PATH
LDFLAGS=-L/usr/local/opt/openssl/lib
export LDFLAGS
CPPFLAGS=-I/usr/local/opt/openssl/include
export CPPFLAGS
./build.sh
sudo make install
cd ..

wget hhttp://zlib.net/zlib-1.2.11.tar.gz
gunzip zlib-1.2.11.tar.gz
tar -xvf zlib-1.2.11.tar
cd zlib-1.2.11
./configure
make
sudo make install
cd ..

wget https://nih.at/libzip/libzip-1.1.3.tar.gz
gunzip libzip-1.1.3.tar.gz
tar -xvf libzip-1.1.3.tar
cd libzip-1.1.3
./configure
make
sudo make install
sudo ln -vs  /usr/local/lib/libzip/include/zipconf.h /usr/local/include
cd ..

git clone https://github.com/tylabs/quicksand_lite && cd quicksand_lite
./build.sh
./quicksand.out -h
./quicksand.out malware.doc

Source: https://github.com/tylabs

↧

WPSeku is a black box WordPress vulnerability scanner.

$
0
0

WPSeku is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues.
Dependencies:
– Python 2.7.x
– git and Internet Connection πŸ™‚

WPSeku v0.2

Usage:

git clone https://github.com/m4ll0k/WPSeku && cd WPSeku

Examples:
wpseku.py -t http://www.target.com
wpseku.py -t target.com/wp-admin/admin-ajax.php -q id=1&cat=2 -m POST [-x,-s,-l]
wpseku.py -t target.com/path/wp-content/plugins/hello/hello.php -q id=1&test=2 -m GET [-x,-s,-l]
wpseku.py -t http://target.com --brute [l,x] --user admin --wordlist dict.txt

Source: https://github.com/m4ll0k

↧
↧

Lynis v2.5.1 – is a system and security auditing tool for Unix/Linux.

$
0
0

Changelog Lynis v2.5.1 (2017-05-31):
Changes:
– Hebrew translation by Dolev Farhi
– Improved detection of SSL certificate files
– Minor changes to improve logging and results

Tests:
+ BOOT-5104 – Added support for macOS
+ FIRE-4524 – Determine if CSF is in testing mode
+ HTTP-6716 – Improved log message

Lynis 2.5.1

Lynis v2.4.5

Lynis v2.4.4

Lynis 2.4.1

lynis v2.4.0

lynis v2.4.0

lynis v2.3.3

lynis v2.3.3

lynis-v2-3-0

lynis v2.2.1

lynis v2.2.1

lynis v2.2.0

lynis v2.2.0

lynis-v-2-1-8

lynis-v-2-1-8

Lynis is a security auditing for Unix derivatives like Linux, BSD, and Solaris. It performs an in-depth security scan on the system to detect software and security issues. Besides information related to security, it will also scan for general system information, vulnerable software packages, and possible configuration issues.
We believe software should be simple, updated on a regular basis and open. You should be able to trust, understand, and even alter the software. Many agree with us, as the software is being used by thousands every day to protect their systems.

Main goals:
+ Security auditing (automated)
+ Compliance testing (e.g. PCI-DSS, HIPAA)
+ Vulnerability testing

The software aims to also assist with:
+ Configuration management
+ Software patch management
+ System hardening
+ Penetration testing
+ Malware scanning
+ Intrusion detection
Installation:

git clone https://github.com/CISOfy/lynis
cd lynis
./lynis audit system
-----------------------------------------
update
cd <your lynis folder>
git pull origin master

Or

Download : 2.5.1.zipΒ  | 2.5.1.tar.gz
Our post Before | Source: https://cisofy.com/lynis/

↧

angryFuzzer – tools to gather information and discover vulnerabilities.

$
0
0

AngryFuzzer is a collection of tools for pentesting to gather information and discover vulnerabilities of the targets based on Fuzzedb https://github.com/fuzzdb-project/fuzzdb project

Discover hidden files and directories on a web server. The application tries to find url relative paths of the given website by comparing them with a given set .

angryFuzzer

Features:
+ Fuzz url set from an input file
+ Concurrent relative path search
+ Configurable number of fuzzing workers
+ Fuzz CMS ==> WordPress,Drupal,Joomla
+ Generate reports of the valid paths

Usage:

git clone https://github.com/ihebski/angryFuzzer && cd angryFuzzer
python angryFuzzer.py -u http://127.0.0.1
python angryFuzzer.py -u http://127.0.0.1 --cms dp (for drupal cms)

Source: https://github.com/ihebski

↧

vais – SWF Vulnerability & Information Scanner.

$
0
0

vais is a ruby script for Vulnerability Analysis In SWF file and Find dangerous settings in the SWF and possible vulnerabilities in ActionScript.

Dependencies:
+ Ruby v2.3.x or higher
+ swfdump (apt-get install swftools)

vais

Usage:

git clone https://github.com/hahwul/vais && cd vais
ruby vais.rb -h

Example:
ruby vais.rb simpleCalendar.swf

Source: https://github.com/hahwul

↧
Viewing all 271 articles
Browse latest View live