Cyber News Rundown: Android Adware

Android Apps Riddled with Adware Another 85 photo and gaming apps have been removed from the Google Play store after they were discovered to have been distributing adware to the roughly 8 million users who had downloaded the fake apps. The adware itself is rather tricky: by sitting dormant on devices for at least 30 […]
The post Cyber News Rundown: Android Adware appeared first on Webroot Blog.

Link: https://www.webroot.com/blog/2019/08/23/cyber-news-rundown-android-adware

Hacktronian – All In One Hacking Tool For Linux & Android

***Pentesing Tools That All Hacker Needs.***HACKTRONIAN Menu :Information GatheringPassword AttacksWireless TestingExploitation ToolsSniffing & SpoofingWeb HackingPrivate Web HackingPost ExploitationInstall The HACKTRONIANInformation Gathering:NmapSetoolkitPort ScanningHost To IPwordpress userCMS scannerXSStrikeDork – Google Dorks Passive Vulnerability AuditorScan A server’s UsersCripsPassword Attacks:CuppNcrackWireless Testing:reaverpixiewpsFluxionExploitation Tools:ATSCANsqlmapShellnoobcommixFTP Auto Bypassjboss-autopwnSniffing & Spoofing:SetoolkitSSLtrippyPISHERSMTP MailerWeb Hacking:Drupal HackingInurlbrWordpress & Joomla ScannerGravity Form ScannerFile Upload CheckerWordpress Exploit ScannerWordpress Plugins ScannerShell and Directory FinderJoomla! 1.5 – 3.4.5 remote code executionVbulletin 5.X remote code executionBruteX – Automatically brute force all services running on a targetArachni – Web Application Security Scanner FrameworkPrivate Web Hacking:Get all websitesGet joomla websitesGet wordpress websitesControl Panel FinderZip Files FinderUpload File FinderGet server usersSQli ScannerPorts Scan (range of ports)ports Scan (common ports)Get server InfoBypass CloudflarePost Exploitation:Shell CheckerPOETWeemanInstallation in Linux:This Tool Must Run As ROOT !!!git clone https://github.com/thehackingsage/hacktronian.gitcd hacktronianchmod +x install.sh./install.shThat’s it.. you can execute tool by typing hacktronianInstallation in Android:Open Termuxpkg install gitpkg install pythongit clone https://github.com/thehackingsage/hacktronian.gitcd hacktronianchmod +x hacktronian.pypython2 hacktronian.pyVideo Tutorial :Download Hacktronian

Link: http://feedproxy.google.com/~r/PentestTools/~3/yV_fdYg2NkU/hacktronian-all-in-one-hacking-tool-for.html

Truegaze – Static Analysis Tool For Android/iOS Apps Focusing On Security Issues Outside The Source Code

A static analysis tool for Android and iOS applications focusing on security issues outside the source code such as resource strings, third party libraries and configuration files.RequirementsPython 3 is required and you can find all required modules in the requirements.txt file. Only tested on Python 3.7 but should work on other 3.x releases. No plans to 2.x support at this time.InstallationYou can install this via PIP as follows:pip install truegazetruegazeTo download and run manually, do the following:git clone https://github.com/nightwatchcybersecurity/truegaze.gitcd truegazepip -r requirements.txtpython -m truegaze.cliHow to useTo list modules:truegaze listTo scan an application:truegaze scan test.apktruegaze scan test.ipaSample outputListing modules:user@localhost:~/$ truegaze listTotal active plugins: 1+—————-+——————————————+———+——+| Name | Description | Android | iOS |+—————-+——————————————+———+——+| AdobeMobileSdk | Detection of incorrect SSL configuration | True | True || | in the Adobe Mobile SDK | | |+—————-+——————————————+———+——+Scanning an application:user@localhost:~/$ truegaze scan ~/test.ipaIdentified as an iOS application via a manifest located at: Payload/IPAPatch-DummyApp.app/Info.plistScanning using the “AdobeMobileSdk" plugin– Found 1 configuration file(s)– Scanning "Payload/IPAPatch-DummyApp.app/Base.lproj/ADBMobileConfig.json’—- FOUND: The ["analytics"]["ssl"] setting is missing or false – SSL is not being used—- FOUND: The ["remotes"]["analytics.poi"] URL doesn’t use SSL: http://assets.example.com/c234243g4g4rg.json—- FOUND: The ["remotes"]["messages"] URL doesn’t use SSL: http://assets.example.com/b34343443egerg.json—- FOUND: A "templateurl" in ["messages"]["payload"] doesn’t use SSL: http://my.server.com/?user={user.name}&zip={user.zip}&c16={%sdkver%}&c27=cln,{a.PrevSessionLength}—- FOUND: A "templateurl" in ["messages"]["payload"] doesn’t use SSL: http://my.43434server.com/?user={user.name}&zip={user.zip}&c16={%sdkver%}&c27=cl n,{a.PrevSessionLength}Done!Display installed version:user@localhost:~/$ truegaze versionCurrent version: v0.2StructureThe application is command line and will consist of several modules that check for various vulnerabilities. Each module does its own scanning, and all results get printed to command line.Reporting bugs and feature requestsPlease use the GitHub issue tracker to report issues or suggest features: https://github.com/nightwatchcybersecurity/truegazeYou can also send emai to research /at/ nightwatchcybersecurity [dot] comWishlistMore unit test coverage for code that interacts with ClickAbility to extract additional files from online sourceAbility to check if a particular vulnerability is exploitableAbility to produce JSON or XML output that can feed into other toolsMore modules!About the name"True Gaze" or "Истинное Зрение" is a magical spell that reveals the invisible (from the book "Last Watch" by Sergei Lukyanenko)Download Truegaze

Link: http://feedproxy.google.com/~r/PentestTools/~3/UP7CEeZKDqo/truegaze-static-analysis-tool-for.html