Webroot WiFi Security: Expanding Our Commitment to Security & Privacy

Reading Time: ~3 min.For the past 20 years, Webroot’s technology has been driven by our dedication to protecting users from malware, viruses, and other online threats. The release of Webroot® WiFi Security—a new virtual private network (VPN) app for phones, computers, and tablets—is the next step in fulfilling our commitment to protect everyone’s right to be secure in […]
The post Webroot WiFi Security: Expanding Our Commitment to Security & Privacy appeared first on Webroot Blog.

Link: https://www.webroot.com/blog/2018/10/17/webroot-wifi-security-expanding-our-commitment-to-security-privacy/

ANDRAX – The First And Unique Penetration Testing Platform For Android Smartphones

ANDRAX The first and unique Penetration Testing platform for Android smartphonesWhat is ANDRAXANDRAX is a penetration testing platform developed specifically for Android smartphones, ANDRAX has the ability to run natively on Android so it behaves like a common Linux distribution, But more powerful than a common distribution!Why is Android so powerful?Simple, everyone has a smartphone and spends all the time with it! We have the possibility to camouflage easily in the middle of everyone, the processor architecture of most Android smartphones is ARM a modern and robust architecture extremely superior to the rest, With touch screens we can run the tools with great agility and take advantage of the graphical interface of Android, we can get in almost anywhere with our smartphones…In technical terms, ANDRAX and NetHunter should never be compared, ANDRAX is a penetration testing platform for Android smartphones and NetHunter is just a Debian emulator running with chroot.Termux is not our enemy, Termux is an application that allows installation of many Linux packages using a Debian environment running natively on Android.ANDRAX and Termux have a similar development, ANDRAX and Termux share many libs and GNU/Linux resources.But Termux is not a penetration testing platform, it’s software to bring basic tools found in a Debian environment. Penetration tests are not something basic! But advanced techniques that involve advanced tools and a advanced environment to conduct good tests!So you can install many tools manually in Termux but it would be extremely difficult to optimize and configure them to take 100% of the required potential for penetration testing.Termux runs without root privileges and this makes it very difficult to use advanced tools. Features and ToolsTool listInformation GatheringWhoisBind DNS toolsDnsreconRaccoonDNS-CrackerFirewalkScanningNmap – Network MapperMasscanSSLScanAmapPacket CraftingHping3NpingScapyHexinjectNcatSocatNetwork HackingARPSpoofBettercapMITMProxyEvilGINX2WebSite Hacking0d1nWapiti3Recon-NGPHPSploitPhotonXSSerCommixSQLMapPayloadmaskAbernathY-XSSPassword HackingHydraNcrackJohn The RipperCRUNCHWireless HackingVMP Evil APAircrack-NG ToolsCowpattyMDK3ReaverExploitationMetaSploit FrameworkRouterSploit FrameworkGetsploitOWASP ZSCRop-TOOLMore…Advanced TerminalAdvanced and Professional terminal emulator for Hacking!Dynamic Categories Overlay (DCO)Beautiful tools category system Advanced IDEComplete support for many programming languagesInformation GatheringTools for initial informations about the targetScanningTools for second stage: ScanningPacket CraftingTools to craft network packetsNetwork HackingTools for network hackingWebSite HackingTools for WebSite and WebApps HackingPassword HackingTools to break passwordsWireless HackingTools for Wireless HackingExploitationTools for Dev and launch exploitsMore info in official site.Download ANDRAX

Link: http://feedproxy.google.com/~r/PentestTools/~3/aFUTP3UzC5o/andrax-first-and-unique-penetration.html

Dex2Jar – Tools To Work With Android .Dex And Java .Class Files

dex2jar Tools to work with android .dex and java .class filesdex-reader/writer: Read/write the Dalvik Executable (.dex) file. It has a light weight API similar with ASM.d2j-dex2jar: Convert .dex file to .class files (zipped as jar)smali/baksmali: disassemble dex to smali files and assemble dex from smali files. different implementation to smali/baksmali, same syntax, but we support escape in type desc “Lcom/dex2jar\t\u1234;"other tools: d2j-decrypt-stringUsagesh d2j-dex2jar.sh -f ~/path/to/apk_to_decompile.apkAnd the output file will be apk_to_decompile-dex2jar.jar.Need help ?send email to dex2jar@googlegroups.comor post on issue trackers list above.Download Dex2Jar

Link: http://feedproxy.google.com/~r/PentestTools/~3/BSK8LiEEAUk/dex2jar-tools-to-work-with-android-dex.html

Drozer v2.4.4 – The Leading Security Assessment Framework For Android

drozer (formerly Mercury) is the leading security testing framework for Android.drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps’ IPC endpoints and the underlying OS.drozer provides tools to help you use, share and understand public Android exploits. It helps you to deploy a drozer Agent to a device through exploitation or social engineering. Using weasel (MWR’s advanced exploitation payload) drozer is able to maximise the permissions available to it by installing a full agent, injecting a limited agent into a running process, or connecting a reverse shell to act as a Remote Access Tool (RAT).drozer is open source software, maintained by MWR InfoSecurity, and can be downloaded from: mwr.to/drozerPrerequisitesPython2.7Note: On Windows please ensure that the path to the Python installation and the Scripts folder under the Python installation are added to the PATH environment variable. Protobuf 2.6 or greater Pyopenssl 16.2 or greater Twisted 10.2 or greater Java Development Kit 1.7 Note: On Windows please ensure that the path to javac.exe is added to the PATH environment variable.Android Debug BridgeInstallingBuilding Python wheelgit clone https://github.com/mwrlabs/drozer/cd drozerpython setup.py bdist_wheelInstalling Python wheelsudo pip install drozer-2.x.x-py2-none-any.whlBuilding for Debian/Ubuntu/Mintgit clone https://github.com/mwrlabs/drozer/cd drozermake debInstalling .deb (Debian/Ubuntu/Mint)sudo dpkg -i drozer-2.x.x.debBuilding for Redhat/Fedora/CentOSgit clone https://github.com/mwrlabs/drozer/cd drozermake rpmInstalling .rpm (Redhat/Fedora/CentOS)sudo rpm -I drozer-2.x.x-1.noarch.rpmBuilding for WindowsNOTE: Windows Defender and other Antivirus software will flag drozer as malware (an exploitation tool without exploit code wouldn’t be much fun!). In order to run drozer you would have to add an exception to Windows Defender and any antivirus software. Alternatively, we recommend running drozer in a Windows/Linux VM.git clone https://github.com/mwrlabs/drozer/cd drozerpython.exe setup.py bdist_msiInstalling .msi (Windows)Run dist/drozer-2.x.x.win-x.msi Arch Linuxyaourt -S drozerUsageInstalling the AgentDrozer can be installed using Android Debug Bridge (adb).Download the latest Drozer Agent here.$ adb install drozer-agent-2.x.x.apkStarting a SessionYou should now have the drozer Console installed on your PC, and the Agent running on your test device. Now, you need to connect the two and you’re ready to start exploring.We will use the server embedded in the drozer Agent to do this.If using the Android emulator, you need to set up a suitable port forward so that your PC can connect to a TCP socket opened by the Agent inside the emulator, or on the device. By default, drozer uses port 31415:$ adb forward tcp:31415 tcp:31415Now, launch the Agent, select the “Embedded Server” option and tap “Enable” to start the server. You should see a notification that the server has started.Then, on your PC, connect using the drozer Console:On Linux:$ drozer console connectOn Windows:> drozer.bat console connectIf using a real device, the IP address of the device on the network must be specified:On Linux:$ drozer console connect –server 192.168.0.10On Windows:> drozer.bat console connect –server 192.168.0.10You should be presented with a drozer command prompt:selecting f75640f67144d9a3 (unknown sdk 4.1.1) dz>The prompt confirms the Android ID of the device you have connected to, along with the manufacturer, model and Android software version.You are now ready to start exploring the device.Command Reference Command Description run Executes a drozer module list Show a list of all drozer modules that can be executed in the current session. This hides modules that you do not have suitable permissions to run. shell Start an interactive Linux shell on the device, in the context of the Agent process. cd Mounts a particular namespace as the root of session, to avoid having to repeatedly type the full name of a module. clean Remove temporary files stored by drozer on the Android device. contributors Displays a list of people who have contributed to the drozer framework and modules in use on your system. echo Print text to the console. exit Terminate the drozer session. help Display help about a particular command or module. load Load a file containing drozer commands, and execute them in sequence. module Find and install additional drozer modules from the Internet. permissions Display a list of the permissions granted to the drozer Agent. set Store a value in a variable that will be passed as an environment variable to any Linux shells spawned by drozer. unset Remove a named variable that drozer passes to any Linux shells that it spawns. Contacting the Projectdrozer is Open Source software, made great by contributions from the community.For full source code, to report bugs, suggest features and contribute patches please see our Github project:https://github.com/mwrlabs/drozerBug reports, feature requests, comments and questions can be submitted here.Follow the latest drozer news, follow the project on Twitter:@mwrdrozerDownload Drozer

Link: http://feedproxy.google.com/~r/PentestTools/~3/gWlKeA3JnbA/drozer-v244-leading-security-assessment.html

Droidefense – Advance Android Malware Analysis Framework

Droidefense (originally named atom: analysis through observation machine)* is the codename for android apps/malware analysis/reversing tool. It was built focused on security issues and tricks that malware researcher have on they every day work. For those situations on where the malware has anti-analysis routines, Droidefense attemps to bypass them in order to get to the code and ‘bad boy’ routine. Sometimes those techniques can be virtual machine detection, emulator detection, self certificate checking, pipes detection. tracer pid check, and so on.Droidefense uses an innovative idea in where the code is not decompiled rather than viewed. This allow us to get the global view of the execution workflow of the code with a 100% accuracy on gathered information. With this situation, Droidefense generates a fancy html report with the results for an easy understanding.UsageTL;DRjava -jar droidefense-cli-1.0-SNAPSHOT.jar -i /path/to/your/sample.apkDetailed usagejava -jar droidefense-cli-1.0-SNAPSHOT.jar________ .__ .___ _____ \______ \_______ ____ |__| __| _/_____/ ____\____ ____ ______ ____ | | \_ __ \/ _ \| |/ __ |/ __ \ __\/ __ \ / \ / ___// __ \ | ` \ | \( <_> ) / /_/ \ ___/| | \ ___/| | \\___ \\ ___/ /_______ /__| \____/|__\____ |\___ >__| \___ >___| /____ >\___ > \/ \/ \/ \/ \/ \/ \/ * Current build: 2017_12_05__12_07_01 * Check out on Github: https://github.com/droidefense/ * Report your issue: https://github.com/droidefense/engine/issues * Lead developer: @zerjioangusage: droidefense -d,–debug print debugging information -h,–help print this message -i,–input <apk> input .apk to be analyzed -o,–output <format> select prefered output: json json.min html -p,–profile Wait for JVM profiler -s,–show show generated report after scan -u,–unpacker <unpacker> select prefered unpacker: zip memapktool -v,–verbose be verbose -V,–version show current version information Useful infoCheckout how to compile new version at:https://github.com/droidefense/engine/wiki/CompilationCheckout report example at:https://github.com/droidefense/engine/wiki/Pornoplayer-reportCheckout execution logs at:https://github.com/droidefense/engine/wiki/Execution-logsDownload Droidefense

Link: http://feedproxy.google.com/~r/PentestTools/~3/kxw4uSm7z1I/droidefense-advance-android-malware.html

MobSF (Mobile Security Framework) v1.0 – Mobile (Android/iOS) Automated Pen-Testing Framework

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. MobSF can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz, a Web API specific security scanner. MobSF is designed to make your CI/CD or DevSecOps pipeline integration seamless.MobSF is also bundled with Android Tamer and BlackArchDocumentationSee MobSF DocumentationMobSF Static Analyzer Docker ImageAutomated prebuilt docker image of MobSF Static Analyzer is available from DockerHubdocker pull opensecurity/mobile-security-framework-mobsfdocker run -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latestOther docker options: MobSF Docker OptionsCollaboratorsAjin AbrahamDominik SchlechtMatan DobrushinVincent NadalPresentationsOWASP APPSEC EU 2016 – Slides, VideoNULLCON 2016 – Slidesc0c0n 2015 – SlidesOWASP AppSec EU 2016 – VideoG4H Webcast 2015 – VideoVideo CourseAutomated Mobile Application Security Assessment with MobSFAndroid Security Tools ExpertWhat’s New?See ChangelogScreenshotsStatic Analysis – Android APKStatic Analysis – iOS IPAStatic Analysis – Windows APPXDynamic Analysis – Android APKWeb API FuzzerCreditsAbhinav Sejpal (@Abhinav_Sejpal) – For poking me with bugs, feature requests, and UI & UX suggestions.Amrutha VC (@amruthavc) – For the new MobSF logoAnant Srivastava (@anantshri) – For Activity Tester IdeaAnto Joseph (@antojosep007) – For the help with SuperSU.Bharadwaj Machiraju (@tunnelshade_) – For writing pyWebProxy from scratchDominik Schlecht – For the awesome work on adding Windows Phone App Static Analysis to MobSFEsteban – Better Android Manifest Analysis and Static Analysis Improvement.Matan Dobrushin – For adding Android ARM Emulator support to MobSF – Special thanks goes for cuckoo-droid, I got inspierd by their code and idea for this implementation.MindMac – For writing Android Blue PillRahul (@c0dist) – Kali SupportShuxin – Android Binary AnalysisThomas Abraham – For JS Hacks on UI.Tim Brown (@timb_machine) – For the iOS Binary Analysis Ruleset.Oscar Alfonso Diaz – (@OscarAkaElvis) – For Dockerfile contributionsDownload MobSF

Link: http://feedproxy.google.com/~r/PentestTools/~3/k5pgjKUGpDQ/mobsf-mobile-security-framework-v10.html