EasySploit – Metasploit Automation (EASIER And FASTER Than EVER)

EasySploit v3.1 (Linux) – Metasploit automation (EASIER and FASTER than EVER)Options:(1) Windows –> test.exe (payload and listener)(2) Android –> test.apk (payload and listener)(3) Linux –> test.py (payload and listener)(4) MacOS –> test.jar (payload and listener)(5) Web –> test.php (payload and listener)(6) Scan if a target is vulnerable to ms17_010(7) Exploit Windows 7/2008 x64 ONLY by IP (ms17_010_eternalblue)(8) Exploit Windows Vista/XP/2000/2003 ONLY by IP (ms17_010_psexec)(9) Exploit Windows with a link (HTA Server)(10) Contact with me – My accountsHow to install:git clone https://github.com/KALILINUXTRICKSYT/easysploit.gitcd easysploitbash installer.shHow to run (after installation):Type anywhere in your terminal “easysploit".Video tutorials:Download Easysploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/fAldiqcnlVY/easysploit-metasploit-automation-easier.html

Application News – Application Security Weekly #57

    3D fingerprints and unlocking Android, Ticking off another command injection, Alexa, audio, and annotations, STS no longer just for HTTP, and Hardenize goes beyond TLS. News Bugs, Breaches, and More! 3d fingerprints and unlocking Android Ticking off another command injection Alexa, audio, and annotations If you build it, they will come STS no […]
The post Application News – Application Security Weekly #57 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/eB6MP-oo8XU/

Androwarn – Yet Another Static Code Analyzer For Malicious Android Applications

Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviours developped by an Android application.The detection is performed with the static analysis of the application’s Dalvik bytecode, represented as Smali, with the androguard library.This analysis leads to the generation of a report, according to a technical detail level chosen from the user.FeaturesStructural and data flow analysis of the bytecode targeting different malicious behaviours categories Telephony identifiers exfiltration: IMEI, IMSI, MCC, MNC, LAC, CID, operator’s name…Device settings exfiltration: software version, usage statistics, system settings, logs…Geolocation information leakage: GPS/WiFi geolocation…Connection interfaces information exfiltration: WiFi credentials, Bluetooth MAC adress…Telephony services abuse: premium SMS sending, phone call composition…Audio/video flow interception: call recording, video capture…Remote connection establishment: socket open call, Bluetooth pairing, APN settings edit…PIM data leakage: contacts, calendar, SMS, mails, clipboard…External memory operations: file access on SD card…PIM data modification: add/delete contacts, calendar events…Arbitrary code execution: native code using JNI, UNIX command, privilege escalation…Denial of Service: event notification deactivation, file deletion, process killing, virtual keyboard disable, terminal shutdown/reboot…Report generation according to several detail levels Essential (-v 1) for newbiesAdvanced (-v 2)Expert (-v 3)Report generation according to several formats Plaintext txtFormatted html from a Bootstrap templateJSONUsageOptionsusage: androwarn [-h] -i INPUT [-o OUTPUT] [-v {1,2,3}] [-r {txt,html,json}] [-d] [-L {debug,info,warn,error,critical,DEBUG,INFO,WARN,ERROR,CRITICAL}] [-w]version: 1.4optional arguments: -h, –help show this help message and exit -i INPUT, –input INPUT APK file to analyze -o OUTPUT, –output OUTPUT Output report file (default “./_<timestamp>.<report_type>") -v {1,2,3}, –verbose {1,2,3} Verbosity level (ESSENTIAL 1, ADVANCED 2, EXPERT 3) (default 1) -r {txt,html,json}, –report {txt,html,json} Report type (default "html") -d, –display-report Display analysis results to stdout -L {debug,info,warn,error,critical,DEBUG,INFO,WARN,ERROR,CRITICAL}, –log-level {debug,info,warn,error,critical,DEBUG,INFO,WARN,ERROR,CRITICAL} Log level (default "ERROR") -w, –with-playstore-lookup Enable online lookups on Google PlayCommon usage$ python androwarn.py -i my_application_to_be_analyzed.apk -r html -v 3By default, the report is generated in the current folder.An HTML report is now contained in a standalone file, CSS/JS resources are inlined.Sample applicationA sample application has been built, concentrating several malicious behaviours.The APK is available in the _SampleApplication/bin/ folder and the HTML report is available in the _SampleReports folder.Dependencies and installationPython 2.7 + androguard + jinja2 + play_scraper + argparseThe easiest way to setup everything: pip install androwarn and then directly use $ androwarnOr git clone that repository and pip install -r requirements.txtChangelogversion 1.5 – 2019/01/05: few fixesversion 1.4 – 2019/01/04: code cleanup and use of the latest androguard versionversion 1.3 – 2018/12/30: few fixesversion 1.2 – 2018/12/30: few fixesversion 1.1 – 2018/12/29: fixing few bugs, removing Chilkat dependencies and pip packagingversion 1.0 – from 2012 to 2013ContributingYou’re welcome, any help is appreciated :)ContactThomas Debize < tdebize at mail d0t com >Join #androwarn on FreenodeGreetingsStéphane Coulondre, for supervising my Final Year projectAnthony Desnos, for his amazing Androguard project and his help through my Final Year projectDownload Androwarn

Link: http://feedproxy.google.com/~r/PentestTools/~3/CXJc4Zacvso/androwarn-yet-another-static-code.html

UserLAnd – The Easiest Way To Run A Linux Distribution or Application on Android

The easiest way to run a Linux distribution or application on Android.Features:Run full linux distros or specific applications on top of Android.Install and uninstall like a regular app.No root required.Start using UserLAndThere are two ways to use UserLAnd: single-click apps and user-defined custom sessions.Using single-click apps:Click an app.Fill out the required information.You’re good to go!Using user-defined custom sessions:Define a session – This describes what filesystem you are going to use, and what kind of service you want to use when connecting to it (ssh or vnc).Define a filesystem – This describes what distribution of Linux you want to install.Once defined, just tap on the session to start up. This will download necessary assets, setup the filesystem, start the server, and connect to it. This will take several minutes for the first start up, but will be quicker afterwards.Managing PackagesDebian, Ubuntu, And Kali:-> Update: sudo apt-get update && sudo apt-get dist-upgrade-> Install Packages: sudo apt-get install -> Remove Packages: sudo apt-get remove <package name>Archlinux:-> Update: sudo pacman -Syu-> Install Packages: sudo pacman -S <package name>-> Remove Packages: sudo pacman -R <package name>Installing A DesktopDebian, Ubuntu, And Kali:-> Install Lxde: sudo apt-get install lxde (default desktop)-> Install X Server Client: Download on the Play store-> Launch XSDL-> In UserLAnd Type: export DISPLAY=:0 PULSE_SERVER=tcp:127.0.0.1:<PORT NUMBER>-> Then Type: startlxde-> Then Go Back To XSDL And The Desktop Will Show UpArchLinux:-> Install Lxde: sudo pacman -S lxde-> Install X Server Client: Download on the Play store-> Launch XSDL-> In UserLAnd Type: export DISPLAY=:0 PULSE_SERVER=tcp:127.0.0.1:<PORT NUMBER>-> Then Type: startlxde-> Then Go Back To XSDL And The Desktop Will Show UpBut you can do so much more than that. Your phone isn’t just a play thing any more! Have a bug report or a feature request?You can see the templates by visiting the issue center.You can also chat on slack.Want to contribute?See CONTRIBUTING document.Download UserLAnd

Link: http://feedproxy.google.com/~r/PentestTools/~3/Z6GCKCBT-sI/userland-easiest-way-to-run-linux.html