Parrot Security 4.5 – Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Parrot 4.5 is officially released, and there are some major changes under the hood, powered by the long-term supported Linux 4.19 kernel series, preparing the project for the upcoming Parrot 5.0 LTS release. For future releases, Parrot Security plans to a support two kernels, stable kernel and a testing kernel.Parrot 4.5 also comes with the latest Metasploit 5.0 penetration testing framework, which introduces major features like new evasion modules, a new search engine, a json-rpc daemon, integrated web services, and support for writting shellcode in C.This release improves the metapackages for developers,  making it a lot easier to set up an advanced development environment for multiple frameworks and programming languages. These include parrot-devel, parrot-devel-tools, and parrot-devel-extra.Parrot 4.5 drops support for 32-bit computersOn the other side, Parrot 4.5 is the first release of the ethical hacking operating system to no longer ship with installation or live images for older, 32-bit only computers. With this, Parrot joins the growing trend of GNU/Linux distributions dropping 32-bit images. However, the developers noted the fact that they will continue to support the 32-bit architecture with updates through the official software repositories for existing users.Better Dev ToolsThere are updates in metapackages for developers, and setting up an advanced development environment for several programming languages and frameworks is now easier than ever:parrot-develIt is pre-installed in Parrot 4.5 and provides the following tools:vscodium – an advanced and extensible text editor.zeal – an offline documentation downloader and browser.git-cola – a graphic client to GIT.meld – a graphic patch inspector.tora – a graphic database frontend compatible with several database backends.These packages are included in the metapackage by using the “Recommends” apt directive, and they can be removed individually without triggering the removal of the whole parrot-devel metapackage.The metapackage also recommends the installation of parrot-devel-tools.sudo apt updatesudo apt install parrot-develparrot-devel-toolsIt is recommended by parrot-devel and pre-installed in Parrot Security. It provides some useful compilers and interpreters for the most used languages and provides the following packages:GCC/G++ – a compiler collection for C, C++ and other languages.python3 – the cpython interpreter for the python 3.6 and 3.7 language.ruby – the official ruby lang interpreter and basic toolkit (includes irb and ri as well).The package also recommends the following packages, that can be safely removed without triggering the removal of the entire parrot-devel-tools metapackage:default-jdk – the latest Java OpenJDK distribution for Java 11 (both JDK and JRE).cython3 – a compiler for the cython language, a strongly-typed dialect of python for efficient code.rust/cargo – the rust compiler and devel tools and its package management system.valac – the vala c compiler.mono-devel – the development tools for the MONO framework, an open source implementation of .net.mono-runtime – the runtime of the MONO framework compatible and interoperable with the latest .net runtime.php-cli – the PHP 7.3 language plus its command line interface and some useful core libraries.perl6 – the PERL 6 interpreter and core libraries.sudo apt updatesudo apt install parrot-devel-tools parrot-devel-extraThe parrot-devel-extra metapackage is a quick way to install many additional development utilities like advanced IDEs, additional languages, debuggers and extra tools.golang – go language compiler and runtimenodejs – node.js frameworknpm – node.js package manageratom – advanced and extensible editor by githubqtcreator – powerful C, C++ and Qt/QML IDE and debugger.kdevelop – advanced general purpose IDE by KDE.edb-debugger – graphical debugger.jad – Java decompiler.nasm – powerful general purpose x86 assembler.radare2 – advanced command line hexadecimal editor.cmake – cross-platform, open-source make system.valgrind – nstrumentation framework for building dynamic analysis tools.devscripts/build-essential – useful development utilities for debian developers/maintainers.sudo apt updatesudo apt install parrot-devel-extraDownload Parrot Security 4.5

Link: http://feedproxy.google.com/~r/PentestTools/~3/xXnhQTKJewU/parrot-security-45-security-gnulinux.html

Aztarna – A Footprinting Tool For Robots

This repository contains Alias Robotics’ aztarna, a footprinting tool for robots.Alias Robotics supports original robot manufacturers assessing their security and improving their quality of software. By no means we encourage or promote the unauthorized tampering with running robotic systems. This can cause serious human harm and material damages.For ROSA list of the ROS nodes present in the system (Publishers and Subscribers)For each node, the published and subscribed topis including the topic typeFor each node, the ROS services each of the nodes offerA list of all ROS parameters present in the Parameter ServerA list of the active communications running in the system. A single communication includes the involved publiser/subscriber nodes and the topicsFor SROSDetermining if the system is a SROS master.Detecting if demo configuration is in use.A list of the nodes found in the system. (Extended mode)A list of allow/deny policies for each node.Publishable topics.Subscriptable topics.Executable services.Readable parameters.For Industrial routersDetecting eWON, Moxa, Sierra Wireless and Westermo industrial routers.Default credential checking for found routers.InstallingFor productionDirecly from PyPipip3 install aztarnaor from the repository:pip3 install .For developmentpip3 install -e .orpython3 setup.py developPython 3.7 and the setuptools package is required for installation.Install with dockerdocker build -t aztarna_docker .Code usage:usage: aztarna [-h] -t TYPE [-a ADDRESS] [-p PORTS] [-i INPUT_FILE] [-o OUT_FILE] [-e] [-r RATE] [–shodan] [–api-key API_KEY]Aztarnaoptional arguments: -h, –help show this help message and exit -t TYPE, –type TYPE Scan ROS, SROS hosts or Industrial routers -a ADDRESS, –address ADDRESS Single address or network range to scan. -p PORTS, –ports PORTS Ports to scan (format: 13311 or 11111-11155 or 1,2,3,4) -i INPUT_FILE, –input_file INPUT_FILE Input file of addresses to use for scanning -o OUT_FILE, –out_file OUT_FILE Output file for the results -e, –extended Extended scan of the hosts -r RATE, –rate RATE Maximum simultaneous network connections –shodan Use shodan for the scan types that support it. –api-key API_KEY Shodan API KeyRun the code (example input file):aztarna -t ROS -p 11311 -i ros_scan_s20.csvRun the code with Docker (example input file):docker run -v <host_path>:/root -it aztarna_docker -t ROS -p 11311 -i <input_file>Run the code (example single ip address):aztarna -t ROS -p 11311 -a 115.129.241.241Run the code (example subnet):aztarna -t ROS -p 11311 -a 115.129.241.0/24Run the code (example single ip address, port range):aztarna -t ROS -p 11311-11500 -a 115.129.241.241Run the code (example single ip address, port list):aztarna -t ROS -p 11311,11312,11313 -a 115.129.241.241Run the code (example piping directly from zmap):zmap -p 11311 0.0.0.0/0 -q | aztarna -t SROS -p 11311Run the code (example search for industrial routers in shodan)aztarna -t IROUTERS –shodan –api-key <yourshodanapikey>Run the code (example search for industrial routers in shodan, piping to file)aztarna -t IROUTERS –shodan –api-key <yourshodanapikey> -o routers.csvDownload Aztarna

Link: http://feedproxy.google.com/~r/PentestTools/~3/Q9CYfShlqRA/aztarna-footprinting-tool-for-robots.html

SharpWeb – .NET 2.0 CLR Project To Retrieve Saved Browser Credentials From Google Chrome, Mozilla Firefox And Microsoft Internet Explorer/Edge

SharpWeb is a .NET 2.0 CLR compliant project that can retrieve saved logins from Google Chrome, Firefox, Internet Explorer and Microsoft Edge. In the future, this project will be expanded upon to retrieve Cookies and History items from these browsers.UsageUsage: .\SharpWeb.exe arg0 [arg1 arg2 …]Arguments: all – Retrieve all Chrome, FireFox and IE/Edge credentials. full – The same as ‘all’ chrome – Fetch saved Chrome logins. firefox – Fetch saved FireFox logins. edge – Fetch saved Internet Explorer/Microsoft Edge logins.Example: Retrieve Edge and Firefox Credentials.\SharpWeb.exe edge firefoxExample: Retrieve All Saved Browser Credentials.\SharpWeb.exe allStanding on the Shoulders of GiantsThis project uses the work of @plainprogrammer and his work on a compliant .NET 2.0 CLR compliant SQLite parser, which can be found here. In addition, @gourk created a wonderful ASN parser and cryptography helpers for decrypting and parsing the FireFox login files. It uses a revised version of his work (found here) to parse these logins out. Without their work this project would not have come together nearly as quickly as it did.Download SharpWeb

Link: http://feedproxy.google.com/~r/PentestTools/~3/rfzjbjrQBAI/sharpweb-net-20-clr-project-to-retrieve.html