Kali Linux 2018.3 Release – Penetration Testing and Ethical Hacking Linux Distribution

Kali 2018.3 brings the kernel up to version 4.17.0 and while 4.17.0 did not introduce many changes, 4.16.0 had a huge number of additions and improvements including more Spectre and Meltdown fixes, improved power management, and better GPU support.New Tools and Tool UpgradesSince our last release, we have added a number of new tools to the repositories, including:idb – An iOS research / penetration testing toolgdb-peda – Python Exploit Development Assistance for GDBdatasploit – OSINT Framework to perform various recon techniqueskerberoast – Kerberos assessment toolsIn addition to these new packages, we have also upgraded a number of tools in our repos including aircrack-ng, burpsuite, openvas,wifite, and wpscan.For the complete list of updates, fixes, and additions, please refer to the Kali Bug Tracker Changelog.Download Kali Linux 2018.3If you would like to check out this latest and greatest Kali release, you can find download links for ISOs and Torrents on the Kali Downloads page along with links to the Offensive Security virtual machine and ARM images, which have also been updated to 2018.3. If you already have a Kali installation you’re happy with, you can easily upgrade in place as [email protected]:~# apt update && apt -y full-upgradeIf you come across any bugs in Kali, please open a report on our bug tracker. It’s more than a little challenging to fix what we don’t know about.Making sure you are up-to-dateTo double check your version, first make sure your network repositories is [email protected]:~# cat

Link: http://feedproxy.google.com/~r/PentestTools/~3/dF6YCwcpz4s/kali-linux-20183-release-penetration.html

DorkMe – Tool Designed With The Purpose Of Making Easier The Searching Of Vulnerabilities With Google Dorks

DorkMe is a tool designed with the purpose of making easier the searching of vulnerabilities with Google Dorks, such as SQL Injection vulnerabilities.DorkMe is a tool designed with the purpose of making easier the searching of vulnerabilities with Google Dorks, such as SQL Injection vulnerabilities.Dependencies pip install -r requirements.txtIt is highly recommended to add more dorks for an effective search, keep reading to see howUsagepython DorkMe.py –helpExamples:python DorkMe.py –url target.com –dorks vulns -v (recommended for test)python DorkMe.py –url target.com –dorks Deprecated,Info -v (multiple dorks)python DorkMe.py –url target.com –dorks all -v (test all)AboutDorkMe is a tool designed with the purpose of making easier the searching of vulnerabilities with Google Dorks, such as SQL Injection vulnerabilities.Any idea, failure etc please report to telegram: blueudpdork folder contains -> dorks to search, result folder contains -> results of DorkMe executionTested in ParrotOS and Kali Linux 2.0Beta VersionRemember DorkMe is beta, to avoid bans DorkMe wait about 1 minute on each request and 3 minutes every 100 requestsAdd DorksIf you want to add new dorks put it in one of the files in the dorks folder (preferable in its category), if it is not, you can add it to mydorks.txt. to add it: in the first line add the dork, in the second the severity: high , medium or low, and finally its description, look at the other files to do it correctlyEXAMPLE:inurl:php?id= [enter]high [enter]SQLi [enter](space)another dorkContact:Telegram: blueudpTwitter: https://twitter.com/blueudpDownload DorkMe

Link: http://feedproxy.google.com/~r/PentestTools/~3/sfavhb6w1YA/dorkme-tool-designed-with-purpose-of.html

Fluxion – WPA/WPA2 Security Hacked Without Brute Force

Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with (hopefully) less bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. It’s compatible with the latest release of Kali (rolling). Fluxion’s attacks’ setup is mostly manual, but experimental auto-mode handles some of the attacks’ setup parameters. Read the FAQ before requesting issues.If you need quick help, fluxion is also avaible on gitter. You can talk with us on Gitter or on Discord.InstallationRead here before you do the following steps.Download the latest revisiongit clone –recursive [email protected]:FluxionNetwork/fluxion.git Switch to tool’s directorycd fluxion Run fluxion (missing dependencies will be auto-installed)./fluxion.shFluxion is also available in archcd bin/archmakepkgor using the blackarch repopacman -S fluxionChangelogFluxion gets weekly updates with new features, improvements, and bugfixes. Be sure to check out the changelog here.How it worksScan for a target wireless network. Launch the Handshake Snooper attack. Capture a handshake (necessary for password verification). Launch Captive Portal attack. Spawns a rogue (fake) AP, imitating the original access point. Spawns a DNS server, redirecting all requests to the attacker’s host running the captive portal. Spawns a web server, serving the captive portal which prompts users for their WPA/WPA2 key. Spawns a jammer, deauthenticating all clients from original AP and lureing them to the rogue AP. All authentication attempts at the captive portal are checked against the handshake file captured earlier. The attack will automatically terminate once a correct key has been submitted. The key will be logged and clients will be allowed to reconnect to the target access point. For a guide to the Captive Portal attack, read the Captive Portal attack guide RequirementsA Linux-based operating system. We recommend Kali Linux 2 or Kali rolling. Kali 2 & rolling support the latest aircrack-ng versions. An external wifi card is recommended.Related workFor development I use vim and tmux. Here are my dotfilesCreditsl3op – contributordlinkproto – contributorvk496 – developer of linsetDerv82 – @Wifite/2Princeofguilty – @webpages and @buteforcePhotos for wiki @http://www.kalitutorials.netOns Ali @wallpaperPappleTec @sitesMPX4132 – Fluxion V3DisclaimerAuthors do not own the logos under the /attacks/Captive Portal/sites/ directory. Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for “fair use" for purposes such as criticism, comment, news reporting, teaching, scholarship, and research. The usage of Fluxion for attacking infrastructures without prior mutual consent could be considered an illegal activity, and is highly discouraged by its authors/developers. It is the end user’s responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program. NoteBeware of sites pretending to be related with the Fluxion Project. These may be delivering malware. Fluxion DOES NOT WORK on Linux Subsystem For Windows 10, because the subsystem doesn’t allow access to network interfaces. Any Issue regarding the same would be Closed Immediately LinksFluxion website: https://fluxionnetwork.github.io/fluxion/ Discord: https://discordapp.com/invite/G43gptk Gitter: https://gitter.im/FluxionNetwork/Lobby Download Fluxion

Link: http://feedproxy.google.com/~r/PentestTools/~3/3tS5FCN0p6Q/fluxion-wpawpa2-security-hacked-without.html

StegCracker – Steganography Brute-Force Utility To Uncover Hidden Data Inside Files

Steganography brute-force utility to uncover hidden data inside files.UsageUsing stegcracker is simple, pass a file to it as it’s first parameter and optionally pass the path to a wordlist of passwords to try as it’s second parameter. If this is not set it will default to the rockyou.txt password file which ships with Kali Linux or can be downloaded here.$ stegcracker [<wordlist>]InstallationTo install the program, follow these steps:$ sudo apt-get install steghide -y$ sudo curl https://raw.githubusercontent.com/Paradoxis/StegCracker/master/stegcracker > /bin/stegcracker$ sudo chmod +x /bin/stegcrackerDownload StegCracker

Link: http://feedproxy.google.com/~r/PentestTools/~3/53UjPDtT0NY/stegcracker-steganography-brute-force.html

OWTF v2.4 – Offensive Web Testing Framework

OWASP OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST so that pentesters will have more time toSee the big picture and think out of the boxMore efficiently find, verify and combine vulnerabilitiesHave time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessionsPerform more tactical/targeted fuzzing on seemingly risky areasDemonstrate true impact despite the short timeframes we are typically given to test.The tool is highly configurable and anybody can trivially create simple plugins or add new tests in the configuration files without having any development experience.Note: This tool is however not a silverbullet and will only be as good as the person using it: Understanding and experience will be required to correctly interpret tool output and decide what to investigate further in order to demonstrate impact.RequirementsOWTF is developed on KaliLinux and macOS but it is made for Kali Linux (or other Debian derivatives)OWTF supports both Python2 and Python3.InstallationRecommended:Using a virtualenv is highly recommended!pip install git+https://github.com/owtf/owtf#egg=owtfor clone the repo andpython setup.py installIf you want to change the database password in the Docker Compose setup, edit the environment variables in the docker-compose.yml file. If you prefer to override the environment variables in a .env file, use the file name owtf.env so that Docker Compose knows to include it.To run OWTF on Windows or MacOS, OWTF uses Docker Compose. You need to have Docker Compose installed (check by docker-compose -v). After installing Docker Compose, simply run docker-compose up and open localhost:8009 for the OWTF web interface.Install on OSXDependencies: Install Homebrew (https://brew.sh/) and follow the steps given below:$ virtualenv $ source <venv name>/bin/activate $ brew install coreutils gnu-sed openssl # We need to install ‘cryptography’ first to avoid issues $ pip install cryptography –global-option=build_ext –global-option=”-L/usr/local/opt/openssl/lib" –global-option="-I/usr/local/opt/openssl/include" $ git clone <this repo> $ cd owtf $ python setup.py install # Run OWTF! $ owtf FeaturesResilience: If one tool crashes OWTF, will move on to the next tool/test, saving the partial output of the tool until it crashed.Flexible: Pause and resume your work.Tests Separation: OWTF separates its traffic to the target into mainly 3 types of plugins:Passive : No traffic goes to the targetSemi Passive : Normal traffic to targetActive: Direct vulnerability probingExtensive REST API.Has almost complete OWASP Testing Guide(v3, v4), Top 10, NIST, CWE coverage.Web interface: Easily manage large penetration engagements easily.Interactive report:Automated plugin rankings from the tool output, fully configurable by the user.Configurable risk rankingsIn-line notes editor for each plugin.LinksProject homepageIRCWikiSlack and join channel #project-owtfUser DocumentationYoutube channelSlideshareBlogScreenshotsDownload OWTF

Link: http://feedproxy.google.com/~r/PentestTools/~3/QhjPP8mfh-A/owtf-v24-offensive-web-testing-framework.html

Kali Linux commands – A to Z Commands

Kali Linux is a known operating system for digital forensics and penetration testing people. It is Debian-derived Linux distribution maintained and funded by Offensive Security Ltd. This OS comes with over 600 penetration-testing programs including Wireshark, Aircrack-ng, John the Ripper, nmap and more. So, it is good for beginners as well. If you are starting, […]
The post Kali Linux commands – A to Z Commands appeared first on UseThisTip.

Link: http://feedproxy.google.com/~r/blogspot/csAFg/~3/Nqyv9RKbS4k/kali-linux-commands-a-to-z-commands.html

Sn1per v5.0 – Automated Pentest Recon Scanner

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes.SN1PER PROFESSIONAL FEATURES:Professional reporting interfaceSlideshow for all gathered screenshotsSearchable and sortable DNS, IP and open port databaseCategorized host reportsQuick links to online recon tools and Google hacking queriesPersonalized notes field for each hostDEMO VIDEO:SN1PER COMMUNITY FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via NMap port scanning Automatically brute forces sub-domains, gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted NMap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS ciphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all web sites Create individual workspaces to store all scan outputAUTO-PWN:Drupal Drupalgedon2 RCE CVE-2018-7600GPON Router RCE CVE-2018-10561Apache Struts 2 RCE CVE-2017-5638Apache Struts 2 RCE CVE-2017-9805Apache Jakarta RCE CVE-2017-5638Shellshock GNU Bash RCE CVE-2014-6271HeartBleed OpenSSL Detection CVE-2014-0160Default Apache Tomcat Creds CVE-2009-3843MS Windows SMB RCE MS08-067Webmin File Disclosure CVE-2006-3392Anonymous FTP AccessPHPMyAdmin Backdoor RCEPHPMyAdmin Auth BypassJBoss Java De-Serialization RCE’sKALI LINUX INSTALL:./install.shDOCKER INSTALL:Credits: @menzowDocker Install: https://github.com/menzow/sn1per-dockerDocker Build: https://hub.docker.com/r/menzo/sn1per-docker/builds/bqez3h7hwfun4odgd2axvn4/Example usage:$ docker pull menzo/sn1per-docker$ docker run –rm -ti menzo/sn1per-docker sniper menzo.ioUSAGE:[*] NORMAL MODEsniper -t|–target [*] NORMAL MODE + OSINT + RECONsniper -t|–target <TARGET> -o|–osint -re|–recon[*] STEALTH MODE + OSINT + RECONsniper -t|–target <TARGET> -m|–mode stealth -o|–osint -re|–recon[*] DISCOVER MODEsniper -t|–target <CIDR> -m|–mode discover -w|–workspace <WORSPACE_ALIAS>[*] SCAN ONLY SPECIFIC PORTsniper -t|–target <TARGET> -m port -p|–port <portnum>[*] FULLPORTONLY SCAN MODEsniper -t|–target <TARGET> -fp|–fullportonly[*] PORT SCAN MODEsniper -t|–target <TARGET> -m|–mode port -p|–port <PORT_NUM>[*] WEB MODE – PORT 80 + 443 ONLY!sniper -t|–target <TARGET> -m|–mode web[*] HTTP WEB PORT MODEsniper -t|–target <TARGET> -m|–mode webporthttp -p|–port <port>[*] HTTPS WEB PORT MODEsniper -t|–target <TARGET> -m|–mode webporthttps -p|–port <port>[*] ENABLE BRUTEFORCEsniper -t|–target <TARGET> -b|–bruteforce[*] AIRSTRIKE MODEsniper -f|–file /full/path/to/targets.txt -m|–mode airstrike[*] NUKE MODE WITH TARGET LIST, BRUTEFORCE ENABLED, FULLPORTSCAN ENABLED, OSINT ENABLED, RECON ENABLED, WORKSPACE & LOOT ENABLEDsniper -f–file /full/path/to/targets.txt -m|–mode nuke -w|–workspace <WORKSPACE_ALIAS>[*] ENABLE LOOT IMPORTING INTO METASPLOITsniper -t|–target <TARGET>[*] LOOT REIMPORT FUNCTIONsniper -w <WORKSPACE_ALIAS> –reimport[*] UPDATE SNIPERsniper -u|–updateMODES:NORMAL: Performs basic scan of targets and open ports using both active and passive checks for optimal performance.STEALTH: Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking.AIRSTRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IPs that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.NUKE: Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke.DISCOVER: Parses all hosts on a subnet/CIDR (ie. and initiates a sniper scan against each host. Useful for internal network scans.PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.FULLPORTONLY: Performs a full detailed port scan and saves results to XML.WEB: Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.WEBPORTHTTP: Launches a full HTTP web application scan against a specific host and port.WEBPORTHTTPS: Launches a full HTTPS web application scan against a specific host and port.UPDATE: Checks for updates and upgrades all components used by sniper.REIMPORT: Reimport all workspace files into Metasploit and reproduce all reports.RELOAD: Reload the master workspace report.SAMPLE REPORT:https://gist.github.com/1N3/8214ec2da2c91691bcbcDownload Sn1per v5.0

Link: http://feedproxy.google.com/~r/PentestTools/~3/Z_yHqaJ_y1U/sn1per-v50-automated-pentest-recon.html

Optiva Framework – Web Application Scanner

You can use this Framework on your website to check the security of your website by finding the vulnerability in your website or you can use this tool to Get admin panel search SQL injection by dork As well as collecting information and encrypting Hash.Features: Infromation Modules : Port Scanner Whois Lookup Reverse IP Domain Lookup HTTP Header Domain Lookup Iplocator Retrieve Ip Geolocation Info Hash Modules : Md5 Encode Text Sha1 Encode Text SHA256 Encode Text SHA384 Encode Text SHA512 Encode Text Scanner Modules : Cross Site Scripting (XSS) SQL Injection Scanner (SQL) Dork Search SQL Injection Vuln Remote Code Execution Scanner (RCE) Website Admin Panel Scanner Finder Installation Linux:$ git clone https://github.com/joker25000/Optiva-Framework$ cd Optiva-Framework$ chmod +x installer.sh$ ./installer.sh$ Type In Terminal$ optivaInstallation Windows:$ cd Optiva-Framework$ pip install termcolor$ pip install requests$ pip install mechanize$ run optiva :$ python optiva.pyInstallation Termux (No Root):$ apt install git$ git clone https://github.com/joker25000/Optiva-Framework$ cd Optiva-Framework$ chmod +x installer.sh$ bash installer.sh$ Select the 3 option termux and press enter$ run optiva :$ python2 optiva.pyScreenshot :Full video tutorial:Video Termux tutorial:About :$ Twitter : https://twitter.com/SecurityJokerDownload Optiva-Framework

Link: http://feedproxy.google.com/~r/PentestTools/~3/nOlskXv7XxA/optiva-framework-web-application-scanner.html

Airba.sh – A POSIX-compliant, Fully Automated WPA PSK Handshake Capture Script Aimed At Penetration Testing

Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing. It is compatible with Bash and Android Shell (tested on Kali Linux and Cyanogenmod 10.2) and uses aircrack-ng to scan for clients that are currently connected to access points (AP). Those clients are then deauthenticated in order to capture the handshake when attempting to reconnect to the AP. Verification of a captured handshake is done using aircrack-ng. If one or more handshakes are captured, they are entered into an SQLite3 database, along with the time of capture and current GPS data (if properly configured).After capture, the database can be tested for vulnerable router models using crackdefault.sh. It will search for entries that match the implemented modules, which currently include algorithms to compute default keys for Speedport 500-700 series, Thomson/SpeedTouch and UPC 7 digits (UPC1234567) routers.RequirementsWiFi interface in monitor mode aircrack-ng SQLite3 openssl for compilation of modules (optional) wlanhc2hcx from hcxtoolsIn order to log GPS coordinates of handshakes, configure your coordinate logging software to log to .loc/*.txt (the filename can be chosen as desired). Airbash will always use the output of cat “$path$loc"*.txt 2>/dev/null | awk ‘NR==0; END{print}’, which equals to reading all .txt files in .loc/ and picking the second line. The reason for this way of implementation is the functionality of GPSLogger, which was used on the development device.Calculating default keysAfter capturing a new handshake, the database can be queried for vulnerable router models. If a module applies, the default keys for this router series are calculated and used as input for aircrack-ng to try and recover the passphrase.Compiling ModulesThe modules for calculating Thomson/SpeedTouch and UPC1234567 (7 random digits) default keys are included in src/Credits for the code go to the authors Kevin Devine and [email protected] Linux:gcc -fomit-frame-pointer -O3 -funroll-all-loops -o modules/st modules/stkeys.c -lcryptogcc -O2 -o modules/upckeys modules/upc_keys.c -lcryptoIf on Android, you may need to copy the binaries to /system/xbin/ or to another directory where binary execution is allowed.UsageRunning install.sh will create the database, prepare the folder structure and create shortlinks to both scripts which can be moved to a directory that is on $PATH to allow execution from any location.After installation, you may need to manually adjust INTERFACE on line 46 in airba.sh. This will later be determined automatically, but for now the default is set to wlan0, to allow out of the box compatibility with bcmon on Android../airba.sh starts the script, automatically scanning and attacking targets that are not found in the database. ./crackdefault.sh attempts to break known default key algorithms.To view the database contents, run sqlite3 .db.sqlite3 "SELECT * FROM hs" in the main directory.Update (Linux only … for now):Airbash can be updated by executing update.sh. This will clone the master branch into /tmp/ and overwrite the local files.Output_n: number of access points found__c/m: represents client number and maximum number of clients found, respectively-: access point is blacklistedx: access point already in database?: access point out of range (not visible to airodump anymore)The DatabaseThe database contains a table called hs with seven columns.id: incrementing counter of table entrieslat and lon: GPS coordinates of the handshake (if available)bssid: MAC address of the access pointessid: Name identifierpsk: WPA Passphrase, if knownprcsd: Flag that gets set by crackdefault.sh to prevent duplicate calculation of default keys if a custom passphrase was used.Currently, the SQLite3 database is not password-protected.Download Airbash

Link: http://feedproxy.google.com/~r/PentestTools/~3/JyoSXbI3rdM/airbash-posix-compliant-fully-automated.html

Complete Hacking Tools in Kali Linux – 75% Flat OFF

As networking attacks are rapidly increasing that…

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Link: http://feedproxy.google.com/~r/ehacking/~3/bziJtIwQSrE/complete-hacking-tools-in-kali-linux-75.html