PortWitness – Tool For Checking Whether A Domain Or Its Multiple Sub-Domains Are Up And Running

PortWitness is a bash tool designed to find out active domain and subdomains of websites using port scanning. It helps penetration testers and bug hunters collect and gather information about active subdomains for the domain they are targeting.PortWitness enumerates subdomains using Sublist3r and uses Nmap alongwith nslookup to check for active sites.Active domain or sub-domains are finally stored in an output file.Using that Output file a user can directly start testing those sites.Sublist3r has also been integrated with this module.It’s very effective and accurate when it comes to find out which sub-domains are active using Nmap and nslookup.This tool also helps a user in getting the ip addresses of all sub-domains and stores then in a text file , these ip’s can be used for further scanning of the target.Installationgit clone https://github.com/viperbluff/PortWitness.gitBASHThis tool has been created using bash scripting so all you require is a linux machine.Usagebash portwitness.sh urlDownload PortWitness

Link: http://feedproxy.google.com/~r/PentestTools/~3/64vEXpJnyLU/portwitness-tool-for-checking-whether.html

Cookiescanner – Tool For Check The Cookie Flag In Multiple Sites

Tool for check the cookie flag in multiple sites.IntroTool created to do more easy the process of check the cookie flag when we are analyzing multiple web servers.If you want to know for why could be useful this tools?https://www.owasp.org/index.php/SecureFlag https://www.owasp.org/index.php/HttpOnly https://www.owasp.org/index.php/Testing_for_cookies_attributes_%28OTG-SESS-002%29UsageUsage: cookiescanner.py [options] Example: ./cookiescanner.py -i ips.txtOptions: -h, –help show this help message and exit -i INPUT, –input=INPUT File input with the list of webservers -u URL, –url=URL URL -f FORMAT, –format=FORMAT Output format (json, xml, csv, normal, grepable) -g GOOGLE, –google=GOOGLE Search in google by domain –nocolor Disable color (for the normal format output) -I, –info More info Performance: -t TIMEOUT Timeout of response -d DELAY Delay between requestsRequirementsrequests >= 2.8.1BeautifulSoup >= 4.2.1Install requirementspip3 install –upgrade -r requirements.txtAuthorManuel Mancera (sinkmanu@gmail.com/@sinkmanu)Download Cookiescanner

Link: http://feedproxy.google.com/~r/PentestTools/~3/qcuqJyITqto/cookiescanner-tool-for-check-cookie.html

MalPipe – Malware/IOC Ingestion And Processing Engine

MalPipe is a modular malware (and indicator) collection and processing framework. It is designed to pull malware, domains, URLs and IP addresses from multiple feeds, enrich the collected data and export the results.At this time, the following feeds are supported:VirusTotal (https://www.virustotal.com)MalShare (https://malshare.com/)BambenekFeeds (osint.bambenekconsulting.com/feeds/)FeodoBlockList (https://feodotracker.abuse.ch)Malc0deIPList (http://malc0de.com/)NoThinkIPFeeds (www.nothink.org/)OpenPhishURLs (https://openphish.com)TorNodes (https://torstatus.blutmagie.de)Getting StartedThese instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.InstallingDeployment of MalPipe requires installing the required python libraries and configuring the various modules.Python dependencies can be installed by running:pip install -r requirements.txtConfiguringFeedsAn example configuration is provided in config_example.json with settings to get started. This file contains a JSON object containing the required settings for each feed / processor / exporter. An description of a feeds settings are shown below:… “feeds": {… "MalShare": { "ENABLED" : true, "API_KEY" : "00000000000000000000000000000000000000000000000000000000000", "EXPORTERS" : ["DetailsPrinter", "JSONLog"], "PROCESSORS" : ["YaraScan", "DNSResolver"] },…As some feeds update daily, feeds can be in two forms: scheduled and active. Settings for when these should run is defined outside of the configuration in the individual modules.ProcessorsProcessors are used to enrich/standardize the collected. For example, data from VirusTotal contains yara results for each file collected, whereas MalShare does not. By adding, YaraScan to the PROCESSORS key, you can scan the files to also include this data.An example modules settings are below:… "processors": { … "YaraScan": { "ENABLED" : false, "RULES_PATH": "/yara_rules/Malware.yara" }, …Currently, the following processors have been implemented:ASNLookupDNSResolverFileTypeRDNSYaraScanExportersThe final components is exporters, these control where the data goes. These can be used to export collected data to a malware repository, a SIEM, JSON Log files or printed for the user. … "exporters": { … "JSONLog": { "ENABLED" : true, "PRETTY" : true, "LOG_PATH": "./temp/" }, …Currently, the following processors have been implemented:DetailsPrinterGenericWebStorageJSONLogLocalFileStorageRunningAfter setup, MalPipe can be run by using:python malpipe.pyDeveloping ModulesModules for MalPipe located under malpipe/ by type:FeedsProcessorsExportersCreating new modules is easy,Create Python ModuleMalPipe modules are defined as Python classes. Following is an example Module headerclass ModuleName(Processor): def __init__(self): md = ProcessorDescription( module_name="ModuleName", description="Description", authors=["Author Name"], version="VersionNumber" ) Processor.__init__(self, md) self.types = [‘ipaddresses’] self.parse_settings()Settings can be set by importing the configuration and set to class variables, shown below: from malpipe.config import CONFIG … self.yara_rule_path = CONFIG[‘processors’][self.get_module_name()][‘RULES_PATH’]Each processor is required to have a run function that is called by the feed.Add SettingsAfter creation of the module, settings need to be added to are config.json under the processors, feeds , or exporters key. If the new module is a processor or exporter, it will also need to be added to the associated feeds. An example is shown below: … "processors": { … "SuperNewModule": { "ENABLED" : true, "DOCOOLSTUFF": true }, … "feeds": { … "0DayMalwareFeed": { "ENABLED" : true, "EXPORTERS" : ["DetailsPrinter", "JSONLog"], "PROCESSORS" : ["SuperNewModule"] } …ContributingPlease report any problems by creating a issue or starting a pull request. If you have additional modules or features you would like to see, please consider opening an issue.AuthorsSilas Cutler – GitHub | Twitter |See also the list of contributors who participated in this project. Download MalPipe

Link: http://feedproxy.google.com/~r/PentestTools/~3/Zo3edExBymM/malpipe-malwareioc-ingestion-and.html

Eternal Check – Ip Vulnerability Check To Eternal Blue, Romance, Synergy & Champion

Ip Vulnerability Check To Eternal Blue, Romance, Synergy & Champion:Eternal CheckEternal Check verifies if an ip is vulnerable to the smb vulnerabilitiesEternal BlueEternal RomanceEternal championEternal synergyScreenshotsEternal Check Running (Video)Requirementsnmap winbind wine32 wget Aditional info in how to install wine 32bit on a 64bit machine : https://wiki.debian.org/Wine to know how to install wine32 on a 64bit machine Usageexample 1 : ./echeckexample 2 : ./echeck 192.68.2.56ImportantDo not expect much support or any at allLast Notes (References of these vulnerabilities)https://blogs.forcepoint.com/security-labs/evasions-used-shadow-brokers-tools-danderspritz-and-doublepulsar-part-2-2https://blogs.technet.microsoft.com/srd/2017/07/13/eternal-synergy-exploit-analysis/https://blogs.technet.microsoft.com/srd/2017/06/29/eternal-champion-exploit-analysis/https://en.wikipedia.org/wiki/EternalBlueDownload Eternal_Check

Link: http://feedproxy.google.com/~r/PentestTools/~3/Pz_0LMVf6uU/eternal-check-ip-vulnerability-check-to.html

RTA (Red Team Arsenal) – An Intelligent Scanner To Detect Security Vulnerabilities In Companies Layer 7 Assets

Red Team Arsenal is a web/network security scanner which has the capability to scan all company’s online facing assets and provide an holistic security view of any security anomalies. It’s a closely linked collections of security engines to conduct/simulate attacks and monitor public facing assets for anomalies and leaks.It’s an intelligent scanner detecting security anomalies in all layer 7 assets and gives a detailed report with integration support with nessus. As companies continue to expand their footprint on INTERNET via various acquisitions and geographical expansions, human driven security engineering is not scalable, hence, companies need feedback driven automated systems to stay put.InstallationSupported PlatformsRTA has been tested both on Ubuntu/Debian (apt-get based distros) and as well as Mac OS. It should ideally work with any linux based distributions with mongo and python installed (install required python libraries from install/py_dependencies manually).Prerequisites:There are a few packages which are necessary before proceeding with the installation:Git client: sudo apt-get install gitPython 2.7, which is installed by default in most systemsPython pip: sudo apt-get install python-pipMongoDB: Read the official installation guide to install it on your machine.Finally run python install/install.pyThere are also optional packages/tools you can install (highly recommended):Integrating Nessus:Integrating Nessus into Red Team Arsenal can be done is simple 3 steps:Download and install Nessus community edition (if you don’t have a paid edition). If you already have an installation (it can be remote installation as well), then go to step (2). Update the config file (present on the root directory of RTA) with Nessus URL, username and password. Create a nessus policy where you can configure the type of scans and plugins to run and name it RTA (Case sensitive – use full uppercase). Once the config file has the correct Nessus information (url, username, password), use the flag –nessus while running RTA to launch nessus scan over the entire subdomains gathered by RTA (one single scan initiated with all the subdomains gathered). Usage Short Form Long Form Description -u –url Domain URL to scan -v –verbose Enable the verbose mode and display results in realtime -n –nessus Launch a Nessus scan with all the subdomains -s –scraper Run scraper based on config keywords -h –help show the help message and exit Sample Outputa0xnirudh@exploitbox /RTA (master*) $ python rta.py –url “0daylabs.com" -v -s ____ _ _____ _ _ | _ \ ___ __| | |_ _|__ __ _ _ __ ___ / \ _ __ ___ ___ _ __ __ _| | | |_) / _ \/ _` | | |/ _ \/ _` | ‘_ ` _ \ / _ \ | ‘__/ __|/ _ \ ‘_ \ / _` | | | _ < __/ (_| | | | __/ (_| | | | | | | / ___ \| | \__ \ __/ | | | (_| | | |_| \_\___|\__,_| |_|\___|\__,_|_| |_| |_| /_/ \_\_| |___/\___|_| |_|\__,_|_|[i] Checking for Zonetransfer[i] Zone Transfer is not enabled[i] Checking for SPF records[+] SPF record lookups is good. Current value is: 9[-] Enumerating subdomains now for 0daylabs.com[-] Searching now in Baidu..[-] Searching now in Yahoo..[-] Searching now in Google..[-] Searching now in Bing..[-] Searching now in Ask..[-] Searching now in Netcraft..[-] Searching now in DNSdumpster..[-] Searching now in Virustotal..[-] Searching now in ThreatCrowd..[-] Searching now in SSL Certificates..[-] Searching now in PassiveDNS..[-] Total Unique Subdomains Found: 3blog.0daylabs.comwww.0daylabs.comtest.0daylabs.com[+] Verifying Subdomains and takeover options[+] Possible subdomain takeovers (Manual verification required): test.0daylabs.com[i] Verified and Analyzed Subdomains:[i] URL: blog.0daylabs.com[i] Wappalyzer: [u'jQuery', u'Varnish', u'Font Awesome', u'Twitter Bootstrap', u'Google Analytics', u'Google Font API', u'Disqus', u'Google AdSense'][i] Scraper Results[+] ShodanHostname: test.0daylabs.com IP: 139.59.63.111 Ports: 179Hostname: test.0daylabs.com IP: 139.59.63.111 Ports: 179[+] TwitterURL: https://twitter.com/tweetrpersonal9/status/832624003751694340 search string: 0daylabsURL: https://twitter.com/ratokeshi/status/823957535564644355 search string: 0daylabsNotificationsConfiguring Slack:RTA can also do push notifications to slack which includes the main scan highlight along with Nessus and other integrated scanner reports divided on the basis of severity.In your slack, create an incoming webhook and point it to the channel where you need the RTA to send the report. You can read more about creating incoming webhooks on slack documentation. In the config file, update the URL in the slack section with full URL (including https://) for the incoming webhook. Once slack is configured, you will automatically start getting reports on your configured slack channelRoadmapHere are couple of ideas which we have in mind to do going ahead with RTA. If you have any ideas/feature requests which is not listed below, feel free to raise an issue in github.Email the results once the scan is completed. Extend the current RTA API so that we can launch custom scans with required options via the API. Launch custom scans based on Wappalyzer results (eg: wpscan if wordpress is detected) Investigate and integrate more web security scanners including but not limited to Arachni, Wapiti, Skipfish and others ! JSON/XML output formatting for the RTA scan result. Improving the logic for Subdomain takeover. Multi threading support for faster scan comple. ContributorsAwesome people who built this project:Lead Developers:Anirudh Anand (@a0xnirudh)Project Contributors:Mohan KK (@MohanKallepalli)Ankur Bhargava (@_AnkurB)Prajal Kulkarni (@prajalkulkarni)Himanshu Kumar Das (@mehimansu)Special ThanksSublist3rDownload RTA

Link: http://feedproxy.google.com/~r/PentestTools/~3/MXF7YfYc5U8/rta-red-team-arsenal-intelligent.html

SMBrute – SMB Protocol Bruteforce

SMBrute is a program that can be used to bruteforce username and passwords of servers that are using SMB (Samba).Install SMBrute$ git clone https://github.com/m4ll0k/SMBrute.git smbrute$ cd smbrute$ pip3 install pysmb, humanfriendly$ python3 smbrute.pyUsage:$ python3 smbrute.py -h 188.10.73.147 _____ _____ _____ _ | __| | __ |___ _ _| |_ ___ |__ | | | | __ -| _| | | _| -_||_____|_|_|_|_____|_| |___|_| |___|SMBrute – SMB Protocol Bruteforce Version 0.1.0 Momo Outaadi (M4ll0k)—————————————-[+] Host 188.10.73.147 authentication disabled[+] Showing folders..————————————————| Name | Type | Comments |————————————————| Multimedia | 0 | System default share || Download | 0 | System default share || Recordings | 0 | System default share || Web | 0 | System default share || Public | 0 | System default share || homes | 0 | System default share || Archivio | 0 | || FTP | 0 | ftp || home | 0 | Home || Qsync | 0 | Qsync || IPC$ | 3 | IPC Service (NAS Server) |———————————————— Show Files:$ python3 smbrute.py -h 188.10.73.147 -f FTP _____ _____ _____ _ | __| | __ |___ _ _| |_ ___ |__ | | | | __ -| _| | | _| -_||_____|_|_|_|_____|_| |___|_| |___|SMBrute – SMB Protocol Bruteforce Version 0.1.0 Momo Outaadi (M4ll0k)—————————————-[+] Host 188.10.73.147 authentication disabled[+] Show FTP Files…———————————————————–| Filename | ReadOnly |———————————————————–| . | False || .. | False || mLog_27_8_17__23_00_01.csv | False || mLog_26_1_18__23_00_01.csv | False || mLog_23_1_18__23_00_01.csv | False || mLog_28_3_17__23_00_01.csv | False || mLog_21_6_17__23_00_01.csv | False |———————————————————– Bruteforce Login:$ python3 smbrute.py -h 2.35.69.44 _____ _____ _____ _ | __| | __ |___ _ _| |_ ___ |__ | | | | __ -| _| | | _| -_||_____|_|_|_|_____|_| |___|_| |___|SMBrute – SMB Protocol Bruteforce Version 0.1.0 Momo Outaadi (M4ll0k)—————————————-[-] Host 2.35.69.44 authentication enabled[!] Please set wordlist for bruteforcing$ python3 smbrute.py -h 2.35.69.44 -U user.txt -P pass.txt -t 10 _____ _____ _____ _ | __| | __ |___ _ _| |_ ___ |__ | | | | __ -| _| | | _| -_||_____|_|_|_|_____|_| |___|_| |___|SMBrute – SMB Protocol Bruteforce Version 0.1.0 Momo Outaadi (M4ll0k)—————————————-[-] Host 2.35.69.44 authentication enabled[+] Start bruteforcing…[+] Username: root Password: toor After found credentials:$ python3 smbrute.py -h 2.35.69.44 -u admin -p 1234 _____ _____ _____ _ | __| | __ |___ _ _| |_ ___ |__ | | | | __ -| _| | | _| -_||_____|_|_|_|_____|_| |___|_| |___|SMBrute – SMB Protocol Bruteforce Version 0.1.0 Momo Outaadi (M4ll0k)—————————————-[+] Host 2.35.69.44 authentication disabled[+] Showing folders..—————————————————————–| Name | Type | Comments |—————————————————————–| IPC$ | 3 | IPC Service (WDMyCloudEX2100) || Recycle Bin – Volume_1 | 0 | Recycle Bin Directories || serverconf | 0 | || deleghe2 | 0 | || prova | 0 | || ebcs_site | 0 | || deleghe | 0 | || confcatania2 | 0 | || backup | 0 | || doc | 0 | doc || ebcs | 0 | ebcs || foto | 0 | foto || pratiche | 0 | || TimeMachineBackup | 0 | || SmartWare | 0 | || Public | 0 | |—————————————————————–Download SMBrute

Link: http://feedproxy.google.com/~r/PentestTools/~3/f1YByMKZ44c/smbrute-smb-protocol-bruteforce.html

Sandcat Browser 6.0 – Pentest And Developer-Oriented Web Browser

Sandcat is a lightweight multi-tabbed web browser that combines the speed and power of Chromium and Lua. Sandcat comes with built-in live headers, an extensible user interface and command line console, resource viewer, and many other features that are useful for web developers and pen-testers and when you need to examine live web applications. For more details, visit http://www.syhunt.com/sandcat/. See also the docs directory and credits section below for a few more details about the Sandcat architecture.Directories/docs – Lua API documentation/packs – contents of uncompressed pack files/Common – common CSS, widgets and scripts package (Common.pak)/Resources – resources package (Resources.pak)/src – the main executable source and built-in resource files/core – user interface source/html – user interface resources (HTML)/lua – Lua API sourceDownloadCompiled binaries for Windows can be downloaded from the links below.6.0 64-bit6.0 32-bit6.0 32-bit with Pen-Tester Tools (included as part of Syhunt Community)CompilingFor compiling Sandcat, you will just need Catarinka and pLua.The entire Sandcat user interface is created during runtime, so there is no need to install third-party components in the IDE – you can just add the dependencies listed above to the library path and hit compile. It compiles under Delphi 10 Seattle down to XE2. If you are trying to compile it with Lazarus, let me know which errors you get – I will try to do the same soon.Some work is still needed before a Mac or Linux version materializes.ChangeLogRequest Viewer rewrite – with better display of requests and stability fixes.Disabled the Chromium’s XSS protection when in pentest mode.Simplified the tabbed UI – major tab code clean up and reorganization.Added drag and drop for items in the list editor.Fixed: occasional crash when extension called events of Lua objects.Additional stability.ContactTwitter: @felipedaragon, @syhuntEmail: felipe at syhunt.comIf you want to report a security bug, please see the docs\SECURITY.md file.Download Sandcat Browser 6.0

Link: http://feedproxy.google.com/~r/PentestTools/~3/rnAAp0-OqFM/sandcat-browser-60-pentest-and.html

Subfinder – Subdomain Discovery Tool That Can Discover Massive Amounts Of Valid Subdomains For Any Target

SubFinder is a subdomain discovery tool that uses various techniques to discover massive amounts of subdomains for any target. It has been aimed as a successor to the sublist3r project. SubFinder uses Passive Sources, Search Engines, Pastebins, Internet Archives, etc to find subdomains and then it uses a permutation module inspired by altdns to generate permutations and resolve them quickly using a powerful bruteforcing engine. It can also perform plain bruteforce if needed. The tool is highly customizable, and the code is built with a modular approach in mind making it easy to add functionalities and remove errors.Why?This project began it’s life as a Bug Bounty World slack channel discussion. @ice3man & @codingo were talking about how the cornerstone subdomain tool at the time, sublist3r, appeared to have been abandoned. The goal of this project was to make a low dependancy, manageable project in Go that would continue to be maintained over time. @Ice3man decided to rewrite the sublist3r project and posted about it. @codingo offered to contribute to the project and subfinder was born.FeaturesSimple and modular code base making it easy to contribute.Fast And Powerful Bruteforcing Module (In Development)Powerful Permutation generation engine. (In Development)Many Passive Data Sources (CertDB, CertSpotter, crtsh, DNSDumpster, FindSubdomains, Hackertarget, Netcraft, PassiveTotal, PTRArchive, SecurityTrails, Threatcrowd, VirusTotal)Internet Archives support for finding subdomains (In development)InstallThe installation is easy. Git clone the repo and run go build.go get github.com/ice3man543/subfinderTo configure it to work with certain services, you need to have an API key for them. These are the services that do not work without an API key.VirustotalPassivetotalSecurityTrailsPut these values in the config.json file and you should be good to go.If your $GOPATH is /home/go, make sure to place your config.json file in $GOPATH/bin folder or wherever you have the binary. Otherwise, it will not work.Download Subfinder

Link: http://feedproxy.google.com/~r/PentestTools/~3/Gscbz8mZ4bI/subfinder-subdomain-discovery-tool-that.html