WPScan v3.3.1 – Black Box WordPress Vulnerability Scanner

WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites.INSTALLPrerequisites:Ruby >= 2.2.2 – Recommended: 2.3.3Curl >= 7.21 – Recommended: latest – FYI the 7.29 has a segfaultRubyGems – Recommended: latestFrom RubyGems:gem install wpscanFrom sources:Prerequisites: Gitgit clone https://github.com/wpscanteam/wpscancd wpscan/bundle install && rake installDockerPull the repo with docker pull wpscanteam/wpscanUsagewpscan –url blog.tld This will scan the blog using default options with a good compromise between speed and accuracy. For example, the plugins will be checked passively but their version with a mixed detection mode (passively + aggressively). Potential config backup files will also be checked, along with other interesting findings. If a more stealthy approach is required, then wpscan –stealthy –url blog.tld can be used. As a result, when using the –enumerate option, don’t forget to set the –plugins-detection accordingly, as its default is ‘passive’.For more options, open a terminal and type wpscan –help (if you built wpscan from the source, you should type the command outside of the git repo)The DB is located at ~/.wpscan/dbWPScan can load all options (including the –url) from configuration files, the following locations are checked (order: first to last):~/.wpscan/cli_options.json~/.wpscan/cli_options.ymlpwd/.wpscan/cli_options.jsonpwd/.wpscan/cli_options.ymlIf those files exist, options from them will be loaded and overridden if found twice.e.g:~/.wpscan/cli_options.yml:proxy: ‘’verbose: truepwd/.wpscan/cli_options.yml:proxy: ‘socks5://’url: ‘http://target.tld’Running wpscan in the current directory (pwd), is the same as wpscan -v –proxy socks5:// –url http://target.tldPROJECT HOMEhttps://wpscan.orgVULNERABILITY DATABASEhttps://wpvulndb.comDownload Wpscan

Link: http://feedproxy.google.com/~r/PentestTools/~3/TmfmR2gTAB0/wpscan-v331-black-box-wordpress.html

Munin – Online Hash Checker For Virustotal And Other Services

Munin is a online hash checker utility that retrieves valuable information from various online sourcesThe current version of Munin queries the following services:VirustotalMalshareHybridAnalysisNote: Munin is based on the script “VT-Checker", which has been maintained in the LOKI repository.Usageusage: munin.py [-h] [-f path] [-c cache-db] [-i ini-file] [-s sample-folder] [–comment] [-p vt-comment-prefix] [–download] [-d download_path] [–nocache] [–intense] [–retroverify] [-r num-results] [–nocsv] [–verifycert] [–sort] [–debug]Online Hash Checkeroptional arguments: -h, –help show this help message and exit -f path File to process (hash line by line OR csv with hash in each line – auto-detects position and comment) -c cache-db Name of the cache database file (default: vt-hash- db.pkl) -i ini-file Name of the ini file that holds the API keys -s sample-folder Folder with samples to process –comment Posts a comment for the analysed hash which contains the comment from the log line -p vt-comment-prefix Virustotal comment prefix –download Enables Sample Download from Hybrid Analysis. SHA256 of sample needed. -d download_path Output Path for Sample Download from Hybrid Analysis. Folder must exist –nocache Do not use cache database file –intense Do use PhantomJS to parse the permalink (used to extract user comments on samples) –retroverify Check only 40 entries with the same comment and therest at the end of the run (retrohunt verification) -r num-results Number of results to take as verification –nocsv Do not write a CSV with the results –verifycert Verify SSL/TLS certificates –sort Sort the input lines (useful for VT retrohunt results) –debug Debug outputFeaturesMODE A: Extracts hashes from any text file based on regular expressionsMODE B: Walks sample directory and checks hashes onlineRetrieves valuable information from Virustotal via API (JSON response) and other information via permalink (HTML parsing)Keeps a history (cache) to query the services only once for a hash that may appear multiple times in the text fileCached objects are stored in JSONCreates CSV file with the findings for easy post-processing and reportingAppends results to a previous CSV if availableDisplaysHash and comment (comment is the rest of the line of which the hash has been extracted)AV vendor matches based on a user defined listFilenames used in the wildPE information like the description, the original file name and the copyright statementSigner of a signed portable executableResult based on Virustotal ratioFirst and last submissionTags for certain indicators: Harmless, Signed, Expired, Revoked, MSSoftwareExtra ChecksQueries Malshare.com for sample uploadsQueries Hybrid-Analysis.com for present analysisImphash duplicates in current batch > allows you to spot overlaps in import table hashesGetting startedDownload / clone the repoInstall required packages: pip3 install -r requirements.txt (on macOS add –user)(optional: required for –intense mode) Download PhantomJS and place it in your $PATH, e.g. /usr/local/bin http://phantomjs.org/download.htmlSet the API key for the different services in the munin.ini fileUse the demo file for a first run: python munin.py -f munin-demo.txt –nocacheTypical Command LinesProcess a Virustotal Retrohunt result and sort the lines before checking so that matched signatures are checked in blockspython munin.py -f my.ini -f ~/Downloads/retro_huntProcess an IOC file and show who commented on these samples on Virustotal (uses PhantomJS, higher CPU usage)python munin.py -f my.ini -f ~/Downloads/misp-event-1234.csv –sort –intenseProcess a directory with samples and check their hashes onlinepython munin.py -f my.ini -s ~/malware/case34Get the API Keys used by MuninVirustotalCreate an account here https://www.virustotal.com/#/join-usCheck Profile > My API key for your public API keyMalshareRegister here https://malshare.com/register.phpHybrid AnalysisCreate an account here https://www.hybrid-analysis.com/signupAfter login, check Profile > API keyDownload Munin

Link: http://feedproxy.google.com/~r/PentestTools/~3/0Cc8y6zLvSQ/munin-online-hash-checker-for.html

RouterSploit v3.4.0 – Exploitation Framework For Embedded Devices

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.It consists of various modules that aids penetration testing operations:exploits – modules that take advantage of identified vulnerabilitiescreds – modules designed to test credentials against network servicesscanners – modules that check if a target is vulnerable to any exploitpayloads – modules that are responsible for generating payloads for various architectures and injection pointsgeneric – modules that perform generic attacksInstallationRequirementsRequired:futurerequestsparamikopysnmppycryptoOptional:bluepy – bluetooth low energyInstallation on Kali Linuxapt-get install python3-pipgit clone https://www.github.com/threat9/routersploitcd routersploitpython3 -m pip install -r requirements.txtpython3 rsf.pyBluetooth Low Energy support:apt-get install libglib2.0-devpython3 -m pip install bluepypython3 rsf.pyInstallation on Ubuntu 18.04 & 17.10sudo add-apt-repository universesudo apt-get install git python3-pipgit clone https://www.github.com/threat9/routersploitcd routersploitpython3 -m pip install -r requirements.txtpython3 rsf.pyBluetooth Low Energy support:apt-get install libglib2.0-devpython3 -m pip install bluepypython3 rsf.pyInstallation on OSXgit clone https://www.github.com/threat9/routersploitcd routersploitsudo python3 -m pip install -r requirements.txtpython3 rsf.pyRunning on Dockergit clone https://www.github.com/threat9/routersploitcd routersploitdocker build -t routersploit .docker run -it –rm routersploitUpdateUpdate RouterSploit Framework often. The project is under heavy development and new modules are shipped almost every day.cd routersploitgit pullDownload Routersploit

Link: http://www.kitploit.com/2018/10/routersploit-v340-exploitation.html

LibSSH Scanner – Script To Identify Hosts Vulnerable To CVE-2018-10933

This is a python based script to identify hosts vulnerable to CVE-2018-10933.The vulnerability is present on versions of libssh 0.6+ and was remediated by a patch present in libssh 0.7.6 and 0.8.4. For more details: https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/HelpCVE-2018-10933 Scanner – Find vulnerable libssh services by Leap Security (@LeapSecurity)optional arguments: -h, –help show this help message and exit -v, –version show program’s version number and exit -t TARGET, –target TARGET An ip address or new line delimited file containing IPs to banner grab for the vulnerability. -p PORT, –port PORT Set port of SSH serviceDownload Libssh-Scanner

Link: http://feedproxy.google.com/~r/PentestTools/~3/QmL8AcFG_pI/libssh-scanner-script-to-identify-hosts.html

Webroot WiFi Security: Expanding Our Commitment to Security & Privacy

Reading Time: ~3 min.For the past 20 years, Webroot’s technology has been driven by our dedication to protecting users from malware, viruses, and other online threats. The release of Webroot® WiFi Security—a new virtual private network (VPN) app for phones, computers, and tablets—is the next step in fulfilling our commitment to protect everyone’s right to be secure in […]
The post Webroot WiFi Security: Expanding Our Commitment to Security & Privacy appeared first on Webroot Blog.

Link: https://www.webroot.com/blog/2018/10/17/webroot-wifi-security-expanding-our-commitment-to-security-privacy/

SQLMap v1.2.10 – Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.FeaturesFull support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix database management systems.Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band.Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.Support to dump database tables entirely, a range of entries or specific columns as per user’s choice. The user can also choose to dump only a range of characters from each column’s entry.Support to search for specific database names, specific tables across all databases or specific columns across all databases’ tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns’ names contain string like name and pass.Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user’s choice.Support for database process’ user privilege escalation via Metasploit’s Meterpreter getsystem command.InstallationYou can download the latest tarball by clicking here or latest zipball by clicking here.Preferably, you can download sqlmap by cloning the Git repository:git clone –depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-devsqlmap works out of the box with Python version 2.6.x and 2.7.x on any platform.UsageTo get a list of basic options and switches use:python sqlmap.py -hTo get a list of all options and switches use:python sqlmap.py -hhYou can find a sample run here. To get an overview of sqlmap capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the user’s manual.DemoLinksHomepage: http://sqlmap.orgDownload: .tar.gz or .zipCommits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atomIssue tracker: https://github.com/sqlmapproject/sqlmap/issuesUser’s manual: https://github.com/sqlmapproject/sqlmap/wikiFrequently Asked Questions (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQTwitter: @sqlmapDemos: http://www.youtube.com/user/inquisb/videosScreenshots: https://github.com/sqlmapproject/sqlmap/wiki/ScreenshotsTranslationsBulgarianChineseCroatianFrenchGreekIndonesianItalianJapanesePortugueseSpanishTurkishDownload SQLMap v1.2.10

Link: http://www.kitploit.com/2018/10/sqlmap-v1210-automatic-sql-injection.html

Censys Subdomain Finder – Perform Subdomain Enumeration Using The Certificate Transparency Logs From Censys

This is a tool to enumerate subdomains using the Certificate Transparency logs stored by Censys. It should return any subdomain who has ever been issued a SSL certificate by a public CA.See it in action:$ python censys_subdomain_finder.py github.com[*] Searching Censys for subdomains of github.com[*] Found 42 unique subdomains of github.com in ~1.7 seconds – hq.github.com – talks.github.com – cla.github.com – github.com – cloud.github.com – enterprise.github.com – help.github.com – collector-cdn.github.com – central.github.com – smtp.github.com – cas.octodemo.github.com – schrauger.github.com – jobs.github.com – classroom.github.com – dodgeball.github.com – visualstudio.github.com – branch.github.com – www.github.com – edu.github.com – education.github.com – import.github.com – styleguide.github.com – community.github.com – server.github.com – mac-installer.github.com – registry.github.com – f.cloud.github.com – offer.github.com – helpnext.github.com – foo.github.com – porter.github.com – id.github.com – atom-installer.github.com – review-lab.github.com – vpn-ca.iad.github.com – maintainers.github.com – raw.github.com – status.github.com – camo.github.com – support.enterprise.github.com – stg.github.com – rs.github.comSetupRegister an account (free) on https://censys.io/registerBrowse to https://censys.io/account, and set two environment variables with your API ID and API secret$ export CENSYS_API_ID=…$ export CENSYS_API_SECRET=…Clone the repository$ git clone https://github.com/christophetd/censys-subdomain-finder.gitInstall the dependencies$ cd censys-subdomain-finder$ pip install -r requirements.txtRun the script on example.com to make sure everything works as expected.$ python censys_subdomain_finder.py example.com[*] Searching Censys for subdomains of example.com[*] Found 5 unique subdomains of example.com – products.example.com – www.example.com – dev.example.com – example.com – support.example.comUsageusage: censys_subdomain_finder.py [-h] [-o OUTPUT_FILE] [–censys-api-id CENSYS_API_ID] [–censys-api-secret CENSYS_API_SECRET] domainpositional arguments: domain The domain to scanoptional arguments: -h, –help show this help message and exit -o OUTPUT_FILE, –output OUTPUT_FILE A file to output the list of subdomains to (default: None) –censys-api-id CENSYS_API_ID Censys API ID. Can also be defined using the CENSYS_API_ID environment variable (default: None) –censys-api-secret CENSYS_API_SECRET Censys API secret. Can also be defined using the CENSYS_API_SECRET environment variable (default: None)CompatibilityShould run on Python 2.7 and 3.5.NotesThe Censys API has a limit rate of 120 queries per 5 minutes window. Each invocation of this tool makes exactly one API call to Censys.Feel free to open an issue or to tweet @christophetd for suggestions or remarks.Download Censys-Subdomain-Finder

Link: http://feedproxy.google.com/~r/PentestTools/~3/bPFQtNdU4Fw/censys-subdomain-finder-perform.html

EKFiddle v.0.8.2 – A Framework Based On The Fiddler Web Debugger To Study Exploit Kits, Malvertising And Malicious Traffic In General

A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general.InstallationDownload and install the latest version of Fiddlerhttps://www.telerik.com/fiddlerSpecial instructions for Linux and Mac here:https://www.telerik.com/blogs/fiddler-for-linux-beta-is-herehttps://www.telerik.com/blogs/introducing-fiddler-for-os-x-beta-1Enable C# scripting (Windows only)Launch Fiddler, and go to Tools -> OptionsIn the Scripting tab, change the default (JScript.NET) to C#.Change default text editor (optional)In the same Tools -> Options menu, click on the Tools tab.Windows: notepad.exe or notepad++.exeLinux: geditMac: /Applications/TextEdit.app or /Applications/TextWrangler.appClose FiddlerDownload or clone CustomRules.cs into the appropriate folder based on your operating system:Windows (7/10) C:\Users\[username]\Documents\Fiddler2\Scripts\ Ubuntu /home/[username]/Fiddler2/Scripts/ Mac /Users/[username]/Fiddler2/Scripts/ Finish up the installationStart Fiddler to complete the installation of EKFiddle. That’s it, you’re all set!FeaturesToolbar buttonsThe added toolbar buttons give you quick shortcuts to some of the main features:QuickSaveDumps current web sessions into a SAZ named (QuickSave-“MM-dd-yyyy-HH-mm-ss".saz) to EKFiddle\Captures.UI modeToggle between the default column view or extra columns with additional information (includes time stamp, server IP and type, method, etc.).VPNVPN GUI directly built into Fiddler. It uses the OpenVPN client on Windows and Linux with ovpn files (sigining up with commercial VPN provider may be required). It will open up a new terminal/xterm whenever it connects to a new server via the selected .ovpn config file, killing the previous to ensure only one TAP adapter is used at any given time.WindowsDownload and install OpenVPN in default directoryPlace your .ovpn files inside OpenVPN’s config folder.Linux (tested on Ubuntu 16.04)sudo apt-get install openvpnPlace your .ovpn files in /etc/openvpn.ProxyAllows you to connect to an upstream proxy (HTTP/s or SOCKS).Import SAZ/PCAPA shortcut to load SAZ (Fiddler’s native format) or PCAP (i.e. from Wireshark) captures.View/Edit RegexesView and create your custom regular expressions. Note: a master list is provided with auto-updates via GitHub. Additionally the custom list lets you create your own rules.There are 4 types of indicators to match on:URI (full or partial URI match)IP (Single IP address or IP range)SourceCode (Response Body)Headers (any value within a Response’s Headers)Syntax:Important! Fields are TAB delimitedURI My_URI_rule [a-z0-9]{2} Match URIIP My_IP_address_rule 5\.154\.191\.67 Match static IP addressIP My_IP_address_rule 5\.154\.191\.(6[0-9]|70) Match an IP rangeSourceCode My_sourcecode_rule vml=1 Look for specific stringHeaders My_headers_rule nginx Look for specific stringRun RegexesRun the master and custom regular expressions against current web sessions.Clear MarkingsClear any comment and colour highlighting in the currently loaded sessions.ContextAction menuThe ContextAction menu (accessed by right-clicking on any session(s) allows you to perform additional commands on selected sections. This can be very helpful to do quick lookups, compute hashes or extract IOCs.Hostname or IP address (Google Search, RiskIQ, URLQuery, RiskIQ)Query the hostname for the currently selected session.URIBuild RegexCreate a regular expression from the currently selected URI. This action opens up a regex website and the URI is already in the clipboard, ready to be pasted into the query field.Open in… Internet Explorer, Chrome, Firefox, EdgeThis opens up the URI with the browser you selected.Response BodyRemove encodingDecodes the currently selected sessions (from their basic encoding).Build RegexCreate a regular expression from the currently selected session’s source code. This action opens up a regex website and the URI is already in the clipboard, ready to be pasted into the query field.Calculate MD5/SHA256 hashGet the current session’s body and computes its hash.Hybrid Analysis / VirusTotal lookupChecks the current session’s body for hash, then look up that hash.Extract to DiskDownloads the currently selection session(s)’s body to disk, into the ‘Artifacts’ folder.Extract IOCsCopies into memory basic information from selected sessions so that they can be shared as IOCs. Extract Coinhive site keysConnect-the-dotsAllows you to identify the sequence of events between sessions. Right-clik on the session you are interested in retracing your steps to and simply ‘connect the dots’. It will label the sequence of events from 01, to n within the comments column. You can reorder that column to have a condensed view of the sequence.Crawler (experimental)Load a list of URLs from a text file and let the browser automically visit them. Tools -> Crawler (experimental) -> Start crawler May require some tweaks in your browser’s settings, in particular with regards to crash recovery.Uninstalling EKFiddleDelete CustomRules.csDownload EKFiddle

Link: http://feedproxy.google.com/~r/PentestTools/~3/gKB5SbwjRek/ekfiddle-v082-framework-based-on.html