Kage – Graphical User Interface For Metasploit Meterpreter And Session Handler

Kage (ka-geh) is a tool inspired by AhMyth designed for Metasploit RPC Server to interact with meterpreter sessions and generate payloads.For now it only supports windows/meterpreter & android/meterpreterGetting StartedPlease follow these instructions to get a copy of Kage running on your local machine without any problems.PrerequisitesMetasploit-framework must be installed and in your PATH:MsfrpcdMsfvenomMsfdbInstallingYou can install Kage binaries from here.for developersto run the app from source code:# Download source codegit clone https://github.com/WayzDev/Kage.git# Install dependencies and run kagecd Kageyarn # or npm installyarn run dev # or npm run dev# to build projectyarn run buildelectron-vue officially recommends the yarn package manager as it handles dependencies much better and can help reduce final build size with yarn clean.ScreenshotsVideo TutorialContactTwitter: @iFalahEmail: ifalah@protonmail.comCreditsMetasploit Framework – (c) Rapid7 Inc. 2012 (BSD License)http://www.metasploit.com/node-msfrpcd – (c) Tomas Gonzalez Vivo. 2017 (Apache License)https://github.com/tomasgvivo/node-msfrpcelectron-vue – (c) Greg Holguin. 2016 (MIT)https://github.com/SimulatedGREG/electron-vueThis project was generated with electron-vue@8fae476 using vue-cli. Documentation about the original structure can be found here.Download Kage

Link: http://feedproxy.google.com/~r/PentestTools/~3/tRooyJ9gO2o/kage-graphical-user-interface-for.html

Vuls – Vulnerability Scanner For Linux/FreeBSD, Agentless, Written In Go

Vulnerability scanner for Linux/FreeBSD, agentless, written in golang.Twitter: @vuls_enDEMOAbstractFor a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrator to choose not to use the automatic update option provided by package manager and to perform update manually. This leads to the following problems.System administrator will have to constantly watch out for any new vulnerabilities in NVD(National Vulnerability Database) or similar databases.It might be impossible for the system administrator to monitor all the software if there are a large number of software installed in server.It is expensive to perform analysis to determine the servers affected by new vulnerabilities. The possibility of overlooking a server or two during analysis is there.Vuls is a tool created to solve the problems listed above. It has the following characteristics.Informs users of the vulnerabilities that are related to the system.Informs users of the servers that are affected.Vulnerability detection is done automatically to prevent any oversight.Report is generated on regular basis using CRON or other methods. to manage vulnerability.Main FeaturesScan for any vulnerabilities in Linux/FreeBSD ServerSupports major Linux/FreeBSDAlpine, Ubuntu, Debian, CentOS, Amazon Linux, RHEL, Oracle Linux, SUSE Enterprise Linux and Raspbian, FreeBSDCloud, on-premise, DockerHigh quality scanVuls uses Multiple vulnerability databasesNVDJVN(Japanese)OVALRedHatDebianUbuntuSUSEOracle LinuxAlpine-secdbRed Hat Security AdvisoriesDebian Security Bug TrackerCommands(yum, zypper, pkg-audit)RHSA/ALAS/ELSA/FreeBSD-SAExploit DatabaseChangelogFast scan and Deep scanFast ScanScan without root privilege, no dependenciesAlmost no load on the scan target serverOffline mode scan with no internet access. (Red Hat, CentOS, OracleLinux, Ubuntu, Debian)Fast Root ScanScan with root privilegeAlmost no load on the scan target serverDetect processes affected by update using yum-ps (RedHat, CentOS, Oracle Linux and Amazon Linux)Detect processes which updated before but not restarting yet using checkrestart of debian-goodies (Debian and Ubuntu)Offline mode scan with no internet access. (RedHat, CentOS, OracleLinux, Ubuntu, Debian)Deep ScanScan with root privilegeParses the ChangelogChangelog has a history of version changes. When a security issue is fixed, the relevant CVE ID is listed. By parsing the changelog and analysing the updates between the installed version of software on the server and the newest version of that software it’s possible to create a list of all vulnerabilities that need to be fixed.Sometimes load on the scan target serverRemote scan and Local scanRemote ScanUser is required to only setup one machine that is connected to other target servers via SSHLocal ScanIf you don’t want the central Vuls server to connect to each server by SSH, you can use Vuls in the Local Scan mode.Dynamic AnalysisIt is possible to acquire the state of the server by connecting via SSH and executing the command.Vuls warns when the scan target server was updated the kernel etc. but not restarting it.Scan middleware that are not included in OS package managementScan middleware, programming language libraries and framework for vulnerabilitySupport software registered in CPEMISCNondestructive testingPre-authorization is NOT necessary before scanning on AWSVuls works well with Continuous Integration since tests can be run every day. This allows you to find vulnerabilities very quickly.Auto generation of configuration file templateAuto detection of servers set using CIDR, generate configuration file templateEmail and Slack notification is possible (supports Japanese language)Scan result is viewable on accessory software, TUI Viewer on terminal or Web UI (VulsRepo).What Vuls Doesn’t DoVuls doesn’t update the vulnerable packages.Authorskotakanbe (@kotakanbe) created vuls and these fine people have contributed.Change LogPlease see CHANGELOG.Download Vuls

Link: http://www.kitploit.com/2019/03/vuls-vulnerability-scanner-for.html

CMSeeK v1.1.1 – CMS Detection And Exploitation Suite (Scan WordPress, Joomla, Drupal And 150 Other CMSs)

What is a CMS?A content management system (CMS) manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc.Release History- Version 1.1.1 [01-02-2019]- Version 1.1.0 [28-08-2018]- Version 1.0.9 [21-08-2018]- Version 1.0.8 [14-08-2018]- Version 1.0.7 [07-08-2018]…Changelog FileFunctions Of CMSeek:Basic CMS Detection of over 155 CMSDrupal version detectionAdvanced WordPress ScansDetects VersionUser EnumerationPlugins EnumerationTheme EnumerationDetects Users (3 Detection Methods)Looks for Version Vulnerabilities and much more!Advanced Joomla ScansVersion detectionBackup files finderAdmin page finderCore vulnerability detectionDirectory listing checkConfig leak detectionVarious other checksModular bruteforce systemUse pre made bruteforce modules or create your own and integrate with itRequirements and Compatibility:CMSeeK is built using python3, you will need python3 to run this tool and is compitable with unix based systems as of now. Windows support will be added later. CMSeeK relies on git for auto-update so make sure git is installed.Installation and Usage:It is fairly easy to use CMSeeK, just make sure you have python3 and git (just for cloning the repo) installed and use the following commands:git clone https://github.com/Tuhinshubhra/CMSeeKcd CMSeeKpip/pip3 install -r requirements.txtFor guided scanning:python3 cmseek.pyElse:python3 cmseek.py -u […]Help menu from the program:USAGE: python3 cmseek.py (for a guided scanning) OR python3 cmseek.py [OPTIONS] <Target Specification>SPECIFING TARGET: -u URL, –url URL Target Url -l LIST, -list LIST path of the file containing list of sites for multi-site scan (comma separated)RE-DIRECT: –follow-redirect Follows all/any redirect(s) –no-redirect Skips all redirects and tests the input target(s)USER AGENT: -r, –random-agent Use a random user agent –googlebot Use Google bot user agent –user-agent USER_AGENT Specify a custom user agentOUTPUT: -v, –verbose Increase output verbosityVERSION & UPDATING: –update Update CMSeeK (Requires git) –version Show CMSeeK version and exitHELP & MISCELLANEOUS: -h, –help Show this help message and exit –clear-result Delete all the scan resultEXAMPLE USAGE: python3 cmseek.py -u example.com # Scan example.com python3 cmseek.py -l /home/user/target.txt # Scan the sites specified in target.txt (comma separated) python3 cmseek.py -u example.com –user-agent Mozilla 5.0 # Scan example.com using custom user-Agent Mozilla is 5.0 used here python3 cmseek.py -u example.com –random-agent # Scan example.com using a random user-Agent python3 cmseek.py -v -u example.com # enabling verbose output while scanning example.comChecking For Update:You can check for update either from the main menu or use python3 cmseek.py –update to check for update and apply auto update.P.S: Please make sure you have git installed, CMSeeK uses git to apply auto update.Detection Methods:CMSeek detects CMS via the following:HTTP HeadersGenerator meta tagPage source coderobots.txtSupported CMSs:CMSeeK currently can detect 157 CMS. Check the list here: cmss.py file which is present in the cmseekdb directory. All the cmss are stored in the following way: cmsID = { ‘name’:’Name Of CMS’, ‘url’:’Official URL of the CMS’, ‘vd’:’Version Detection (0 for no, 1 for yes)’, ‘deeps’:’Deep Scan (0 for no 1 for yes)’ }Scan Result:All of your scan results are stored in a json file named cms.json, you can find the logs inside the Result\<Target Site> directory, and as of the bruteforce results they’re stored in a txt file under the site’s result directory as well.Here is an example of the json report log:Bruteforce Modules:CMSeek has a modular bruteforce system meaning you can add your custom made bruteforce modules to work with cmseek. A proper documentation for creating modules will be created shortly but in case you already figured out how to (pretty easy once you analyze the pre-made modules) all you need to do is this:Add a comment exactly like this # <Name Of The CMS> Bruteforce module. This will help CMSeeK to know the name of the CMS using regex Add another comment ### cmseekbruteforcemodule, this will help CMSeeK to know it is a module Copy and paste the module in the brutecms directory under CMSeeK’s directory Open CMSeeK and Rebuild Cache using U as the input in the first menu. If everything is done right you’ll see something like this (refer to screenshot below) and your module will be listed in bruteforce menu the next time you open CMSeeK.Need More Reasons To Use CMSeeK?If not anything you can always enjoy exiting CMSeeK (please don’t), it will bid you goodbye in a random goodbye message in various languages.Also you can try reading comments in the code those are pretty random and weird!!!Screenshots:Main Menu Scan ResultWordPress Scan ResultGuidelines for opening an issue:Please make sure you have the following info attached when opening a new issue:TargetExact copy of error or screenshot of errorYour operating system and python versionIssues without these informations might not be answered!Follow @r3dhax0r:TwitterTeam:Team : Virtually Unvoid Defensive (VUD)Download CMSeeK v1.1.1

Link: http://feedproxy.google.com/~r/PentestTools/~3/8EDnhSxC2Hw/cmseek-v111-cms-detection-and.html

Iptables Essentials – Common Firewall Rules And Commands

Tools to help you configure Iptables  Shorewall – advanced gateway/firewall configuration tool for GNU/Linux.  Firewalld – provides a dynamically managed firewall.  UFW – default firewall configuration tool for Ubuntu.  FireHOL – offer simple and powerful configuration for all Linux firewall and traffic shaping requirements.Manuals/Howtos/Tutorials  Best practices: iptables – by Major Hayden  An In-Depth Guide to Iptables, the Linux Firewall  Advanced Features of netfilter/iptables  Linux Firewalls Using iptables  Debugging iptables and common firewall pitfalls?  Netfilter Hacking HOWTO  Per-IP rate limiting with iptablesHow it works?Iptables RulesSaving RulesDebian Basednetfilter-persistent saveRedHat Basedservice iptables saveList out all of the active iptables rules with verboseiptables -n -L -vList out all of the active iptables rules with numeric lines and verboseiptables -n -L -v –line-numbersPrint out all of the active iptables rulesiptables -SList Rules as Tables for INPUT chainiptables -L INPUTPrint all of the rule specifications in the INPUT chainiptables -S INPUTShow Packet Counts and Aggregate Sizeiptables -L INPUT -vTo display INPUT or OUTPUT chain rules with numeric lines and verboseiptables -L INPUT -n -viptables -L OUTPUT -n -v –line-numbersDelete Rule by Chain and Numberiptables -D INPUT 10Delete Rule by Specificationiptables -D INPUT -m conntrack –ctstate INVALID -j DROPFlush All Rules, Delete All Chains, and Accept Alliptables -P INPUT ACCEPTiptables -P FORWARD ACCEPTiptables -P OUTPUT ACCEPTiptables -t nat -Fiptables -t mangle -Fiptables -Fiptables -XFlush All Chainsiptables -FFlush a Single Chainiptables -F INPUTInsert Firewall Rulesiptables -I INPUT 2 -s 202.54.1.2 -j DROPAllow Loopback Connectionsiptables -A INPUT -i lo -j ACCEPTiptables -A OUTPUT -o lo -j ACCEPTAllow Established and Related Incoming Connectionsiptables -A INPUT -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPTAllow Established Outgoing Connectionsiptables -A OUTPUT -m conntrack –ctstate ESTABLISHED -j ACCEPTInternal to Externaliptables -A FORWARD -i eth1 -o eth0 -j ACCEPTDrop Invalid Packetsiptables -A INPUT -m conntrack –ctstate INVALID -j DROPBlock an IP Addressiptables -A INPUT -s 192.168.252.10 -j DROPBlock and IP Address and Rejectiptables -A INPUT -s 192.168.252.10 -j REJECTBlock Connections to a Network Interfaceiptables -A INPUT -i eth0 -s 192.168.252.10 -j DROPAllow All Incoming SSHiptables -A INPUT -p tcp –dport 22 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPTiptables -A OUTPUT -p tcp –sport 22 -m conntrack –ctstate ESTABLISHED -j ACCEPTAllow Incoming SSH from Specific IP address or subnetiptables -A INPUT -p tcp -s 192.168.240.0/24 –dport 22 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPTiptables -A OUTPUT -p tcp –sport 22 -m conntrack –ctstate ESTABLISHED -j ACCEPTAllow Outgoing SSHiptables -A OUTPUT -p tcp –dport 22 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPTiptables -A INPUT -p tcp –sport 22 -m conntrack –ctstate ESTABLISHED -j ACCEPTAllow Incoming Rsync from Specific IP Address or Subnetiptables -A INPUT -p tcp -s 192.168.240.0/24 –dport 873 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPTiptables -A OUTPUT -p tcp –sport 873 -m conntrack –ctstate ESTABLISHED -j ACCEPTAllow All Incoming HTTPiptables -A INPUT -p tcp –dport 80 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPTiptables -A OUTPUT -p tcp –sport 80 -m conntrack –ctstate ESTABLISHED -j ACCEPTAllow All Incoming HTTPSiptables -A INPUT -p tcp –dport 443 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPTiptables -A OUTPUT -p tcp –sport 443 -m conntrack –ctstate ESTABLISHED -j ACCEPTAllow All Incoming HTTP and HTTPSiptables -A INPUT -p tcp -m multiport –dports 80,443 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPTiptables -A OUTPUT -p tcp -m multiport –dports 80,443 -m conntrack –ctstate ESTABLISHED -j ACCEPTAllow MySQL from Specific IP Address or Subnetiptables -A INPUT -p tcp -s 192.168.240.0/24 –dport 3306 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPTiptables -A OUTPUT -p tcp –sport 3306 -m conntrack –ctstate ESTABLISHED -j ACCEPTAllow MySQL to Specific Network Interfaceiptables -A INPUT -i eth1 -p tcp –dport 3306 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPTiptables -A OUTPUT -o eth1 -p tcp –sport 3306 -m conntrack –ctstate ESTABLISHED -j ACCEPTPostgreSQL from Specific IP Address or Subnetiptables -A INPUT -p tcp -s 192.168.240.0/24 –dport 5432 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPTiptables -A OUTPUT -p tcp –sport 5432 -m conntrack –ctstate ESTABLISHED -j ACCEPTAllow PostgreSQL to Specific Network Interfaceiptables -A INPUT -i eth1 -p tcp –dport 5432 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPTiptables -A OUTPUT -o eth1 -p tcp –sport 5432 -m conntrack –ctstate ESTABLISHED -j ACCEPTBlock Outgoing SMTP Mailiptables -A OUTPUT -p tcp –dport 25 -j REJECTAllow All Incoming SMTPiptables -A INPUT -p tcp –dport 25 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPTiptables -A OUTPUT -p tcp –sport 25 -m conntrack –ctstate ESTABLISHED -j ACCEPTAllow All Incoming IMAPiptables -A INPUT -p tcp –dport 143 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPTiptables -A OUTPUT -p tcp –sport 143 -m conntrack –ctstate ESTABLISHED -j ACCEPTAllow All Incoming IMAPSiptables -A INPUT -p tcp –dport 993 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPTiptables -A OUTPUT -p tcp –sport 993 -m conntrack –ctstate ESTABLISHED -j ACCEPTAllow All Incoming POP3iptables -A INPUT -p tcp –dport 110 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPTiptables -A OUTPUT -p tcp –sport 110 -m conntrack –ctstate ESTABLISHED -j ACCEPTAllow All Incoming POP3Siptables -A INPUT -p tcp –dport 995 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPTiptables -A OUTPUT -p tcp –sport 995 -m conntrack –ctstate ESTABLISHED -j ACCEPTDrop Private Network Address On Public Interfaceiptables -A INPUT -i eth1 -s 192.168.0.0/24 -j DROPiptables -A INPUT -i eth1 -s 10.0.0.0/8 -j DROPDrop All Outgoing to Facebook NetworksGet Facebook AS:whois -h v4.whois.cymru.com ” -v $(host facebook.com | grep "has address" | cut -d " " -f4)" | tail -n1 | awk ‘{print $1}’Drop:for i in $(whois -h whois.radb.net — ‘-i origin AS32934’ | grep "^route:" | cut -d ":" -f2 | sed -e ‘s/^[ \t]*//’ | sort -n -t . -k 1,1 -k 2,2 -k 3,3 -k 4,4 | cut -d ":" -f2 | sed ‘s/$/;/’) ; do iptables -A OUTPUT -s "$i" -j REJECTdoneLog and Drop Packetsiptables -A INPUT -i eth1 -s 10.0.0.0/8 -j LOG –log-prefix "IP_SPOOF A: "iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j DROPBy default everything is logged to /var/log/messages file:tail -f /var/log/messagesgrep –color ‘IP SPOOF’ /var/log/messagesLog and Drop Packets with Limited Number of Log Entriesiptables -A INPUT -i eth1 -s 10.0.0.0/8 -m limit –limit 5/m –limit-burst 7 -j LOG –log-prefix "IP_SPOOF A: "iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j DROPDrop or Accept Traffic From Mac Addressiptables -A INPUT -m mac –mac-source 00:0F:EA:91:04:08 -j DROPiptables -A INPUT -p tcp –destination-port 22 -m mac –mac-source 00:0F:EA:91:04:07 -j ACCEPTBlock or Allow ICMP Ping Requestiptables -A INPUT -p icmp –icmp-type echo-request -j DROPiptables -A INPUT -i eth1 -p icmp –icmp-type echo-request -j DROPSpecifying Multiple Ports with multiportiptables -A INPUT -i eth0 -p tcp -m state –state NEW -m multiport –dports ssh,smtp,http,https -j ACCEPTLoad Balancing with random* or nth*_ips=("172.31.250.10" "172.31.250.11" "172.31.250.12" "172.31.250.13")for ip in "${_ips[@]}" ; do iptables -A PREROUTING -i eth0 -p tcp –dport 80 -m state –state NEW -m nth –counter 0 –every 4 –packet 0 \ -j DNAT –to-destination ${ip}:80doneor_ips=("172.31.250.10" "172.31.250.11" "172.31.250.12" "172.31.250.13")for ip in "${_ips[@]}" ; do iptables -A PREROUTING -i eth0 -p tcp –dport 80 -m state –state NEW -m random –average 25 \ -j DNAT –to-destination ${ip}:80doneRestricting the Number of Connections with limit and iplimit*iptables -A FORWARD -m state –state NEW -p tcp -m multiport –dport http,https -o eth0 -i eth1 \ -m limit –limit 20/hour –limit-burst 5 -j ACCEPToriptables -A INPUT -p tcp -m state –state NEW –dport http -m iplimit –iplimit-above 5 -j DROPMaintaining a List of recent Connections to Match Againstiptables -A FORWARD -m recent –name portscan –rcheck –seconds 100 -j DROPiptables -A FORWARD -p tcp -i eth0 –dport 443 -m recent –name portscan –set -j DROPMatching Against a string* in a Packet’s Data Payloadiptables -A FORWARD -m string –string ‘.com’ -j DROPiptables -A FORWARD -m string –string ‘.exe’ -j DROPTime-based Rules with time*iptables -A FORWARD -p tcp -m multiport –dport http,https -o eth0 -i eth1 \ -m time –timestart 21:30 –timestop 22:30 –days Mon,Tue,Wed,Thu,Fri -j ACCEPTPacket Matching Based on TTL Valuesiptables -A INPUT -s 1.2.3.4 -m ttl –ttl-lt 40 -j REJECTProtection against port scanningiptables -N port-scanningiptables -A port-scanning -p tcp –tcp-flags SYN,ACK,FIN,RST RST -m limit –limit 1/s –limit-burst 2 -j RETURNiptables -A port-scanning -j DROPSSH brute-force protectioniptables -A INPUT -p tcp –dport ssh -m conntrack –ctstate NEW -m recent –setiptables -A INPUT -p tcp –dport ssh -m conntrack –ctstate NEW -m recent –update –seconds 60 –hitcount 10 -j DROPSyn-flood protectioniptables -N syn_floodiptables -A INPUT -p tcp –syn -j syn_floodiptables -A syn_flood -m limit –limit 1/s –limit-burst 3 -j RETURNiptables -A syn_flood -j DROPiptables -A INPUT -p icmp -m limit –limit 1/s –limit-burst 1 -j ACCEPTiptables -A INPUT -p icmp -m limit –limit 1/s –limit-burst 1 -j LOG –log-prefix PING-DROP:iptables -A INPUT -p icmp -j DROPiptables -A OUTPUT -p icmp -j ACCEPTMitigating SYN Floods With SYNPROXYiptables -t raw -A PREROUTING -p tcp -m tcp –syn -j CT –notrackiptables -A INPUT -p tcp -m tcp -m conntrack –ctstate INVALID,UNTRACKED -j SYNPROXY –sack-perm –timestamp –wscale 7 –mss 1460iptables -A INPUT -m conntrack –ctstate INVALID -j DROPBlock New Packets That Are Not SYNiptables -A INPUT -p tcp ! –syn -m state –state NEW -j DROPoriptables -t mangle -A PREROUTING -p tcp ! –syn -m conntrack –ctstate NEW -j DROPForce Fragments packets checkiptables -A INPUT -f -j DROPXMAS packetsiptables -A INPUT -p tcp –tcp-flags ALL ALL -j DROPDrop all NULL packetsiptables -A INPUT -p tcp –tcp-flags ALL NONE -j DROPBlock Uncommon MSS Valuesiptables -t mangle -A PREROUTING -p tcp -m conntrack –ctstate NEW -m tcpmss ! –mss 536:65535 -j DROPBlock Packets With Bogus TCP Flagsiptables -t mangle -A PREROUTING -p tcp –tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROPiptables -t mangle -A PREROUTING -p tcp –tcp-flags FIN,SYN FIN,SYN -j DROPiptables -t mangle -A PREROUTING -p tcp –tcp-flags SYN,RST SYN,RST -j DROPiptables -t mangle -A PREROUTING -p tcp –tcp-flags FIN,RST FIN,RST -j DROPiptables -t mangle -A PREROUTING -p tcp –tcp-flags FIN,ACK FIN -j DROPiptables -t mangle -A PREROUTING -p tcp –tcp-flags ACK,URG URG -j DROPiptables -t mangle -A PREROUTING -p tcp –tcp-flags ACK,FIN FIN -j DROPiptables -t mangle -A PREROUTING -p tcp –tcp-flags ACK,PSH PSH -j DROPiptables -t mangle -A PREROUTING -p tcp –tcp-flags ALL ALL -j DROPiptables -t mangle -A PREROUTING -p tcp –tcp-flags ALL NONE -j DROPiptables -t mangle -A PREROUTING -p tcp –tcp-flags ALL FIN,PSH,URG -j DROPiptables -t mangle -A PREROUTING -p tcp –tcp-flags ALL SYN,FIN,PSH,URG -j DROPiptables -t mangle -A PREROUTING -p tcp –tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROPBlock Packets From Private Subnets (Spoofing)_subnets=("224.0.0.0/3" "169.254.0.0/16" "172.16.0.0/12" "192.0.2.0/24" "192.168.0.0/16" "10.0.0.0/8" "0.0.0.0/8" "240.0.0.0/5")for _sub in "${_subnets[@]}" ; do iptables -t mangle -A PREROUTING -s "$_sub" -j DROPdoneiptables -t mangle -A PREROUTING -s 127.0.0.0/8 ! -i lo -j DROPIptables Essentials

Link: http://feedproxy.google.com/~r/PentestTools/~3/QxQzNFl9P6o/iptables-essentials-common-firewall.html

HexRaysCodeXplorer – Hex-Rays Decompiler Plugin For Better Code Navigation

The Hex-Rays Decompiler plugin for better code navigation in RE process. CodeXplorer automates code REconstruction of C++ applications or modern malware like Stuxnet, Flame, Equation, Animal Farm …The CodeXplorer plugin is one of the first publicly available Hex-Rays Decompiler plugins. We keep updated this project since summer of 2013 and continue contributing new features frequently. Also most interesting feutures of CodeXplorer have been presented on numerous security conferences like: REcon, ZeroNights, H2HC, NSEC and BHUS.Contributors:Alex Matrosov (@matrosov)Eugene Rodionov (@rodionov)Rodrigo Branco (@rrbranco)Gabriel Barbosa (@gabrielnb)Supported versions of Hex-Rays products: everytime we focus on last versions of IDA and Decompiler because trying to use new interesting features in new SDK releases. It’s also mean we tested just on last versions of Hex-Rays products and not guaranteed stable work on previous ones.Why not IdaPython: all code developed on C/C++ because it’s more stable way to support complex plugin for Hex-Rays Decompiler.Supported Platforms: x86/x64 for Win, Linux and Mac.HexRaysCodeXplorer – Hex-Rays Decompiler plugin for easier code navigation. Right-click context menu in the Pseudocode window shows CodeXplorer plugin commands:Here are the main features of the CodeXplorer plugin:Automatic type REconstruction for C++ objects. To be able to reconstruct a type using HexRaysCodeXplorer one needs to select the variable holding pointer to the instance of position independed code or to an object and by right-button mouse click select from the context menu «REconstruct Type» option:The reconstructed structure is displayed in “Output window”. Detailed information about type Reconstruction feature is provided in the blog post “Type REconstruction in HexRaysCodeXplorer”.Also CodeXplorer plugin supports auto REconstruction type into IDA local types storage.Virtual function table identification – automatically identifies references to virtual function tables during type reconstruction. When a reference to a virtual function table is identified the plugin generates a corresponding C-structure. As shown below during reconstructing struct_local_data_storage two virtual function tables were identified and, as a result, two corresponding structures were generated: struct_local_data_storage_VTABLE_0 and struct_local_data_storage_VTABLE_4.C-tree graph visualization – a special tree-like structure representing a decompiled routine in citem_t terms (hexrays.hpp). Useful feature for understanding how the decompiler works. The highlighted graph node corresponds to the current cursor position in the HexRays Pseudocode window:Ctree Item View – show ctree representation for highlighted element:Extract Ctrees to File – dump calculate SHA1 hash and dump all ctrees to file. Extract Types to File – dump all types information (include reconstructed types) into file. Navigation through virtual function calls in HexRays Pseudocode window. After representing C++ objects by C-structures this feature make possible navigation by mouse clicking to the virtual function calls as structure fields: Jump to Disasm – small feature for navigate to assembly code into “IDA View window" from current Pseudocode line position. It is help to find a place in assembly code associated with decompiled line.Object Explorer – useful interface for navigation through virtual tables (VTBL) structures. Object Explorer outputs VTBL information into IDA custom view window. The output window is shown by choosing «Object Explorer» option in right-button mouse click context menu:Object Explorer supports following features:Auto structures generation for VTBL into IDA local types Navigation in virtual table list and jump to VTBL address into "IDA View" window by click Show hints for current position in virtual table list Shows cross-references list by click into menu on "Show XREFS to VTBL" Support auto parsing RTTI objects:The Batch mode contains following features:Batch mode – useful feature to use CodeXplorer for processing multiple files without any interaction from user. We add this feature after Black Hat research in 2015 for processing 2 millions samples.Example (dump types and ctrees for functions with name prefix "crypto_"):idaq.exe -OHexRaysCodeXplorer:dump_types:dump_ctrees:CRYPTOcrypto_path_to_idbCompiling:Windows:Open the solution in Visual StudioOpen file src/HexRaysCodeXplorer/PropertySheet.props in notepad(++) and update values of IDADIR and IDASDK paths to point to IDA installation path and IDA7 SDK path accordingly. HexRays SDK should be in $IDADIR\plugins\hexrays_sdk (like by default)Build Release | x64 and Release x64 | x64 configurationsLinux:cd src/HexRaysCodeXplorer/IDA_DIR= IDA_SDK=<PATH_TO_IDA_SDK> EA64=0 make -f makefile.lnxIDA_DIR=<PATH_TO_IDA> IDA_SDK=<PATH_TO_IDA_SDK> EA64=0 make -f makefile.lnxMac:cd src/HexRaysCodeXplorer/IDA_DIR=<PATH_TO_IDA> IDA_SDK=<PATH_TO_IDA_SDK> make -f makefile.macThe Mac makefile might need some hand editing, pull requests welcome!IDA 7.0 .pmc file extension should be .dylibbash$ export IDA_DIR="/Applications/IDA\ Pro\ 7.0/ida.app/Contents/MacOS" && export IDA_SDK="/Applications/IDA\ Pro\ 7.0/ida.app/Contents/MacOS/idasdk" && make -f makefile7.macOr open project in Xcode HexRaysCodeXplorer.xcodeprojConference talks about CodeXplorer plugin:2015"Distributing the REconstruction of High-Level IR for Large Scale Malware Analysis", BHUS [slides]"Object Oriented Code RE with HexraysCodeXplorer", NSEC [slides]2014"HexRaysCodeXplorer: object oriented RE for fun and profit", H2HC [slides]2013"HexRaysCodeXplorer: make object-oriented RE easier", ZeroNights [slides]"Reconstructing Gapz: Position-Independent Code Analysis Problem", REcon [slides]Download HexRaysCodeXplorer

Link: http://www.kitploit.com/2019/02/hexrayscodexplorer-hex-rays-decompiler.html

Cheat Engine – A Development Environment Focused On Modding

Cheat Engine is an open source tool designed to help you with modifying single player games running under window so you can make them harder or easier depending on your preference(e.g: Find that 100hp is too easy, try playing a game with a max of 1 HP), but also contains other usefull tools to help debugging games and even normal applications, and helps you protect your system by letting you inspect memory modifications by backdoors and even contains some ways to unhide them from conventional means.It comes with a memory scanner to quickly scan for variables used within a game and allow you to change them, but it also comes with a debugger, disassembler, assembler, speedhack, trainer maker, direct 3D manipulation tools, system inspection tools and more.Besides these tools it also comes with extensive scripting support which will allow experienced developers to create their own applications with easy and share them with other peopleFor new users it is recommended to go through the tutorial(The one that comes with Cheat Engine, you can find it in your programs list after installing) and at least reach step 5 for basic understanding of the usage of Cheat Engine.Download Cheat Engine

Link: http://feedproxy.google.com/~r/PentestTools/~3/hmyT4ewgMO8/cheat-engine-development-environment.html

BeEF – The Browser Exploitation Framework Project

What is BeEF?BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.Get InvolvedYou can get in touch with the BeEF team. Just check out the following:Please, send us pull requests!Web: https://beefproject.com/Bugs: https://github.com/beefproject/beef/issuesSecurity Bugs: security@beefproject.comIRC: ircs://irc.freenode.net/beefprojectTwitter: @beefprojectRequirementsOperating System: Mac OSX 10.5.0 or higher / modern LinuxRuby: 2.3 or newerSQLite: 3.xNode.js: 6 or newerThe gems listed in the Gemfile: https://github.com/beefproject/beef/blob/master/Gemfilebrew install selenium-server-standalone (See https://github.com/shvets/selenium)Quick StartThe following is for the impatient.The install script installs the required operating system packages and all the prerequisite Ruby gems:$ ./installFor full installation details, please refer to INSTALL.txt.We also have an Installation page on the wiki.Upon successful installation, be sure to read the Configuration page on the wiki for important details on configuring and securing BeEF.UsageTo get started, simply execute beef and follow the instructions: $ ./beefVideoDownload Beef

Link: http://feedproxy.google.com/~r/PentestTools/~3/W1UXPoIIVbg/beef-browser-exploitation-framework.html

OSINT-SPY – Search using OSINT (Open Source Intelligence)

Performs OSINT scan on email/domain/ip_address/organization using OSINT-SPY. It can be used by Data Miners, Infosec Researchers, Penetration Testers and cyber crime investigator in order to find deep information about their target.OSINT-SPY Documentation (beta)File Name : READMEAuthor : @sk_securityVersion : 0.0.1Website : osint-spy.comOverview of this tool:Perform scan on IP Address / domain / email address / BTC(bitcoin) address / deviceFind out latest bitcoin block informationList out all the ciphers supported by particular website and serverCheck whether a particular website is vulnerable to heartbleed or not ?Dump all the contacts and messages from skype databaseAnalyze malware or malicous file remotelyLicenses informationOSINT-SPY and its documents are covered with GPL-3.0 (General Public License v3.0)Using OSINT-SPY @@@@@@@@@ @@@@@@@@@ | @@ @ 88888|88888 @@@@@@@@@ 8@@@@@@@@ 8 @ 88888888888 | | @ @ @ | | 8 @ 8 @ @@@@@@@@@@@ | | @ @ @ | | 8 @ 8 @ 88888888888 |@@@@@@@@ | @ @ @ | —- |@@@@@@@@ 8@@@@@@@@ 8 @ @@@@@@@@@@@ | | @ @ @ | | 8 @ @@@@@@@@@@@ | | @ @ @ | | 8 @ 888888888 @@@@@@@@| | @ @@ | @@@@@@@@| 8 @ Search using OSINT Website: www.osint-spy.com Usage: osint-spy.py [options] Options: -h, –help show this help message and exit. –btc_block Find latest Bitcoin blockchain info. –btc_date Find Bitcoin blockchain information from given date. –btc_address Find out balance and transaction information of given bitcoin address. –ssl_cipher List out all the ciphers used by given server. –ssl_bleed Check whether server is vulnerable to heart bleed flaw or not. –domain Get bunch of detail of given website or organization. –email Gather information of a given email address. –device Find out devices which are connected to internet. –ip Enumerate information from given IP Addresss. –skype_db Give the location of skype database in order to fetch all the information from that including chats and contacts. –malware Find out whether a given file is infected by malware or not. –carrier Give path of carrier file behind which you want to add text. –setgo_text Enter text to hide behind carrier file. –stego_find Give a stego file and it will try to find hidden text.Required setupPython 2.7Use install_linux.py (for installing all dependencies and libraries on linux)Use install_windows.py (for installing all dependencies and libraries on windows)Contributors1. Sharad Kumar – @sk_security DocumentationSetting up the enviornmentInstalling and using OSINT-SPY is very easy.Installation process is very simple and is of 4 steps.1.Downloading or cloning OSINT-SPY github repository.2.Downloading and installing all dependencies.3.Generating API Keys4.Adding API Keys in config fileLet’s Begin !!Step 1 – Download OSINT-PSY on your system.In order to install OSINT-SPY simply clone the github repository.Below is the command which you can use in order to clone OSINT-SPY repository.git clone https://github.com/SharadKumar97/OSINT-SPY.gitStep 2 – Downloading and Installing dependencies.Once you clone OSINT-SPY, you will find one directory name as OSINT-SPY. Just go that directory and install dependencies. If you are using OSINT-SPY on windows then run install_linux.py file and if you are using linux then run install_linux.pypython install_linux.pyORpython install_windows.pyGenerating API KeysWe need some API Keys before using this tool.Following are the API’s which we are using in this tool for a time being.1.Clearbit API2.Shodan API3.Fullcontact API4.Virus_Total API5.EmailHunter APIClearbit API Register yourself at Clearbitand activate your account. Once you login, you will find one section of API. Go there and copy your secret API Key and paste inside config.py file. Config.py file can be find in modules directory of OSINT-SPY.Shodan API Register yourself at Shodan and activate your account. Once you activated your account then login to Shodan. Once you login, you will find an API key in overview tab. Copy that key and paste inside config.py file.FullContact API Register yourself at Full Contact. You can sign up by using your email or you can Sign Up with Google. Once you login, you will find your API Key on front of your dashboard. Just copy that key and paste it inside config.py file.VirusTotal API Register yourself at VirusTotal. Once you login, you will find My Api Key section in your profile menu. Just go there and copy your public API Key and paste in config.py file.EmailHunter API Register yourself at Email Hunter . Once you login, go to API tab and click on EYE icon to view your API Key. Copy your API Key in config.py file.UsageOSINT-SPY is very handy tool and easy to use.All you have to do is just have to pass values to parameter.In order to start OSINT-SPY just write — python osint-spy.com–btc_block –btc_block parameter gives you the information of latest bitcoin block chain.Usage:python osint-spy.py –btc_block–btc_date –btc_date parameter will give you an information of bitcoin block chain from given date.Usage:python osint-spy.py –btc_date 20170620–btc_address –btc_address will give you an information about particular bitcoin owner.python osint-spy.py –btc_address 1DST3gm6JthxhuoNKFqXrdpzPFfz1WgHpW–ssl_cipher –ssl_cipher will show you all the ciphers supported by given website.python osint-spy.py –ssl_cipher google.com–ssl_bleed –ssl_bleed will find out whether given website is vulnerable to heartbleed or not ? .python osint-spy.py –ssl_bleed google.com–domain –domain will give you in depth-information about particular domain including whois,dns,ciphers,location and so more.python osint-spy.py –domain google.com–email –email will gather information about given email address from various public sources.python osint-spy.py –email david@toorcon.org–device –device will search for a given device from shodan and will list out all the available devices on public IP.python osint-spy.py –device webcam–ip –ip will gather all the information of given IP Address from public sources.python osint-spy.py –ip 127.0.0.1–skype_db –skype_db will find out all the contacts and message history from given skype database.This can be useful for forensics investigator.In Windows,Skype database can be found in AppData\Roaming\Skype\(Your username)\main.db and in Mac OSX , database can be found in /Users/(Your mac user anme)/Library/Support/Skype/(your skyoe username)/main.dbpython osint-spy.py –skype_db main.db–malware –malware will send a given piece of file to virustotal and will give you a result whether given file is malware or not? .python osint-spy.py –malware abc.exe–carrier and –stego_text –carrier and –stego_text are used to hide text behind any image. –carrier will specify the image behind which you want to hide the text. –stego_text will specify the text you want to add.python osint-spy.py –carrier image.jpg –stego_text This_is_secre_text–stego_find –stego_find will find out hidden text behind any image.python osint-spy.py –stego_find hidden.jpgDownload OSINT-SPY

Link: http://feedproxy.google.com/~r/PentestTools/~3/-x63Tn8Ij2w/osint-spy-search-using-osint-open.html