Best Download Managers for Mac

Switching from Windows to Mac is not easy. If you were a Windows users for a long time, you will not find it easy to come on Mac due to the unavailability of good software. While most of the popular software are also available for Mac, you will still not enjoy as much variety as you can on Windows. If you are new to Mac, you may also find it hard to search for good software even if there are many into existence. When I switch to Mac from Windows, I was looking for a good free download Manager for
The post Best Download Managers for Mac appeared first on UseThisTip.

Link: http://feedproxy.google.com/~r/blogspot/csAFg/~3/Pz2OJpUI0gc/3-best-download-managers-mac.html

Wifijammer – Continuously Jam All Wifi Clients/Routers

Continuously jam all wifi clients and access points within range. The effectiveness of this script is constrained by your wireless card. Alfa cards seem to effectively jam within about a block radius with heavy access point saturation. Granularity is given in the options for more effective targeting. Requires: python 2.7, python-scapy, a wireless card capable of injection Usage Simple python wifijammer.pyThis will find the most powerful wireless interface and turn on monitor mode. If a monitor mode interface is already up it will use the first one it finds instead. It will then start sequentially hopping channels 1 per second from channel 1 to 11 identifying all access points and clients connected to those access points. On the first pass through all the wireless channels it is only identifying targets. After that the 1sec per channel time limit is eliminated and channels are hopped as soon as the deauth packets finish sending. Note that it will still add clients and APs as it finds them after the first pass through. Upon hopping to a new channel it will identify targets that are on that channel and send 1 deauth packet to the client from the AP, 1 deauth to the AP from the client, and 1 deauth to the AP destined for the broadcast address to deauth all clients connected to the AP. Many APs ignore deauths to broadcast addresses. python wifijammer.py -a 00:0E:DA:DE:24:8E -c 2Deauthenticate all devices with which 00:0E:DA:DE:24:8E communicates and skips channel hopping by setting the channel to the target AP’s channel (2 in this case). This would mainly be an access point’s MAC so all clients associated with that AP would be deauthenticated, but you can also put a client MAC here to target that one client and any other devices that communicate with it. Advanced python wifijammer.py -c 1 -p 5 -t .00001 -s DL:3D:8D:JJ:39:52 -d –world -c , Set the monitor mode interface to only listen and deauth clients or APs on channel 1 -p , Send 5 packets to the client from the AP and 5 packets to the AP from the client along with 5 packets to the broadcast address of the AP -t , Set a time interval of .00001 seconds between sending each deauth (try this if you get a scapy error like ‘no buffer space’) -s , Do not deauth the MAC DL:3D:8D:JJ:39:52. Ignoring a certain MAC address is handy in case you want to tempt people to join your access point in cases of wanting to use LANs.py or a Pineapple on them. -d , Do not send deauths to access points’ broadcast address; this will speed up the deauths to the clients that are found –world , Set the max channel to 13. In N. America the max channel standard is 11, but the rest of the world uses 13 channels so use this option if you’re not in N. America Walking/driving around python wifijammer.py -m 10The -m option sets a max number of client/AP combos that the script will attempt to deauth. When the max number is reached, it clears and repopulates its list based on what traffic it sniffs in the area. This allows you to constantly update the deauth list with client/AP combos who have the strongest signal in case you were not stationary. If you want to set a max and not have the deauth list clear itself when the max is hit, just add the -n option like: -m 10 -n All options: python wifijammer.py [-a AP MAC] [-c CHANNEL] [-d] [-i INTERFACE] [-m MAXIMUM] [-n] [-p PACKETS] [-s SKIP] [-t TIME INTERVAL] Technical breakdown How to kick everyone around you off wifi with python Download Wifijammer

Link: http://feedproxy.google.com/~r/PentestTools/~3/VXbjeg_Kkys/wifijammer-continuously-jam-all-wifi.html

How to search for any menu option in MacOS

have you ever been in a situation when you are looking for menu option but you are not able to find it. Thankfully, MacOS offers you the search for menu options. This can be any menu option of any software on MacOS. Take Google Chrome for the example. Suppose I am looking for the menu option ‘Extensions’ and after checking the menus, I am not able to get it. In that case, I can use the search option to look for this option. Just click on Help menu and see the first option “Search”. Start typing the option you want
The post How to search for any menu option in MacOS appeared first on UseThisTip.

Link: http://feedproxy.google.com/~r/blogspot/csAFg/~3/wX8PPtFC94Y/search-menu-option-macos.html

Lobotomy – Android Reverse Engineering

Lobotomy is a command line based Android reverse engineering tool. What is in the repo, is currently in development. You should assume nothing works as expected until the official 2.0 release is finished. Version Development Author Benjamin Watson (rotlogix) Features Feature Description Components Enumerate AndroidManifest.xml components Permission Enumerate declared and used AndroidManifest.xml permissions Strings List and search for strings within the target application AttackSurface Enumerate the target Application’s attack surface through parsing the AndroidManifest.xml Surgical Find specific Android API usage throughout the application Interact Drop into an IPython session to analyze the target application in a more granular fashion UI A terminal based interface for navigating an application’s class tree Decompile Decompile the target application with Apktool Debuggable Convert the target application into being debuggable when installed on a device Dextra Wrapper around dextra for dumping odex and oat files Socket Find local and listening sockets on a target Android device Building OSX Building Requirements for python-adb brew install opensslbrew install swigenv LDFLAGS=”-L$(brew –prefix openssl)/lib" \CFLAGS="-I$(brew –prefix openssl)/include" \SWIG_FEATURES="-cpperraswarn -includeall -I$(brew –prefix openssl)/include" \ Create a Python Virtual Environment for Lobotomy virtualenv -p /usr/bin/python2.7 lobotomycd lobotomy/source bin/activate Install the PIP Requirements pip install -r requirements Install Androguard cd core/include/androguardpython setup.py install Running OSX python lobotomy.py : : : t#, t#, t#, i ;##W. . ;##W. ;##W. LE :#L:WE Ef. :#L:WE GEEEEEEEL :#L:WE .. : f. ;WE. L#E .KG ,#D E#Wi .KG ,#D ,;;L#K;;. .KG ,#D ,W, .Et E#, i#G G#W. EE ;#f E#K#D: EE ;#f t#E EE ;#f t##, ,W#t E#t f#f D#K. f#. t#iE#t,E#f. f#. t#i t#E f#. t#i L###, j###t E#t G#i E#K. :#G GK E#WEE##Wt:#G GK t#E :#G GK .E#j##, G#fE#t E#jEW, .E#E. ;#L LW. E##Ei;;;;.;#L LW. t#E ;#L LW. ;WW; ##,:K#i E#t E##E. .K#E t#f f#: E#DWWt t#f f#: t#E t#f f#: j#E. ##f#W, E#t E#G .K#D f#D#; E#t f#K; f#D#; t#E f#D#; .D#L ###K: E#t E#t .W#G G#t E#Dfff##E, G#t t#E G#t :K#t ##D. E#t E#t :W##########Wt t jLLLLLLLLL; t fE t … #G .. EE. :,,,,,,,,,,,,,. : j t(lobotomy)See the docs for more information. Download Lobotomy

Link: http://feedproxy.google.com/~r/PentestTools/~3/7m5vKimwWFQ/lobotomy-android-reverse-engineering.html

Noriben – Portable, Simple, Malware Analysis Sandbox

Noriben is a Python-based script that works in conjunction with Sysinternals Procmon to automatically collect, analyze, and report on runtime indicators of malware. In a nutshell, it allows you to run your malware, hit a keypress, and get a simple text report of the sample’s activities. Noriben allows you to not only run malware similar to a sandbox, but to also log system-wide events while you manually run malware in ways particular to making it run. For example, it can listen as you run malware that requires varying command line options. Or, watch the system as you step through malware in a debugger. Noriben only requires Sysinternals procmon.exe (or procmon64.exe) to operate. It requires no pre-filtering (though it would greatly help) as it contains numerous white list items to reduce unwanted noise from system activity. Cool Features If you have a folder of YARA signature files, you can specify it with the –yara option. Every new file create will be scanned against these signatures with the results displayed in the output results. If you have a VirusTotal API, place it into a file named “virustotal.api" (or embed directly in the script) to auto-submit MD5 file hashes to VT to get the number of viral results. You can add lists of MD5s to auto-ignore (such as all of your system files). Use md5deep and throw them into a text file, use –hash to read them. You can automate the script for sandbox-usage. Using -t to automate execution time, and –cmd "path\exe" to specify a malware file, you can automatically run malware, copy the results off, and then revert to run a new sample. The –generalize feature will automatically substitute absolute paths with Windows environment paths for better IOC development. For example, C:\Users\malware_user\AppData\Roaming\malware.exe will be automatically resolved to %AppData%\malware.exe. Usage: –===[ Noriben v1.6 ]===—-===[ @bbaskin ]===–usage: Noriben.py [-h] [-c CSV] [-p PML] [-f FILTER] [–hash HASH] [-t TIMEOUT] [–output OUTPUT] [–yara YARA] [–generalize] [–cmd CMD] [-d]optional arguments: -h, –help show this help message and exit -c CSV, –csv CSV Re-analyze an existing Noriben CSV file -p PML, –pml PML Re-analyze an existing Noriben PML file -f FILTER, –filter FILTER Specify alternate Procmon Filter PMC –hash HASH Specify MD5 file whitelist -t TIMEOUT, –timeout TIMEOUT Number of seconds to collect activity –output OUTPUT Folder to store output files –yara YARA Folder containing YARA rules –generalize Generalize file paths to their environment variables. Default: True –cmd CMD Command line to execute (in quotes) -d Enable debug tracebacks Download Noriben

Link: http://feedproxy.google.com/~r/PentestTools/~3/mrYkk21lOHk/noriben-portable-simple-malware.html

WiFiPhisher v1.2 – Automated victim-customized phishing attacks against Wi-Fi clients

Wifiphisher is a security tool that mounts automated victim-customized phishing attacks against WiFi clients in order to obtain credentials or infect the victims with malwares. It is primarily a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining credentials from captive portals and third party login pages (e.g. in social networks) or WPA/WPA2 pre-shared keys. Wifiphisher works on Kali Linux and is licensed under the GPL license. How it works After achieving a man-in-the-middle position using the Evil Twin attack, Wifiphisher redirects all HTTP requests to an attacker-controlled phishing page. From the victim’s perspective, the attack makes use in three phases: Victim is being deauthenticated from her access point . Wifiphisher continuously jams all of the target access point’s wifi devices within range by forging “Deauthenticate” or “Disassociate” packets to disrupt existing associations. Victim joins a rogue access point . Wifiphisher sniffs the area and copies the target access point’s settings. It then creates a rogue wireless access point that is modeled by the target. It also sets up a NAT/DHCP server and forwards the right ports. Consequently, because of the jamming, clients will eventually start connecting to the rogue access point. After this phase, the victim is MiTMed. Victim is being served a realistic specially-customized phishing page . Wifiphisher employs a minimal web server that responds to HTTP & HTTPS requests. As soon as the victim requests a page from the Internet, wifiphisher will respond with a realistic fake page that asks for credentials or serves malwares. This page will be specifically crafted for the victim. For example, a router config-looking page will contain logos of the victim’s vendor. The tool supports community-built templates for different phishing scenarios. Performing MiTM attack Requirements Following are the requirements for getting the most out of Wifiphisher: Kali Linux. Although people have made Wifiphisher work on other distros, Kali Linux is the officially supported distribution, thus all new features are primarily tested on this platform. One wireless network adapter that supports AP mode. Drivers should support netlink. One wireless network adapter that supports Monitor mode and is capable of injection. Again, drivers should support netlink. If a second wireless network adapter is not available, you may run the tool with the –nojamming option. This will turn off the de-authentication attack though. Installation To install the latest development version type the following commands: git clone https://github.com/sophron/wifiphisher.git # Download the latest revisioncd wifiphisher # Switch to tool’s directorysudo python setup.py install # Install any dependencies (Currently, hostapd, PyRIC, jinja2) Alternatively, you can download the latest stable version from the Releases page . Usage Run the tool by typing wifiphisher or python bin/wifiphisher (from inside the tool’s directory). By running the tool without any options, it will find the right interfaces and interactively ask the user to pick the ESSID of the target network (out of a list with all the ESSIDs in the around area) as well as a phishing scenario to perform. wifiphisher -aI wlan0 -jI wlan4 -p firmware-upgradeUse wlan0 for spawning the rogue Access Point and wlan4 for DoS attacks. Select the target network manually from the list and perform the “Firmware Upgrade" scenario. Useful for manually selecting the wireless adapters. The "Firware Upgrade" scenario is an easy way for obtaining the PSK from a password-protected network. wifiphisher –essid CONFERENCE_WIFI -p plugin_update -pK s3cr3tp4ssw0rdAutomatically pick the right interfaces. Target the Wi-Fi with ESSID "CONFERENCE_WIFI" and perform the "Plugin Update" scenario. The Evil Twin will be password-protected with PSK "s3cr3tp4ssw0rd". Useful against networks with disclosed PSKs (e.g. in conferences). The "Plugin Update" scenario provides an easy way for getting the victims to download malicious executables (e.g. malwares containing a reverse shell payload). wifiphisher –nojamming –essid "FREE WI-FI" -p oauth-loginDo not target any network. Simply spawn an open Wi-Fi network with ESSID "FREE WI-FI" and perform the "OAuth Login" scenario. Useful against victims in public areas. The "OAuth Login" scenario provides a simple way for capturing credentials from social networks, like Facebook. Following are all the options along with their descriptions (also available with wifiphisher -h ): Short form Long form Explanation -h –help show this help message and exit -s SKIP –skip SKIP Skip deauthing this MAC address. Example: -s 00:11:BB:33:44:AA -jI JAMMINGINTERFACE –jamminginterface JAMMINGINTERFACE Manually choose an interface that supports monitor mode for deauthenticating the victims. Example: -jI wlan1 -aI APINTERFACE –apinterface APINTERFACE Manually choose an interface that supports AP mode for spawning an AP. Example: -aI wlan0 -t TIMEINTERVAL –timeinterval TIMEINTERVAL Choose the time interval between DEAUTH packets being sent -dP DEAUTHPACKETS –deauthpackets DEAUTHPACKETS Choose the number of packets to send in each deauth burst. Default value is 1; 1 packet to the client and 1 packet to the AP. Send 2 deauth packets to the client and 2 deauth packets to the AP: -dP 2 -d –directedonly Skip the deauthentication packets to the broadcast address of the access points and only send them to client/AP pairs -nJ –nojamming Skip the deauthentication phase. When this option is used, only one wireless interface is required -e ESSID –essid ESSID Enter the ESSID of the rogue Access Point. This option will skip Access Point selection phase. Example: –essid ‘Free WiFi’ -p PHISHINGSCENARIO –phishingscenario PHISHINGSCENARIO Choose the phishing scenario to run.This option will skip the scenario selection phase. Example: -p firmware_upgrade -pK PRESHAREDKEY –presharedkey PRESHAREDKEY Add WPA/WPA2 protection on the rogue Access Point. Example: -pK s3cr3tp4ssw0rd Screenshots Targeting an access point A successful attack Fake router configuration page Fake OAuth Login Page Fake web-based network manager Disclaimer Authors do not own the logos under the wifiphisher/data/ directory. Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for "fair use" for purposes such as criticism, comment, news reporting, teaching, scholarship, and research. Usage of Wifiphisher for attacking infrastructures without prior mutual consistency can be considered as an illegal activity. It is the final user’s responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program.  Download WiFiPhisher

Link: http://feedproxy.google.com/~r/PentestTools/~3/8kXzbT6EXPI/wifiphisher-v12-automated-victim.html

Burp Suite Professional 1.7.14 – The Leading Toolkit for Web Application Security Testing

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun. Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.Burp Suite contains the following key components:An intercepting Proxy, which lets you inspect and modify traffic between your browser and the target application.An application-aware Spider, for crawling content and functionality.An advanced web application Scanner, for automating the detection of numerous types of vulnerability.An Intruder tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities.A Repeater tool, for manipulating and resending individual requests.A Sequencer tool, for testing the randomness of session tokens.The ability to save your work and resume working later.Extensibility, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp.Burp is easy to use and intuitive, allowing new users to begin working right away. Burp is also highly configurable, and contains numerous powerful features to assist the most experienced testers with their work.Release Notes v1.7.14This release fixes the following security issues that were identified through our bug bounty program. Note that all of these issues involve the Burp user actively testing a malicious website that has been designed specifically to attack Burp Suite.If a user visits a malicious website in their browser, and in Burp selects a crafted request that was generated by that website, and uses either the “Request in browser" function or the "Generate CSRF Poc" and "Test in browser" function, then the malicious website can XSS an arbitrary website.If a user scans a malicious website and another website within the same Burp project, and exports all of the scan results as a single HTML report, and views that report in a browser, then the malicious website can capture the scan results for the other site.If a user scans a malicious website and another website within the same Burp project, then the malicious website might be able to capture the raw data of any Burp Collaborator interactions that were performed by the other website.We are pleased that our bug bounty program has alerted us to these issues within Burp. As well as fixing known issues at source, we have taken a defense-in-depth approach to hardening Burp in response to them, including:Some functions within Burp’s in-browser interface that increased its attack surface have been removed altogether, including the Proxy history, the buttons to repeat requests and view responses, and support for the plug-n-hack Firefox extension.Scan issue descriptions, including those generated by Burp extensions, are now subject to an HTML whitelist that allows only formatting tags and simple hyperlinks.HTML scan reports now include a Content Security Policy directive that prevents execution of scripts in modern browsers.Note: The security issues identified have all been fixed within Burp Suite. As a defense-in-depth measure, some hardening has also been performed of Burp Collaborator. It is recommended that users who have deployed a private Burp Collaborator server should update to the current version in a timely way.A number of other enhancements were made, including:A number of improvements to existing Scanner checks to improve accuracy.When a request is sent to Repeater but never issued, the request is now stored in the Burp project file, so the initial unrequested item will reappear when the project is reopened.The Proxy listener now accepts SSL negotiations from browsers that are hardened only to support selected protocols and ciphers.Download Burp Suite Professional 1.7.14

Link: http://feedproxy.google.com/~r/PentestTools/~3/n9syuCM6IC0/burp-suite-professional-1714-leading.html

FileBuster – An Extremely Fast And Flexible Web Fuzzer

An extremely fast and flexible web fuzzer. Why another fuzzer? My main motivation was to write a script that would allow me to fuzz a website based on a dictionary but that allowed me to filter words on that dictionary based on regex patterns. This necessity came from the frustration of trying to find the pages from the partial results returned by the Soroush’s IIS shortname scanner tool ( https://github.com/irsdl/iis-shortname-scanner/ ). In case that you’re not aware of, most IIS web servers version 7.5 or below are vulnerable to filenames partial name discovery by requesting those pages in the format 8.3, for example: abcdef~1.zip Many times I had results like getpag~1.asp, where you can clearly see that the page filename must be “get" followed by a word started with "pag". This gets very easily done on Filebuster: # perl filebuster.pl -u http://yoursite.com/get{fuzz}.asp -w /path/to/wordlist.txt -p ^pagInitially Filebuster was just this, a fuzzer with regex support but then I really invested some time on it to support various interesting features while keeping it blazing fast. Why is it so fast? Filebuster was built based on one of the fastest HTTP classes in the world (of PERL) – Furl::HTTP. Also the thread modelling is a bit optimized to run as fast as possible. Features It packs a ton of features like: The already mentioned Regex patterns Supports HTTP/HTTPS/SOCKS proxy Allows for multiple wordlists using wildcards Additional file extensions Adjustable timeouts and retries Adjustable delays / throttling Hide results based on HTTP code, length or words in headers or body Support for custom cookies Support for custom headers Supports multiple versions of the TLS protocol Automatic TTY detection Recursive scans Integrated wordlists Requisites Perl version 5.10 or higher is required Filebuster resources a lot of features to third party libraries. However they can be easily installed with the following command: # cpan install YAML Furl Switch Benchmark Cache::LRU Net::DNS::Lite List::MoreUtils IO::Socket::SSL URI::Escape HTML::Entities IO::Socket::Socks::Wrapper Installation Filebuster is a Perl script so no installation is necessary. However, the best way of using filebuster is by creating a soft link on a directory that is included in the path. For example: # ln -s /path/to/filebuster.pl /usr/local/bin/filebusterThen you will be able to use it system wide Syntax On the most basic form, Filebuster can be run using the following syntax: # perl filebuster.pl -u http://yoursite.com/ -w /path/to/wordlist.txtIf you want to fuzz the final part of the URL, then you don’t need to using the tag {fuzz} to indicate where to inject. A more complex example: # perl filebuster.pl -u http://yoursite.com/{fuzz}.jsp -w /path/to/wordlist.txt -t 3 -x http://127.0.0.1:8080 –hs "Error"This would allow you to fuzz a website with 3 threads to find JSP pages, using a local proxy and hiding all responses with "Error" in the body. For the complete syntax help with examples, just run filebuster.pl –help . Wordlists I’ve created some wordlists based on different sources around the web for your convenience. You can find them on the wordlists directory. This means you can start using FileBuster right away: # perl filebuster.pl -u http://yoursite.com/ -w wordlists/normal.txtIf you need more wordlists, you should check out the great SecLists repository. Download FileBuster

Link: http://feedproxy.google.com/~r/PentestTools/~3/P-LVwWa28ws/filebuster-extremely-fast-and-flexible.html