BEEMKA: Basic Electron Post-Exploitation Framework

PenTestIT RSS Feed
There are a lot of applications today that use Electron Framework, as it helps you build cross platform desktop apps with JavaScript, HTML, and CSS. Examples are applications such as Skype, Station, etc. A new post-exploitation framework – BEEMKA can now help you in maintaining access and exfiltration. What is BEEMKA? BEEMKA is a modular,Read more about BEEMKA: Basic Electron Post-Exploitation Framework
The post BEEMKA: Basic Electron Post-Exploitation Framework appeared first on PenTestIT.

Link: http://pentestit.com/beemka-basic-electron-exploitation-framework/

UPDATE: Cameradar v3.0.1

PenTestIT RSS Feed
My initial post covering this open source Real Time Streaming Protocol (RTSP) surveillance camera access multi-tool was about an older version. A lot has happened since then and an update – Cameradar v3.0.1 was recently made available by the author. In actuality, this post summarizes changes made to another Cameradar v3.0.0 too. What is Cameradar? Cameradar is an RTSPRead more about UPDATE: Cameradar v3.0.1
The post UPDATE: Cameradar v3.0.1 appeared first on PenTestIT.

Link: http://feedproxy.google.com/~r/PenTestIT/~3/wD4GgNsObMI/

identYwaf: A Tool to Help You Identify Web Application Firewalls

PenTestIT RSS Feed
I have been a fan of sqlmap for long and when the author released identYwaf recently, I wanted to try it out. Infact, all his other tools are awesome sauce too! Back to this post for now about this WAF identification tool. What is identYwaf? identYwaf is an open source, blind web application firewall identificationRead more about identYwaf: A Tool to Help You Identify Web Application Firewalls
The post identYwaf: A Tool to Help You Identify Web Application Firewalls appeared first on PenTestIT.

Link: http://pentestit.com/identywaf-identify-web-application-firewalls/

UPDATE: XSStrike 3.1.2

PenTestIT RSS Feed
My initial post about this advanced XSS detection and exploitation suite was almost an year ago! Three days ago, an update – XSStrike 3.1.2 was released. This is a post that documents these changes. What is XSStrike? XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator,Read more about UPDATE: XSStrike 3.1.2
The post UPDATE: XSStrike 3.1.2 appeared first on PenTestIT.

Link: http://feedproxy.google.com/~r/PenTestIT/~3/4uut-cPS5tM/

R3Con1Z3R – A Lightweight Web Information Gathering Tool With An Intuitive Features (OSINT)

R3con1z3r is a lightweight Web information gathering tool with an intuitive features written in python. it provides a powerful environment in which open source intelligence (OSINT) web-based footprinting can be conducted quickly and thoroughly.Footprinting is the first phase of ethical hacking, its the collection of every possible information regarding the target. R3con1z3r is a passive reconnaissance tool with built-in functionalities which includes: HTTP header flag, Traceroute, Whois Footprinting, DNS information, Site on same server, Nmap port scanner, Reverse Target and hyperlinks on a webpage. The tool, after being provided with necessary inputs generates an output in HTML format.ScreenshotsInstallationr3con1z3r supports Python 2 and Python 3.$ git clone https://github.com/abdulgaphy/r3con1z3r.git$ cd r3con1z3r$ pip install -r requirements.txtOptional for Linux users$ sudo chmod +x r3con1z3r.pyModuldesr3con1z3r depends only on the sys and the requests python modules.Python 3: $ pip3 install -r requirements.txtFor Coloring on Windows: pip install win_unicode_console coloramaUsagepython3 r3con1z3r.py [domain.com]ExamplesTo run on all Operating Systems (Linux, Windows, Mac OS X, Android e.t.c) i.e Python 2 environmentpython r3con1z3r.py google.comTo run on python3 environment:python3 r3con1z3r.py facebook.comTo run as executable Unix only./r3con1z3r.py google.comDownload R3Con1Z3R

Link: http://feedproxy.google.com/~r/PentestTools/~3/xpd1vC23W3c/r3con1z3r-lightweight-web-information.html

UPDATE: Infection Monkey 1.6.1

PenTestIT RSS Feed
I’m sure you must have read my previous post title the List of Adversary Emulation Tools. In that post, I briefly mentioned about the Guardicore Infection Monkey. Good news now is that it has been updated! We now have Infection Monkey 1.6.1. An important change about this version is that this is an AWS onlyRead more about UPDATE: Infection Monkey 1.6.1
The post UPDATE: Infection Monkey 1.6.1 appeared first on PenTestIT.

Link: http://pentestit.com/update-infection-monkey-1-6-1/

TOOL UPDATE: Cameradar v2.1.0

PenTestIT RSS Feed
My initial post covering this open source Real Time Streaming Protocol (RTSP) surveillance camera access multi-tool was about an older version – Cameradar v2.0.0. A lot has happened since then and an update – Cameradar v2.1.0 was made available by the author. This version comes with an increased test coverage. What is Cameradar? Cameradar is an RTSP streamRead more about TOOL UPDATE: Cameradar v2.1.0
The post TOOL UPDATE: Cameradar v2.1.0 appeared first on PenTestIT.

Link: http://feedproxy.google.com/~r/PenTestIT/~3/51PNPQT0QRQ/

Instagram, Kraken, GitMiner – Application Security Weekly #40

Instagram leaks passwords to the public, Clickjacking on Google MyAccount Worth $7,500, James Wickett’s thread on Open Source SAST options, an advanced search tool for sensitive information stored in GitHub repos, and more! News Bugs, Breaches, and More! 1.) Instagram leaks passwords to the Public 2.) Apple Warned about iPhone X Hack that Stole “Deleted” photo” 3.) Clickjacking […]
The post Instagram, Kraken, GitMiner – Application Security Weekly #40 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/2JGtW94mAuE/

Robber – Robber Is Open Source Tool For Finding Executables Prone To DLL Hijacking

Robber is a free open source tool developed using Delphi XE2 without any 3rd party dependencies.What is DLL hijacking ?!Windows has a search path for DLLs in its underlying architecture. If you can figure out what DLLs an executable requests without an absolute path (triggering this search process), you can then place your hostile DLL somewhere higher up the search path so it’ll be found before the real version is, and Windows will happilly feed your attack code to the application.So, let’s pretend Windows’s DLL search path looks something like this:A) . <-- current working directory of the executable, highest priority, first checkB) \WindowsC) \Windows\system32D) \Windows\syswow64 <-- lowest priority, last checkand some executable "Foo.exe" requests "bar.dll", which happens to live in the syswow64 (D) subdir. This gives you the opportunity to place your malicious version in A), B) or C) and it will be loaded into executable.As stated before, even an absolute full path can't protect against this, if you can replace the DLL with your own version.Microsoft Windows protect system pathes like System32 using Windows File Protection mechanism but the best way to protect executable from DLL hijacking in entrprise solutions is :Use absolute path instead of relative pathIf you have personal sign, sign your DLL files and check the sign in your application before load DLL into memory. otherwise check the hash of DLL file with original DLL hash)And of course, this isn't really limited to Windows either. Any OS which allows for dynamic linking of external libraries is theoretically vulnerable to this.Robber use simple mechanism to figure out DLLs that prone to hijacking :Scan import table of executable and find out DLLs that linked to executableSearch for DLL files placed inside executable that match with linked DLL (as i said before current working directory of the executable has highest priority)If any DLL found, scan the export table of themeCompare import table of executable with export table of DLL and if any matching was found, the executable and matched common functions flag as DLL hijack candidate.Feauters :Ability to select scan type (signed/unsigned applications)Determine executable signerDetermine wich referenced DLLs candidate for hijackingDetermine exported method names of candidate DLLsConfigure rules to determine which hijacks is best or good choice for use and show theme in different colorsFind out latest Robber executable hereDownload Robber

Link: http://feedproxy.google.com/~r/PentestTools/~3/-3o2PCxEGpE/robber-robber-is-open-source-tool-for.html