Tag: Penetration Test

HackerTor

Faraday v3.7 – Collaborative Penetration Test and Vulnerability Management Platform

Here are the main new features and improvements in Faraday v3.7: Now, you can include images to explain vulnerability steps, add tables, codes, and we also support:TitleBold and italic typographyClick here to find out how to configure Markdown in Faraday: New vuln previewWith Faraday v3.7 you don’t have to click “edit” to view your vuln. Just click on it and you will see all the information you need. This improvement allows you to have an easy preview of all the vulns in the status report. Refine your searches for better automationWas included custom fields on Searcher, helping you find and act upon all the elements you need faster. With this new function, you can search vulns by different kinds of information relevant for you.Download Faraday v3.7

Link: http://feedproxy.google.com/~r/PentestTools/~3/oLcdNOwS8pg/faraday-v37-collaborative-penetration.html

HackerTor

Faraday v3.6 – Collaborative Penetration Test and Vulnerability Management Platform

Here are the main new features and improvements in Faraday v3.6:Welcome Service NowA new way to send vulnerabilities is available! We integrated Faraday with Service Now, giving you more options to work with.Burp plugin was totally revamped We have been working hard to make several changes to enhance your daily workflow:Burp plugin that uses the Faraday server API, so you don’t have to use the GTK clientThe plugin was rewritten in JavaWe added 2FA support to increase securityWe empowered Jira integration Can you imagine sending multiple vulns to Jira without filling the form out every time? With Faraday v3.6 now you can!With this integration, you don’t have to connect your Jira credentials every time you use it, just do it once and you’re ready to go. You also have the option to override default settings and switch projects or username.Jira is one of our most important integrations and we want to help you to get the most out of it.Learn more about your vulns to mitigate them better In this new version, we added more fields to enrich the Vulnerability Templates, hopefully improving an important part of your daily workflow. This new feature allows you to have all the data you need in one place.Added  fields’impact’,’easeofresolution’ ‘policyviolations’ Other plugins updated in this versionNetsparkersSQLMapDnsmapSSLyze Nessus GoohostDownload Faraday v3.6

Link: http://feedproxy.google.com/~r/PentestTools/~3/xuC5gpNVqec/faraday-v36-collaborative-penetration.html

HackerTor

Faraday v3.5 – Collaborative Penetration Test and Vulnerability Management Platform

Here’s the main new features and improvements in Faraday v3.5:New vulnerability formWe are happy to introduce our new vulnerability form which makes the creation and editing of vulnerabilities easier.  The new form brings you tabs to make it smaller and group different fields.Custom fieldsAdd your own custom fields to your vulnerabilities. We currently support str, int and list types. You can also use these fields in your Executive Reports.2nd-factor authenticationWe added the optional feature for 2nd-factor authentication. You can use any mobile application to use our 2nd-factor authentication.Download Faraday v3.5

Link: http://feedproxy.google.com/~r/PentestTools/~3/Fq1vFkcIIFI/faraday-v35-collaborative-penetration.html

HackerTor

Infoga – Email OSINT

Infoga is a tool gathering email accounts informations (ip,hostname,country,…) from different public source (search engines, pgp key servers and shodan) and check if emails was leaked using haveibeenpwned.com API. Is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company in the Internet. Installation$ git clone https://github.com/m4ll0k/Infoga.git infoga$ cd infoga$ python setup.py install$ python infoga.pyUsage$ python infoga.py –domain nsa.gov –source all –breach -v 2 –report ../nsa_gov.txt$ python infoga.py –info m4ll0k@protonmail.com –breach -v 3 –report ../m4ll0k.txtDownload Infoga

Link: http://feedproxy.google.com/~r/PentestTools/~3/qcMnDjIfkHQ/infoga-email-osint.html

HackerTor

Faraday v3.4 – Collaborative Penetration Test and Vulnerability Management Platform

Here’s the main new features and improvements in Faraday v3.4:Services can now be tagged. With this new feature, you can now easily identify important services, geolocate them and more.New search operators OR/NOTIn a previous release we added the AND operator, now with 3.4 you can also use OR and NOT operators in the Status Report search box.This will allow you to find vulnerabilities easily with filters like this one:(severity:critical or severity:high) or name:”MS18-172”Performance improvements for big workspacesWe have been working on optimization for our API Rest endpoints to support millions of vulnerabilities in each workspace.Here is the full change log for version 3.4In GTK, check active_workspace it’s not nullAdd fbruteforce services fpluginAttachments can be added to a vulnerability through the API.Catch gaierror error on lynis pluginAdd OR and NOT with parenthesis support on status report searchInfo API now is publicWeb UI now detects Appscan pluginImprove performance on the workspace using custom queryWorkspaces can be set as active/disable in the welcome page.Change Nmap plugin, response field in VulnWeb now goes to Data field.Update code to support latest SQLAlchemy versionFix `create_vuln` fplugin bug that incorrectly reported duplicated vulnsThe client can set a custom logo to FaradayCentered checkboxes in user list pageClient or pentester can’t activate/deactivate workspacesIn GTK, dialogs now check that user_info is not FalseAdd tags in Service object (Frontend and backend API)Limit of users only takes the active onesImprove error message when the license is not validDownload Faraday v3.4

Link: http://www.kitploit.com/2018/12/faraday-v34-collaborative-penetration.html

HackerTor

SpiderFoot – The Most Complete OSINT Collection And Reconnaissance Tool

SpiderFoot is an open source intelligence (OSINT) automation tool. Its goal is to automate the process of gathering intelligence about a given target, which may be an IP address, domain name, hostname, network subnet, ASN or person’s name.SpiderFoot can be used offensively, i.e. as part of a black-box penetration test to gather information about the target or defensively to identify what information your organisation is freely providing for attackers to use against you.What is SpiderFoot?SpiderFoot is a reconnaissance tool that automatically queries over 100 public data sources (OSINT) to gather intelligence on IP addresses, domain names, e-mail addresses, names and more. You simply specify the target you want to investigate, pick which modules to enable and then SpiderFoot will collect data to build up an understanding of all the entities and how they relate to each other.What is OSINT?OSINT (Open Source Intelligence) is data available in the public domain which might reveal interesting information about your target. This includes DNS, Whois, Web pages, passive DNS, spam blacklists, file meta data, threat intelligence lists as well as services like SHODAN, HaveIBeenPwned? and more. See the full list of data sources SpiderFoot utilises.What can I do with SpiderFoot?The data returned from a SpiderFoot scan will reveal a lot of information about your target, providing insight into possible data leaks, vulnerabilities or other sensitive information that can be leveraged during a penetration test, red team exercise or for threat intelligence. Try it out against your own network to see what you might have exposed!Read more at the project website: http://www.spiderfoot.netDownload Spiderfoot

Link: http://www.kitploit.com/2018/12/spiderfoot-most-complete-osint.html

HackerTor

Faraday v3.3 – Collaborative Penetration Test and Vulnerability Management Platform

Here’s the main new features and improvements in Faraday v3.3:Workspace archiveYou are now able to make the whole workspace read only and archive it for future use. This allows to clear the clutter from all your ongoing projects while giving you the opportunity to continue with your work later on if needed.Host tagsHosts can now be tagged. With this new feature you can now easily identify production, testing or development hosts.Zap pluginDo you like using Faraday with Burp? What about sending issues from Burp to Faraday? Now you can do the same with OWASP ZAP!In this release of Faraday we are including an addon for OWASP ZAP. Now you can send any alert or request found by ZAP into a Faraday Workspace. This is an extension to our collection of more than 70 plugins and integrations with security tools, to help you save time on your daily work.Add vendor name to hostWe added hosts vendor to host list. This feature will show you the vendor when the mac address is set.Download Faraday v3.3

Link: http://feedproxy.google.com/~r/PentestTools/~3/uMt3kqhpRgM/faraday-v33-collaborative-penetration.html

HackerTor

SniffAir – A Framework For Wireless Pentesting

SniffAir is an open-source wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly cross-examining and analyzing the traffic, looking for potential security flaws. Along with the prebuilt queries, SniffAir allows users to create custom queries for analyzing the wireless data stored in the backend SQL database. SniffAir is built on the concept of using these queries to extract data for wireless penetration test reports. The data can also be leveraged in setting up sophisticated wireless attacks included in SniffAir as modules.SniffAir is developed by @Tyl0us and @theDarracottInstallSniffAir was developed with Python version 2.7Tested and supported on Kali Linux, Debian and Ubuntu.To install run the setup.sh script$./setup.shUsage % * ., % % ( ,# (..# % /@@@@@&, *@@% &@, @@# /@@@@@@@@@ .@@@@@@@@@. ,/ # # (%%%* % (.(. .@@ &@@@@@@%. .@@& *&@ %@@@@. &@, @@% %@@,,,,,,, ,@@,,,,,,, .( % % %%# # % # ,@@ @@(,,,#@@@. %@% %@@(@@. &@, @@% %@@ ,@@ /* # /*, %.,, ,@@ @@* #@@ ,@@& %@@ ,@@* &@, @@% %@@ ,@@ .# //#(, (, ,@@ @@* &@% .@@@@@. %@@ .@@( &@, @@% %@@%%%%%%* ,@@%%%%%%# (# ##. ,@@ @@&%%%@@@% *@@@@ %@@ .@@/ &@, @@% %@@,,,,,, ,@@,,,,,,. %#####% ,@@ @@(,,%@@% @@% %@@ @@( &@, @@% %@@ ,@@ % (*/ # ,@@ @@* @@@ %@% %@@ @@&&@, @@% %@@ ,@@ % # .# .# ,@@ @@* @@% .@@&/,,#@@@ %@@ &@@@, @@% %@@ ,@@ /(* /(# ,@@ @@* @@# *%@@@&* *%# ,%# #%/ *%# %% #############. .%# #%. .%% (@Tyl0us & @theDarracott) >> [default]# helpCommands========workspace Manages workspaces (create, list, load, delete)live_capture Initiates a valid wireless interface to collect wireless pakcets to be parsed (requires the interface name)offline_capture Begins parsing wireless packets using a pcap file-kismet .pcapdump work best (requires the full path)offline_capture_list Begins parsing wireless packets using a list of pcap file-kismet .pcapdump work best (requires the full path)query Executes a query on the contents of the acitve workspacehelp Displays this help menuclear Clears the screenshow Shows the contents of a table, specific information across all tables or the available modulesinscope Add ESSID to scope. inscope [ESSID]SSID_Info Displays all information (i.e all BSSID, Channels and Encrpytion) related to the inscope SSIDSuse Use a SniffAir moduleinfo Displays all variable information regarding the selected moduleset Sets a variable in moduleexploit Runs the loaded modulerun Runs the loaded moduleexit Exit SniffAir >> [default]# BeginFirst create or load a new or existing workspace using the command workspace create or workspace load <workspace> command. To view all existing workspaces use the workspace list command and workspace delete <workspace> command to delete the desired workspace: >> [default]# workspace Manages workspaces Command Option: workspaces [create|list|load|delete]>> [default]# workspace create demo[+] Workspace demo createdLoad data into a desired workplace from a pcap file using the command offline_capture <the full path to the pcap file>. To load a series of pcap files use the command offline_capture_list <the full path to the file containing the list of pcap name> (this file should contain the full patches to each pcap file). Use the live_capture <interface name> command to capture live wireless traffic using a wireless interface.>> [demo]# offline_capture /root/sniffair/demo.pcapdump[+] Importing /root/sniffair/demo.pcapdump\[+] Completed[+] Cleaning Up Duplicates[+] ESSIDs ObservedShow CommandThe show command displays the contents of a table, specific information across all tables or the available modules, using the following syntax: >> [demo]# show table AP+——+———–+——————-+——————————-+——–+——-+——-+———-+——–+| ID | ESSID | BSSID | VENDOR | CHAN | PWR | ENC | CIPHER | AUTH ||——+———–+——————-+——————————-+——–+——-+——-+———-+——–|| 1 | HoneyPot | c4:6e:1f:##:##:## | TP-LINK TECHNOLOGIES CO. LTD. | 4 | -17 | WPA2 | TKIP | MGT || 2 | Demo | 80:2a:a8:##:##:## | Ubiquiti Networks Inc. | 11 | -19 | WPA2 | CCMP | PSK || 3 | Demo5ghz | 82:2a:a8:##:##:## | Unknown | 36 | -27 | WPA2 | CCMP | PSK || 4 | HoneyPot1 | c4:6e:1f:##:##:## | TP-LINK TECHNOLOGIES CO. LTD. | 36 | -29 | WPA2 | TKIP | PSK || 5 | BELL456 | 44:e9:dd:##:##:## | Sagemcom Broadband SAS | 6 | -73 | WPA2 | CCMP | PSK |+——+———–+——————-+——————————-+——–+——-+——-+———-+——–+ >> [demo]# show SSIDS———HoneyPotDemoHoneyPot1BELL456HiddenDemo5ghz———The query command can be used to display a unique set of data based on the parememters specificed. The query command uses sql syntax.Inscopethe inscope <SSID> command can be used to add a SSID to the inscope tables, loading all related data to the inscope_AP, inscope_proberequests and inscope_proberesponses tables. To view a summary of all inscope SSIDS run the SSID_Info command.ModulesModules can be used to analyze the data contained in the workspaces or perform offensive wireless attacks using the use <module name> command. For some modules additional variables may need to be set. They can be set using the set command set <variable name> <variable value>: >> [demo]# show modulesAvailable Modules=================[+] Auto EAP – Automated Brute-Force Login Attack Against EAP Networks[+] Auto PSK – Automated Brute-Force Passphrase Attack Against PSK Networks[+] AP Hunter – Discover Access Point Within a Certain Range Using a Specific Type of Encrpytion[+] Captive Portal – Web Based Login Portal to Capture User Entered Credentials (Runs as an OPEN Network)[+] Certificate Generator – Generates a Certificate Used by Evil Twin Attacks[+] Exporter – Exports Data Stored in a Workspace to a CSV File[+] Evil Twin – Creates a Fake Access Point, Clients Connect to Divulging MSCHAP Hashes or Cleartext Passwords[+] Handshaker – Parses Database or .pcapdump Files Extracting the Pre-Shared Handshake for Password Guessing (Hashcat or JTR Format)[+] Mac Changer – Changes The Mac Address of an Interface[+] Probe Packet – Sends Out Deauth Packets Targeting SSID(s)[+] Proof Packet – Parses Database or .pcapdump Files Extracting all Packets Related to the Inscope SSDIS[+] Hidden SSID – Discovers the Names of HIDDEN SSIDS[+] Suspicious AP – Looks for Access Points that: Is On Different Channel, use a Different Vendor or Encrpytion Type Then the Rest of The Network[+] Wigle Search SSID – Queries wigle for SSID (i.e. Bob’s wifi)[+] Wigle Search MAC – Queries wigle for all observations of a single mac address >> [demo]# >> [demo]# use Captive Portal >> [demo][Captive Portal]# infoGlobally Set Varibles===================== Module: Captive Portal Interface: SSID: Channel: Template: Cisco (More to be added soon) >> [demo][Captive Portal]# set Interface wlan0 >> [demo][Captive Portal]# set SSID demo >> [demo][Captive Portal]# set Channel 1 >> [demo][Captive Portal]# infoGlobally Set Varibles===================== Module: Captive Portal Interface: wlan0 SSID: demo Channel: 1 Template: Cisco (More to be added soon) >> [demo][Captive Portal]# Once all varibles are set, then execute the exploit or run command to run the desired attack.ExportTo export all information stored in a workspace’s tables using the Exporter module and setting the desired path.AcknowledgmentsSniffiar contains work from the following repoisoties:hostapd-wpejmalinen/hostaplootbootyDownload SniffAir

Link: http://feedproxy.google.com/~r/PentestTools/~3/MbOna5CFG4s/sniffair-framework-for-wireless.html

HackerTor

Faraday v3.2 – Collaborative Penetration Test and Vulnerability Management Platform

Here is a list of all the goodies in Faraday v3.2:Workspace names- with numbers!With this new version, workspaces’ names are now allowed to start with numbers (before they could only start with letters).Search unconfirmed vulnsIn this version was added the filter to be able to show unconfirmed vulns as well:Multi column searchWas added support to the operator “AND” on the search field in the Status Report, this is one of the first logical operators that we support in Faraday. Is working to add the “OR” operator soon.Here is the full change log for version 3.2:Added logical operator AND to Status Report searchRestkit dependency removed.                      Improvement on manage.py change-passwordAdd feature to show only unconfirmed vulns.      Add ssl information to manage.py status-check    Update wpscan plugin to support latest version.                                                                  Allow workspace names to start with numbers.  Download Faraday v3.2

Link: http://feedproxy.google.com/~r/PentestTools/~3/SLnSlGtMSrg/faraday-v32-collaborative-penetration.html

HackerTor

NodeXP – Detection and Exploitation Tool for Node.js Services

NodeXP is an intergrated tool, written in Python 2.7, capable of detecting possible vulnerabilities on Node.js services as well as exploiting them in an automated way, based on S(erver)S(ide)J(avascript)I(njection) attack!Getting Started – Installation & UsageDownload NodeXP by cloning the Git repository:git clone https://github.com/esmog/nodexpTo get a list of all options run:python2.7 nodexp -hExamples for POST and GET cases accordingly:python2.7 nodexp.py –url=”http://nodegoat.herokuapp.com/contributions" –pdata="preTax=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA"python2.7 nodexp.py –url="http://nodegoat.herokuapp.com/contributions" –pdata="preTax=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA" –tech=blindpython2.7 nodexp.py –url="http://192.168.64.30/?name=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA"python2.7 nodexp.py –url="http://192.168.64.30/?name=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA" –tech=blindDisclaimerThe tool’s purpose is strictly academic and was developed in order to conduct my master’s thesis. It could also be helpful during the process of a penetration test on Node.js services. Any other malicious or illegal usage of the tool is strongly not recommended and is clearly not a part of the purpose of this research.PrerequisitesPython 2.7Metasploit FrameworkmsfvenomKali Linux (or any other Linux distro with Metasploit Framework installed)NodeXP TestbedsDownload and run the Node.js files for both GET and POST cases from hereVisit Nodegoat or install Nodegoat to your local machine!Built WithPython 2.7VersioningNodeXP – Version 1.0.0AuthorsDimitris Antonaropoulos – esmogDownload NodeXP

Link: http://feedproxy.google.com/~r/PentestTools/~3/OIgb6RZFu0o/nodexp-detection-and-exploitation-tool.html