RTA (Red Team Arsenal) – An Intelligent Scanner To Detect Security Vulnerabilities In Companies Layer 7 Assets

Red Team Arsenal is a web/network security scanner which has the capability to scan all company’s online facing assets and provide an holistic security view of any security anomalies. It’s a closely linked collections of security engines to conduct/simulate attacks and monitor public facing assets for anomalies and leaks.It’s an intelligent scanner detecting security anomalies in all layer 7 assets and gives a detailed report with integration support with nessus. As companies continue to expand their footprint on INTERNET via various acquisitions and geographical expansions, human driven security engineering is not scalable, hence, companies need feedback driven automated systems to stay put.InstallationSupported PlatformsRTA has been tested both on Ubuntu/Debian (apt-get based distros) and as well as Mac OS. It should ideally work with any linux based distributions with mongo and python installed (install required python libraries from install/py_dependencies manually).Prerequisites:There are a few packages which are necessary before proceeding with the installation:Git client: sudo apt-get install gitPython 2.7, which is installed by default in most systemsPython pip: sudo apt-get install python-pipMongoDB: Read the official installation guide to install it on your machine.Finally run python install/install.pyThere are also optional packages/tools you can install (highly recommended):Integrating Nessus:Integrating Nessus into Red Team Arsenal can be done is simple 3 steps:Download and install Nessus community edition (if you don’t have a paid edition). If you already have an installation (it can be remote installation as well), then go to step (2). Update the config file (present on the root directory of RTA) with Nessus URL, username and password. Create a nessus policy where you can configure the type of scans and plugins to run and name it RTA (Case sensitive – use full uppercase). Once the config file has the correct Nessus information (url, username, password), use the flag –nessus while running RTA to launch nessus scan over the entire subdomains gathered by RTA (one single scan initiated with all the subdomains gathered). Usage Short Form Long Form Description -u –url Domain URL to scan -v –verbose Enable the verbose mode and display results in realtime -n –nessus Launch a Nessus scan with all the subdomains -s –scraper Run scraper based on config keywords -h –help show the help message and exit Sample Outputa0xnirudh@exploitbox /RTA (master*) $ python rta.py –url “0daylabs.com" -v -s ____ _ _____ _ _ | _ \ ___ __| | |_ _|__ __ _ _ __ ___ / \ _ __ ___ ___ _ __ __ _| | | |_) / _ \/ _` | | |/ _ \/ _` | ‘_ ` _ \ / _ \ | ‘__/ __|/ _ \ ‘_ \ / _` | | | _ < __/ (_| | | | __/ (_| | | | | | | / ___ \| | \__ \ __/ | | | (_| | | |_| \_\___|\__,_| |_|\___|\__,_|_| |_| |_| /_/ \_\_| |___/\___|_| |_|\__,_|_|[i] Checking for Zonetransfer[i] Zone Transfer is not enabled[i] Checking for SPF records[+] SPF record lookups is good. Current value is: 9[-] Enumerating subdomains now for 0daylabs.com[-] Searching now in Baidu..[-] Searching now in Yahoo..[-] Searching now in Google..[-] Searching now in Bing..[-] Searching now in Ask..[-] Searching now in Netcraft..[-] Searching now in DNSdumpster..[-] Searching now in Virustotal..[-] Searching now in ThreatCrowd..[-] Searching now in SSL Certificates..[-] Searching now in PassiveDNS..[-] Total Unique Subdomains Found: 3blog.0daylabs.comwww.0daylabs.comtest.0daylabs.com[+] Verifying Subdomains and takeover options[+] Possible subdomain takeovers (Manual verification required): test.0daylabs.com[i] Verified and Analyzed Subdomains:[i] URL: blog.0daylabs.com[i] Wappalyzer: [u'jQuery', u'Varnish', u'Font Awesome', u'Twitter Bootstrap', u'Google Analytics', u'Google Font API', u'Disqus', u'Google AdSense'][i] Scraper Results[+] ShodanHostname: test.0daylabs.com IP: 139.59.63.111 Ports: 179Hostname: test.0daylabs.com IP: 139.59.63.111 Ports: 179[+] TwitterURL: https://twitter.com/tweetrpersonal9/status/832624003751694340 search string: 0daylabsURL: https://twitter.com/ratokeshi/status/823957535564644355 search string: 0daylabsNotificationsConfiguring Slack:RTA can also do push notifications to slack which includes the main scan highlight along with Nessus and other integrated scanner reports divided on the basis of severity.In your slack, create an incoming webhook and point it to the channel where you need the RTA to send the report. You can read more about creating incoming webhooks on slack documentation. In the config file, update the URL in the slack section with full URL (including https://) for the incoming webhook. Once slack is configured, you will automatically start getting reports on your configured slack channelRoadmapHere are couple of ideas which we have in mind to do going ahead with RTA. If you have any ideas/feature requests which is not listed below, feel free to raise an issue in github.Email the results once the scan is completed. Extend the current RTA API so that we can launch custom scans with required options via the API. Launch custom scans based on Wappalyzer results (eg: wpscan if wordpress is detected) Investigate and integrate more web security scanners including but not limited to Arachni, Wapiti, Skipfish and others ! JSON/XML output formatting for the RTA scan result. Improving the logic for Subdomain takeover. Multi threading support for faster scan comple. ContributorsAwesome people who built this project:Lead Developers:Anirudh Anand (@a0xnirudh)Project Contributors:Mohan KK (@MohanKallepalli)Ankur Bhargava (@_AnkurB)Prajal Kulkarni (@prajalkulkarni)Himanshu Kumar Das (@mehimansu)Special ThanksSublist3rDownload RTA

Link: http://feedproxy.google.com/~r/PentestTools/~3/MXF7YfYc5U8/rta-red-team-arsenal-intelligent.html

Envizon – Network Visualization Tool With Focus On Red / Blue Team Requirements

This tool is designed, developed and supported by evait security. In order to give something back to the security community, we publish our internally used and developed, state of the art network visualization and organization tool, ‘envizon’. We hope your feedback will help to improve and hone it even further.Core Features:Scan networks with predefined or custom nmap queriesOrder clients with preconfigured or custom groupsSearch through all attributes of clients and create complex linked queriesGet an overview of your targets during pentests with predefined security labelsSave and reuse your most used nmap scansCollaborate with your team on the project in realtimeExport selected clients in a text file to connect other tools fastHow to start?!To avoid compatibility and dependency issues, and to make it easy to set up, we use Docker. You can build your own images or use prebuilt ones from Docker Hub.Using DockerDocker and Docker Compose are required.git clone https://github.com/evait-security/envizoncd envizon# Create self-signed certificates:mkdir .sslopenssl req -x509 -sha256 -nodes -newkey rsa:2048 -days 365 -keyout .ssl/localhost.key -out .ssl/localhost.crt# If you want to use certificates located elsewhere, provide their pathes with SSL_CERT_PATH and SSL_KEY_PATH# Create a secret, if you have rails installed locally you can just use:rails secret# otherwise, use openssl:openssl rand -hex 64# this needs to be provided either as an environment variable (SECRET_KEY_BASE), or added in the docker-compose.ymlsudo docker-compose upDevelopmentIf, for whatever reason, you want to run the development environment in production, you should probably consider changing the secrets in config/secrets.yml, and maybe even manually activate SSL.git clone https://github.com/evait-security/envizoncd envizonsudo docker-compose -f docker-compose-development.yml upRunning tests:docker exec -it envizon_container_name_1 /bin/ash -c ‘rails test’Without DockerRequires a PostgreSQL server.Create a database envizon with a user envizon. Password and socket location can be modified in the docker-compose.yml. Your user needs SUPERUSER privileges; otherwise database import (and tests) won’t work, because of foreign key constraints: use ALTER USER user WITH SUPERUSER;.git clone https://github.com/evait-security/envizoncd envizonbundle install –path vendor/bundleYou need to create a secret and SSL certificates, as described above.Then, run it with:RAILS_ENV=productionexport RAILS_ENVSECRET_KEY_BASE=YOUR_SECRETexport SECRET_KEY_BASEbundle exec rails db:setupbundle exec rails db:migratebundle exec rails db:seedbundle exec rails assets:precompileRAILS_FORCE_SSL=true RAILS_SERVE_STATIC_FILES=true bundle exec rails sDevelopmentDatabases for development and testing are called envizon_test and envizon_development, with the same requirements as above. Different database names and credentials can be provided via environment variables or directly modified in config/database.ymlgit clone https://github.com/evait-security/envizoncd envizonbundle install –path vendor/bundleRAILS_ENV=developmentexport RAILS_ENVbundle exec rails db:setupbundle exec rails db:migratebundle exec rails db:seedbundle exec rails sTo run the tests:RAILS_ENV=test db:setupbundle exec rails testStart with prebuilt images and postgresql docker imageComing Soon™Set a passwordAfter starting the docker images go to: https://localhost:3000/ (or http://localhost:3000 if not using SSL)You have to specify a password for your envizon instance. You can change it in the settings interface after logging in.Scan interfaceThe scan interface is divided in two sections. On the left side you can run a new scan with preconfigured parameters or your own nmap fu. You also have the possibility to upload previously created nmap scans (with the -oX parameter).On the right side you will see your running and finished scans.GroupsThe group interface is the heart of envizon. You can select, group, order, quick search, global search, move, copy, delete and view your clients. The left side represents the group list. If you click on a group you will get a detailed view in the center of the page with the group content. Each client in a group has a link. By clicking on the IP address you will get a more detailed view on the right side with all attributes, labels, ports and nmap output.Most of the buttons and links have tooltips.Global SearchIn this section you can search for nearly anything in the database and combine each search parameter with ‘AND’, ‘OR’ & ‘NOT’.Perform simple queries for hostname, IP, open ports, etc. or create combined queries like: hostname contains ‘win’ AND mac address starts with ‘0E:5C’ OR has port 21 and 22 open.FAQAPI ?!Currently not. We will work on it. Maybe.Which browsers are supported?Latest Chrome / Chromium / Inox & Firefox / Waterfox.Why rails?!Wanted to learn ruby. It’s cool.Why so salty on github issue discussion?This is a community project. We are a full time pentesting company and will not go into / care about every open issue that doesn’t match our template or guidelines. If you get a rough answer or picture, you probably deserved it.What frameworks and tools were used?Ruby on Railsruby-nmap (https://github.com/sophsec/ruby-nmap)Materialize CSS (http://materializecss.com/)Fontawsome Icons (https://fontawesome.com/)Material Icons (https://material.io/icons/)Many, many helpful gemsHelp?You can get some information about the structure and usage on the official wiki.https://github.com/evait-security/envizon/wikiDownload Envizon

Link: http://feedproxy.google.com/~r/PentestTools/~3/U_4aFfRhUhY/envizon-network-visualization-tool-with.html