CMS Scanner – Scan WordPress, Drupal, Joomla, vBulletin Websites For Security Issues

Scan WordPress, Drupal, Joomla, vBulletin websites for Security issues.CMSScan provides a centralized Security Dashboard for CMS Security scans. It is powered by wpscan, droopescan, vbscan and joomscan. It supports both on demand and scheduled scans and has the ability to sent email reports.Install# Requires ruby, ruby-dev, gem, python3 and gitgit clone https://github.com/ajinabraham/CMSScan.gitcd CMSScan./setup.shRun./run.shPeriodic ScansYou can perform periodic CMS scans with CMSScan. You must run CMSScan server separately and configure the following before running the scheduler.py script.# SMTP SETTINGSSMTP_SERVER = ”FROM_EMAIL = ”TO_EMAIL = ”# SERVER SETTINGSSERVER = ”# SCAN SITESWORDPRESS_SITES = []DRUPAL_SITES = []JOOMLA_SITES = []VBULLETIN_SITES = []Add a cronjobcrontab -e@weekly /usr/bin/python3 scheduler.pyDockerLocaldocker build -t cmsscan .docker run -it -p 7070:7070 cmsscanPrebuilt Imagedocker pull opensecurity/cmsscandocker run -it -p 7070:7070 opensecurity/cmsscanScreenshotsDownload CMSScan

Link: http://feedproxy.google.com/~r/PentestTools/~3/w0AREgkhNJQ/cms-scanner-scan-wordpress-drupal.html

Manticore – Symbolic Execution Tool For Analysis Of Binaries And Smart Contracts

Manticore is a symbolic execution tool for analysis of binaries and smart contracts.Note: Beginning with version 0.2.0, Python 3.6+ is required.FeaturesInput Generation: Manticore automatically generates inputs that trigger unique code pathsCrash Discovery: Manticore discovers inputs that crash programs via memory safety violationsExecution Tracing: Manticore records an instruction-level trace of execution for each generated inputProgrammatic Interface: Manticore exposes programmatic access to its analysis engine via a Python APIManticore can analyze the following types of programs:Ethereum smart contracts (EVM bytecode)Linux ELF binaries (x86, x86_64 and ARMv7)UsageCLIManticore has a command line interface which can be used to easily symbolically execute a supported program or smart contract. Analysis results will be placed into a new directory beginning with mcore_.Use the CLI to explore possible states in Ethereum smart contracts. Manticore includes detectors that flag potentially vulnerable code in discovered states. Solidity smart contracts must have a .sol extension for analysis by Manticore. See a demo.$ manticore ./path/to/contract.sol # runs, and creates a mcore_* directory with analysis results$ manticore –detect-reentrancy ./path/to/contract.sol # Above, but with reentrancy detection enabled$ manticore –detect-all ./path/to/contract.sol # Above, but with all detectors enabledThe command line can also be used to simply explore a Linux binary:$ manticore ./path/to/binary # runs, and creates a mcore_* directory with analysis results$ manticore ./path/to/binary ab cd # use concrete strings “ab", "cd" as program arguments$ manticore ./path/to/binary ++ ++ # use two symbolic strings of length two as program argumentsAPIManticore has a Python programming interface which can be used to implement custom analyses.For Ethereum smart contracts, it can be used for detailed verification of arbitrary contract properties. Set starting conditions, execute symbolic transactions, then review discovered states to ensure invariants for your contract hold.from manticore.ethereum import ManticoreEVMcontract_src="""contract Adder { function incremented(uint value) public returns (uint){ if (value == 1) revert(); return value + 1; }}"""m = ManticoreEVM()user_account = m.create_account(balance=1000)contract_account = m.solidity_create_contract(contract_src, owner=user_account, balance=0)value = m.make_symbolic_value()contract_account.incremented(value)for state in m.running_states: print("can value be 1? {}".format(state.can_be_true(value == 1))) print("can value be 200? {}".format(state.can_be_true(value == 200)))It is also possible to use the API to create custom analysis tools for Linux binaries.# example Manticore scriptfrom manticore import Manticorehook_pc = 0x400ca0m = Manticore(‘./path/to/binary’)@m.hook(hook_pc)def hook(state): cpu = state.cpu print(‘eax’, cpu.EAX) print(cpu.read_int(cpu.ESP)) m.terminate() # tell Manticore to stopm.run()RequirementsManticore is supported on Linux and requires Python 3.6+.Ubuntu 18.04 is strongly recommended.Ethereum smart contract analysis requires the solc program in your $PATH.QuickstartInstall and try Manticore in a few shell commands:# Install system dependenciessudo apt-get update && sudo apt-get install python3 python3-pip -y# Install Manticore and its dependenciessudo pip3 install manticore# Download the examplesgit clone https://github.com/trailofbits/manticore.git && cd manticore/examples/linux# Build the examplesmake# Use the Manticore CLImanticore basiccat mcore_*/*0.stdin | ./basiccat mcore_*/*1.stdin | ./basic# Use the Manticore APIcd ../scriptpython3 count_instructions.py ../linux/helloworldYou can also use Docker to quickly install and try Manticore:# Download the Manticore imagedocker pull trailofbits/manticore# Download the examplesgit clone https://github.com/trailofbits/manticore.git && cd manticore# Run container with a shared examples/ directorydocker run -it -v $PWD/examples:/home/manticore/examples trailofbits/manticore# Change to examples directorymanticore@80d441275ebf$ cd examples/linux# Build the examplesmanticore@80d441275ebf$ make# Use the Manticore CLImanticore@80d441275ebf$ manticore basicmanticore@80d441275ebf$ cat mcore_*/*0.stdin | ./basicmanticore@80d441275ebf$ cat mcore_*/*1.stdin | ./basic# Use the Manticore APImanticore@80d441275ebf$ cd ../scriptmanticore@80d441275ebf$ python3 count_instructions.py ../linux/helloworldInstallationOption 1: Perform a user install (requires ~/.local/bin in your PATH).echo "PATH=\$PATH:~/.local/bin" >> ~/.profilesource ~/.profilepip3 install –user manticoreOption 2: Use a virtual environment (requires virtualenvwrapper or similar).sudo pip3 install virtualenvwrapperecho "source /usr/local/bin/virtualenvwrapper.sh" >> ~/.profilesource ~/.profilemkvirtualenv manticoresudo ./manticore/bin/pip3 install manticoreOption 3: Perform a system install.sudo pip3 install manticoreOption 4: Install via Docker.docker pull trailofbits/manticoreOnce installed, the manticore CLI tool and Python API will be available.For installing a development version of Manticore, see our wiki.Getting HelpFeel free to stop by our Slack channel for help on using or extending Manticore.Documentation is available in several places:The wiki contains some basic information about getting started with Manticore and contributing The examples directory has some very minimal examples that showcase API features The API reference has more thorough and in-depth documentation on our API The manticore-examples repository has some more involved examples, for instance solving real CTF problemsDownload Manticore

Link: http://feedproxy.google.com/~r/PentestTools/~3/FovbKrcdSvA/manticore-symbolic-execution-tool-for.html

Dirhunt v0.6.0 – Find Web Directories Without Bruteforce

DEVELOPMENT BRANCH: The current branch is a development version. Go to the stable release by clicking on the master branch.Dirhunt is a web crawler optimize for search and analyze directories. This tool can find interesting things if the server has the “index of" mode enabled. Dirhunt is also useful if the directory listing is not enabled. It detects directories with false 404 errors, directories where an empty index file has been created to hide things and much more.$ dirhunt http://website.com/Dirhunt does not use brute force. But neither is it just a crawler. This tool is faster than others because it minimizes requests to the server. Generally, this tool takes between 5-30 seconds, depending on the website and the server.Read more about how to use Dirhunt in the documentation. FeaturesProcess one or multiple sites at a time.Process ‘Index Of’ pages and report interesting files.Detect redirectors.Detect blank index file created on directory to hide things.Process some html files in search of new directories.404 error pages and detect fake 404 errors.Filter results by flags.Analyze results at end. It also processes date & size of the Index Pages (NEW!)Get new directories using robots.txt, VirusTotal & Google (NEW!)Delay between requestsOne or multiple proxies option. It can also search for free proxies (NEW!) InstallIf you have Pip installed on your system, you can use it to install the latest Dirhunt stable version:$ sudo pip3 install dirhuntPython 2.7 & 3.4-3.7 are supported but Python 3.x is recommended. Use pip2 on install for Python2.There are other installation methods available.Download Dirhunt v0.6.0

Link: http://feedproxy.google.com/~r/PentestTools/~3/4jFGrJ8Br3E/dirhunt-v060-find-web-directories.html

10 Websites for Sending Anonymous Emails

There are plenty of free email services which let us create a free email account and send/receive emails. But for fun or for some personal work, we need anonymous email services. Anonymous email services help users send and receive emails without revealing their real identity. There are many websites available which offers anonymous email services. Before […]
The post 10 Websites for Sending Anonymous Emails appeared first on UseThisTip.

Link: http://feedproxy.google.com/~r/blogspot/csAFg/~3/tSs17ZBZj5g/websites-for-sending-anonymous-emails.html

Invisi-Shell – Hide Your Powershell Script In Plain Sight (Bypass All Powershell Security Features)

Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features (ScriptBlock logging, Module logging, Transcription, AMSI) by hooking .Net assemblies. The hook is performed via CLR Profiler API.Work In ProgressThis is still a preliminary version intended as a POC. The code works only on x64 processes and tested against Powershell V5.1.UsageCopy the compiled InvisiShellProfiler.dll from /x64/Release/ folder with the two batch files from the root directory (RunWithPathAsAdmin.bat & RunWithRegistryNonAdmin.bat) to the same folder.Run either of the batch files (depends if you have local admin privelledges or not)Powershell console will run. Exit the powershell using the exit command (DON’T CLOSE THE WINDOW) to allow the batch file to perform proper cleanup.CompilationProject was created with Visual Studio 2013. You should install Windows Platform SDK to compile it properly.Detailed DescriptionMore info can be found on the DerbyCon presentation by Omer Yair (October, 2018).CreditsCorProfiler by .NET FoundationEyal Ne’emanyGuy FrancoEphraim NeubergerYossi SassiOmer YairDownload Invisi-Shell

Link: http://www.kitploit.com/2018/11/invisi-shell-hide-your-powershell.html

Scannerl – The Modular Distributed Fingerprinting Engine

Scannerl is a modular distributed fingerprinting engine implemented by Kudelski Security. Scannerl can fingerprint thousands of targets on a single host, but can just as easily be distributed across multiple hosts. Scannerl is to fingerprinting what zmap is to port scanning.Scannerl works on Debian/Ubuntu/Arch (but will probably work on other distributions as well). It uses a master/slave architecture where the master node will distribute the work (host(s) to fingerprint) to its slaves (local or remote). The entire deployment is transparent to the user.Why use ScannerlWhen using conventional fingerprinting tools for large-scale analysis, security researchers will often hit two limitations: first, these tools are typically built for scanning comparatively few hosts at a time and are inappropriate for large ranges of IP addresses. Second, if large range of IP addresses protected by IPS devices are being fingerprinted, the probability of being blacklisted is higher what could lead to an incomplete set of information. Scannerl is designed to circumvent these limitations, not only by providing the ability to fingerprint multiple hosts simultaneously, but also by distributing the load across an arbitrary number of hosts. Scannerl also makes the distribution of these tasks completely transparent, which makes setup and maintenance of large-scale fingerprinting projects trivial; this allows to focus on the analyses rather than the herculean task of managing and distributing fingerprinting processes by hand. In addition to the speed factor, scannerl has been designed to allow to easily set up specific fingerprinting analyses in a few lines of code. Not only is the creation of a fingerprinting cluster easy to set up, but it can be tweaked by adding fine-tuned scans to your fingerprinting campaigns.It is the fastest tool to perform large scale fingerprinting campaigns.For more:Fingerprint all the things with scannerl at BlackAlpsFingerprinting MySQL with scannerlFingerprint ICS/Scada with scannerlDistributed fingerprinting with scannerl6 months of ICS scanningInstallationSee the different installation options under wiki installation pageTo install from source, first install Erlang (at least v.18) by choosing the right packaging for your platform: Erlang downloadsInstall the required packages:# on debian$ sudo apt install erlang erlang-src rebar# on arch$ sudo pacman -S erlang-nox rebarThen build scannerl:$ git clone https://github.com/kudelskisecurity/scannerl.git$ cd scannerl$ ./build.shGet the usage by running$ ./scannerl -hScannerl is available on aur for arch linux usersscannerlscannerl-gitDEBs (Ubuntu, Debian) are available in the releases.RPMs (Opensuse, Centos, Redhat) are available under https://build.opensuse.org/package/show/home:chapeaurouge/scannerl.Distributed setupTwo types of nodes are needed to perform a distributed scan:Master node: this is where scannerl’s binary is runSlave node(s): this is where scannerl will connect to distribute all its workThe master node needs to have scannerl installed and compiled while the slave node(s) only needs Erlang to be installed. The entire setup is transparent and done automatically by the master node.Requirements for a distributed scan:All hosts have the same version of Erlang installedAll hosts are able to connect to each other using SSH public keyAll hosts’ names resolve (use /etc/hosts if no proper DNS is setup)All hosts have the same Erlang security cookieAll hosts must allow connection to Erlang EPMD port (TCP/4369)All hosts have the following range of ports opened: TCP/11100 to TCP/11100 + number-of-slavesUsage$ ./scannerl -h ____ ____ _ _ _ _ _ _____ ____ _ / ___| / ___| / \ | \ | | \ | | ____| _ \| | \___ \| | / _ \ | \| | \| | _| | |_) | | ___) | |___ / ___ \| |\ | |\ | |___| _ <| |___ |____/ \____/_/ \_\_| \_|_| \_|_____|_| \_\_____|USAGE scannerl MODULE TARGETS [NODES] [OPTIONS] MODULE: -m <mod> –module <mod> mod: the fingerprinting module to use. arguments are separated with a colon. TARGETS: -f <target> –target <target> target: a list of target separated by a comma. -F <path> –target-file <path> path: the path of the file containing one target per line. -d <domain> –domain <domain> domain: a list of domains separated by a comma. -D <path> –domain-file <path> path: the path of the file containing one domain per line. NODES: -s <node> –slave <node> node: a list of node (hostnames not IPs) separated by a comma. -S <path> –slave-file <path> path: the path of the file containing one node per line. a node can also be supplied with a multiplier (<node>*<nb>). OPTIONS: -o <mod> –output <mod> comma separated list of output module(s) to use. -p <port> –port <port> the port to fingerprint. -t <sec> –timeout <sec> the fingerprinting process timeout. -T <sec> –stimeout <sec> slave connection timeout (default: 10). -j <nb> –max-pkt <nb> max pkt to receive (int or “infinity"). -r <nb> –retry <nb> retry counter (default: 0). -c <cidr> –prefix <cidr> sub-divide range with prefix > cidr (default: 24). -M <port> –message <port> port to listen for message (default: 57005). -P <nb> –process <nb> max simultaneous process per node (default: 28232). -Q <nb> –queue <nb> max nb unprocessed results in queue (default: infinity). -C <path> –config <path> read arguments from file, one per line. -O <mode> –outmode <mode> 0: on Master, 1: on slave, >1: on broker (default: 0). -v <val> –verbose <val> be verbose (0 <= int <= 255). -K <opt> –socket <opt> comma separated socket option (key[:value]). -l –list-modules list available fp/out modules. -V –list-debug list available debug options. -A –print-args Output the args record. -X –priv-ports use only source port between 1 and 1024. -N –nosafe keep going even if some slaves fail to start. -w –www DNS will try for www.<domain>. -b –progress show progress. -x –dryrun dry run.See the wiki for more.Standalone usageScannerl can be used on the local host without any other host. However, it will still create a slave node on the same host it is run from. Therefore, the requirements described in Distributed setup must also be met.A quick way to do this is to make sure your host is able to resolve itself withgrep -q "127.0.1.1\s*`hostname`" /etc/hosts || echo "127.0.1.1 `hostname`" | sudo tee -a /etc/hostsand create an SSH key (if not yet present) and add it to the authorized_keys (you need an SSH server running):cat $HOME/.ssh/id_rsa.pub >> $HOME/.ssh/authorized_keysThe following example runs an HTTP banner grabing on google.com from localhost./scannerl -m httpbg -d google.comDistributed usageIn order to perform a distributed scan, one need to pre-setup the hosts that will be used by scannerl to distribute the work. See Distributed setup for more information.Scannerl expects a list of slaves to use (provided by the -s or -S switches)../scannerl -m httpbg -d google.com -s host1,host2,host3List available modulesScannerl will list the available modules (output modules as well as fingerprinting modules) with the -l switch:$ ./scannerl -lFingerprinting modules available================================bacnet UDP/47808: Bacnet identificationchargen UDP/19: Chargen amplification factor identificationfox TCP/1911: FOX identificationhttpbg TCP/80: HTTP Server header identification – Arg1: [true|false] follow redirection [Default:false]httpsbg SSL/443: HTTPS Server header identificationhttps_certif SSL/443: HTTPS certificate graberimap_certif TCP/143: IMAP STARTTLS certificate grabermodbus TCP/502: Modbus identificationmqtt TCP/1883: MQTT identificationmqtts TCP/8883: MQTT over SSL identificationmysql_greeting TCP/3306: Mysql version identificationpop3_certif TCP/110: POP3 STARTTLS certificate grabersmtp_certif TCP/25: SMTP STARTTLS certificate graberssh_host_key TCP/22: SSH host key graberOutput modules available========================csv output to csv – Arg1: [true|false] save everything [Default:true]csvfile output to csv file – Arg1: [true|false] save everything [Default:false] – Arg2: File pathfile output to file – Arg1: File pathfile_ip output to stdout (only ip) – Arg1: File pathfile_mini output to file (only ip and result) – Arg1: File pathfile_resultonly output to file (only result) – Arg1: File pathstdout output to stdoutstdout_ip output to stdout (only IP)stdout_mini output to stdout (only ip and result)Modules argumentsArguments can be provided to modules with a colon. For example for the file output module:./scannerl -m httpbg -d google.com -o file:/tmp/resultResult formatThe result returned by scannerl to the output modules has the following form:{module, target, port, result}Wheremodule: the module used (Erlang atom)target: IP or hostname (string or IPv4 address)port: the port (integer)result: see belowThe result part is of the form:{{status, type},Value}Where {status, type} is one of the following tuples:{ok, result}: fingerprinting the target succeeded{error, up}: fingerprinting didn’t succeed but the target responded{error, unknown}: fingerprinting failedValue is the returned value – it is either an atom or a list of elementExtending ScannerlScannerl has been designed and implemented with modularity in mind. It is easy to add new modules to it:Fingerprinting module: to query a specific protocol or service. As an example, the fp_httpbg.erl module allows to retrieve the server entry in the HTTP response.Output module: to output to a specific database/filesystem or output the result in a specific format. For example, the out_file.erl and out_stdout.erl modules allow respectively to output to a file or to stdout (default behavior if not specified).To create new modules, simply follow the behavior (fp_module.erl for fingerprinting modules and out_behavior.erl for output module) and implement your modules.New modules can either be added at compile time or dynamically as an external file.See the wiki page for more.Download Scannerl

Link: http://feedproxy.google.com/~r/PentestTools/~3/rR7h1XIp-fk/scannerl-modular-distributed.html

Robber – Robber Is Open Source Tool For Finding Executables Prone To DLL Hijacking

Robber is a free open source tool developed using Delphi XE2 without any 3rd party dependencies.What is DLL hijacking ?!Windows has a search path for DLLs in its underlying architecture. If you can figure out what DLLs an executable requests without an absolute path (triggering this search process), you can then place your hostile DLL somewhere higher up the search path so it’ll be found before the real version is, and Windows will happilly feed your attack code to the application.So, let’s pretend Windows’s DLL search path looks something like this:A) . <-- current working directory of the executable, highest priority, first checkB) \WindowsC) \Windows\system32D) \Windows\syswow64 <-- lowest priority, last checkand some executable "Foo.exe" requests "bar.dll", which happens to live in the syswow64 (D) subdir. This gives you the opportunity to place your malicious version in A), B) or C) and it will be loaded into executable.As stated before, even an absolute full path can't protect against this, if you can replace the DLL with your own version.Microsoft Windows protect system pathes like System32 using Windows File Protection mechanism but the best way to protect executable from DLL hijacking in entrprise solutions is :Use absolute path instead of relative pathIf you have personal sign, sign your DLL files and check the sign in your application before load DLL into memory. otherwise check the hash of DLL file with original DLL hash)And of course, this isn't really limited to Windows either. Any OS which allows for dynamic linking of external libraries is theoretically vulnerable to this.Robber use simple mechanism to figure out DLLs that prone to hijacking :Scan import table of executable and find out DLLs that linked to executableSearch for DLL files placed inside executable that match with linked DLL (as i said before current working directory of the executable has highest priority)If any DLL found, scan the export table of themeCompare import table of executable with export table of DLL and if any matching was found, the executable and matched common functions flag as DLL hijack candidate.Feauters :Ability to select scan type (signed/unsigned applications)Determine executable signerDetermine wich referenced DLLs candidate for hijackingDetermine exported method names of candidate DLLsConfigure rules to determine which hijacks is best or good choice for use and show theme in different colorsFind out latest Robber executable hereDownload Robber

Link: http://feedproxy.google.com/~r/PentestTools/~3/-3o2PCxEGpE/robber-robber-is-open-source-tool-for.html

Container Security Part 3 – Kubernetes Cheat Sheet

During the first two articles of this series, we went from some initial research as a “Quick Dive into Containers, Kubernetes and Security” to a more detailed look at the first steps of actual implementation in “Container Security Part 2 – Benchmarks to the Rescue”. While that mostly covered Docker, my obvious next step was to tackle Kubernetes. This led to not only a much deeper dive but also to the inevitable glut of information. To make it easier for me, I created a cheat sheet of commands for use in Kubernetes. As my intention was always to share my findings, this ended up being a great companion piece to tag along with my talk at BSides Toronto 2018 titled “Kubernetes – Security you need to know about it”.
The bulk of this article is the Cheat Sheet itself. But before we get to it, let me give a little background and credit. This is a personal cheat sheet I have made while going through the Learn Kubernetes Basics tutorials, and specifically, “Using Minikube to Create a Cluster”. I used the interactive tutorial, and copied the commands to a cluster in my ESXI server. This cheat sheet does not go through setting up an environment that runs Kubernetes and Docker. This assumes Docker and Minikube are installed. For a non-interactive tutorial follow Hello Minikube.
And now on with the show…
The post Container Security Part 3 – Kubernetes Cheat Sheet appeared first on The Ethical Hacker Network.

Link: https://www.ethicalhacker.net/features/root/container-security-part-3-kubernetes-cheat-sheet/

Lynis 2.7.0 – Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration.Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.Supported operating systemsThe tool has almost no dependencies, therefore it runs on almost all Unix-based systems and versions, including:AIXFreeBSDHP-UXLinuxMac OSNetBSDOpenBSDSolarisand othersIt even runs on systems like the Raspberry Pi and several storage devices!Installation optionalLynis is light-weight and easy to use. Installation is optional: just copy it to a system, and use “./lynis audit system" to start the security scan. It is written in shell script and released as open source software (GPL). How it worksLynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initialization the program, up to the report.StepsDetermine operating systemSearch for available tools and utilitiesCheck for Lynis updateRun tests from enabled pluginsRun security tests per categoryReport status of security scanBesides the data displayed on the screen, all technical details about the scan are stored in a log file. Any findings (warnings, suggestions, data collection) are stored in a report file.Opportunistic ScanningLynis scanning is opportunistic: it uses what it can find.For example, if it sees you are running Apache, it will perform an initial round of Apache related tests. When during the Apache scan it also discovers an SSL/TLS configuration, it will perform additional auditing steps on that. While doing that, it then will collect discovered certificates so they can be scanned later as well.In-depth security scansBy performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit will be. In other words, Lynis will always perform scans which are customized to your system. No audit will be the same!Use casesSince Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:Security auditingCompliance testing (e.g. PCI, HIPAA, SOx)Vulnerability detection and scanningSystem hardeningResources used for testingMany other tools use the same data files for performing tests. Since Lynis is not limited to a few common Linux distributions, it uses tests from standards and many custom ones not found in any other tool.Best practicesCISNISTNSAOpenSCAP dataVendor guides and recommendations (e.g. Debian Gentoo, Red Hat)Lynis PluginsPlugins enable the tool to perform additional tests. They can be seen as an extension (or add-on) to Lynis, enhancing its functionality. One example is the compliance checking plugin, which performs specific tests only applicable to some standard.ChangelogUpgrade note## Lynis 2.7.0 (2018-10-26)### Added- MACF-6240 – Detection of TOMOYO binary- MACF-6242 – Status of TOMOYO framework- SSH-7406 – OpenSSH server version detection- TOOL-5160 – Check active OSSEC analysis daemon### Changed- Changed several warning labels on screen- AUTH-9308 – More generic sulogin for systemd rescue.service- OS detection now ignores quotes for getting the OS ID.Download Lynis 2.7.0

Link: http://feedproxy.google.com/~r/PentestTools/~3/1jxxIa_coK4/lynis-270-security-auditing-tool-for.html

Bashark – Bash Post Exploitation Toolkit

Bashark aids pentesters and security researchers during the post-exploitation phase of security audits.UsageTo launch Bashark on compromised host, simply source the bashark.sh script from terminal: $ source bashark.sh Then type help to see Bashark’s help menuFeaturesSingle Bash scriptLightweight and fastMulti-platform: Unix, OSX, Solaris etc.No external dependenciesImmune to heuristic and behavioural analysisBuilt-in aliases of often used shell commandsExtends system shell with post-exploitation oriented functionalitiesStealthy, with custom cleanup routine activated on exitEasily extensible (add new commands by creating Bash functions)Full tab completionDemoDownload Bashark

Link: http://feedproxy.google.com/~r/PentestTools/~3/a9pgzNppTC4/bashark-bash-post-exploitation-toolkit.html