Msploitego – Pentesting Suite For Maltego Based On Data In A Metasploit Database

msploitego leverages the data gathered in a Metasploit database by enumerating and creating specific entities for services. Services like samba, smtp, snmp, http have transforms to enumerate even further. Entities can either be loaded from a Metasploit XML file or taken directly from the Postgres msf database.RequirementsPython 2.7Has only been tested on Kali Linuxsoftware installations:Metasploitnmapenum4linuxsmtp-checkniktoInstallationcheckout and update the transform path inside MaltegoIn Maltego import config from msploitego/src/msploitego/resources/maltego/msploitego.mtzGeneral UseUsing exported Metasploit xml filerun a db_nmap scan in metatasploit, or import a previous scanmsf> db_nmap -vvvv -T5 -A -sS -ST -Pnmsf> db_import /path/to/your/nmapfile.xmlexport the database to an xml filemsf> db_export -f xml /path/to/your/output.xmlIn Maltego drag a MetasploitDBXML entity onto the graph.Update the entity with the path to your metasploit database file.run the MetasploitDB transform to enumerate hosts.from there several transforms are available to enumerate services, vulnerabilities stored in the metasploit DBUsing Postgresdrag and drop a Postgresql DB entity onto the canvas, enter DB details.run the Postgresql transforms directly against a running DBNotesInstead of running a nikto scan directly from Maltego, I’ve opted to include a field to for a Nikto XML file. Nikto can take long time to run so best to manage that directly from the os.ScreenshotsTODO’sConnect directly to the postgres database – in progressMuch, much, much more tranforms for actions on generated entities.Download Msploitego

Link: http://feedproxy.google.com/~r/PentestTools/~3/NL3Bxk8kM2s/msploitego-pentesting-suite-for-maltego.html

DefectDojo – Application Vulnerability Correlation And Security Orchestration Application

DefectDojo is a security program and vulnerability management tool. DefectDojo allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect trackers. Consolidate your findings into one source of truth with DefectDojo.Quick Start$ git clone https://github.com/DefectDojo/django-DefectDojo$ cd django-DefectDojo$ ./setup.bash$ ./run_dojo.bashnavigate to 127.0.0.1:8000DemoIf you’d like to check out a demo of DefectDojo before installing it, you can check out our PythonAnywhere demo site.You can log in as an administrator like so:You can also log in as a product owner / non-staff user:Additional DocumentationFor additional documentation you can visit our Read the Docs site.Installation OptionsDebian, Ubuntu (16.04.2+) or RHEL-based Install ScriptDockerAnsibleGetting StartedWe recommend checking out the about document to learn the terminology of DefectDojo, and the getting started guide for setting up a new installation. We’ve also created some example workflows that should give you an idea of how to use DefectDojo for your own team.DefectDojo Client API’sDefectDojo Python API: pip install defectdojo_api or clone the repository.Download DefectDojo

Link: http://feedproxy.google.com/~r/PentestTools/~3/AoP3wQQn0Xs/defectdojo-application-vulnerability.html

BurpBounty – A Extension Of Burp Suite That Improve An Active And Passive Scanner

This extension allows you, in a quick and simple way, to improve the active and passive burpsuite scanner by means of personalized rules through a very intuitive graphical interface. Through an advanced search of patterns and an improvement of the payload to send, we can create our own issue profiles both in the active scanner and in the passive. This Extension Requires Burp Suite Pro.- Usage:1. Config sectionProfile Manager: you can manage the profiles, enable, disable o remove any of them.Select Profile: you can choose any profile, for modify it and save.Profiles reload: you can reload the profiles directory, for example, when you add new external profile to directory.Profile Directory: you choose the profiles directory path.2. PayloadsYou can add many payloads as you want. Each payload of this secction will be sent at each entry point (Insertion points provided by the burp api) You can choos multiple Enocders. For example, if you want encode the string alert(1), many times (in descendent order): Plain text: alert(1) HTML-encode all characters: alert(1) URL-encode all characters: %26%23%78%36%31%3b%26%23%78%36%63%3b%26%23%78%36%35%3b%26%23%78%37%32%3b%26%23%78%37%34%3b%26%23%78%32%38%3b%26%23%78%33%31%3b%26%23%78%32%39%3b Base64-encode: JTI2JTIzJTc4JTM2JTMxJTNiJTI2JTIzJTc4JTM2JTYzJTNiJTI2JTIzJTc4JTM2JTM1JTNiJTI2JTIzJTc4JTM3JTMyJTNiJTI2JTIzJTc4JTM3JTM0JTNiJTI2JTIzJTc4JTMyJTM4JTNiJTI2JTIzJTc4JTMzJTMxJTNiJTI2JTIzJTc4JTMyJTM5JTNi If you choose “URL-Encode these characters" option, you can put all characters that you want encode with URL. 3. Grep – MatchFor each payload response, each string, regex or payload (depending of you choose) will be searched with the specific Grep Options. Grep Type: Simple String: search for a simple string or stringsRegex: search for regular expressionPayload: search for payloads sendedPayload without encode: if you encode the payload, and you want find for original payload, you should choose thisGrep Options: Negative match: if you want find if string, regex or payload is not present in responseCase sensitive: Only match if case sensitiveNot in cookie: if you want find if any cookie attribute is not presentContent type: you can specify one or multiple (separated by comma) content type to search the string, regex or payload. For example: text/plain, text/html, …Response Code: you can specify one or multiple (separated by coma) HTTP response code to find string, regex or payload. For example. 300, 302, 400, …4. Write an IssueIn this section you can specify the issue that will be show if the condition match with the options specified.Issue NameSeverityConfidenceAnd others details like description, background, etc.- ExamplesSo, the vulnerabilities identified so far, from which you can make personalized improvements are:1- Active ScanXSS reflected and StoredSQL Injection error basedXXECommand injectionOpen RedirectLocal File InclusionRemote File InclusionPath TraversalLDAP InjectionORM InjectionXML InjectionSSI InjectionXPath Injectionetc2- Passive ScanSecurity HeadersCookies attributesSoftware versionsError stringsIn general any string or regular expression.For example videos please visit our youtube channel:YouTubeDownload BurpBounty

Link: http://feedproxy.google.com/~r/PentestTools/~3/xh6yhoQKxTg/burpbounty-extension-of-burp-suite-that.html

ReverseAPK – Quickly Analyze And Reverse Engineer Android Packages

Quickly analyze and reverse engineer Android applications.FEATURES:Displays all extracted files for easy referenceAutomatically decompile APK files to Java and Smali formatAnalyze AndroidManifest.xml for common vulnerabilities and behaviorStatic source code analysis for common vulnerabilities and behaviorDevice infoIntentsCommand executionSQLite referencesLogging referencesContent providersBroadcast recieversService referencesFile referencesCrypto referencesHardcoded secretsURL’sNetwork connectionsSSL referencesWebView referencesINSTALL:./installUSAGE:reverse-apk Download ReverseAPK

Link: http://feedproxy.google.com/~r/PentestTools/~3/OaqJjmxGl_w/reverseapk-quickly-analyze-and-reverse.html

Prowler – Distributed Network Vulnerability Scanner

Prowler is a Network Vulnerability Scanner implemented on a Raspberry Pi Cluster, first developed during Singapore Infosec Community Hackathon – HackSmith v1.0.CapabilitiesScan a network (a particular subnet or a list of IP addresses) for all IP addresses associated with active network devicesDetermine the type of devices using fingerprintingDetermine if there are any open ports on the deviceAssociate the ports with common servicesTest devices against a dictionary of factory default and common credentialsNotify users of security vulnerabilities through an dashboard. Dashboard tourPlanned CapabilitiesGreater variety of vulnerability assessment capabilities (webapp etc.)Select wordlist based on fingerprintHardwareRaspberry Pi Cluster HAT (with 4 * Pi Zero W)Raspberry Pi 3Networking deviceSoftware StackRaspbian Stretch (Controller Pi)Raspbian Stretch Lite (Worker Pi Zero)Note: For ease of setup, use the images provided by Cluster Hat! InstructionsPython 3 (not tested on Python 2)Python packages see requirements.txtAnsible for managing the cluster as a whole (/playbooks)Key Python Packages:dispy (website) is the star of the show. It allows allows us to create a job queue that will be processed by the worker nodes.python-libnmap is the python wrapper around nmap, an open source network scanner. It allows us to scan for open ports on devices.paramiko is a python wrapper around SSH. We use it to probe SSH on devices to test for common credentials.eel is used for the web dashboard (seperate repository, here)rabbitmq (website) is used to pass the results from the cluster to the eel server that is serving the dashboard page.Ansible PlaybooksFor the playbooks to work, ansible must be installed (sudo pip3 install ansible). Configure the IP addresses of the nodes at /etc/ansible/hosts. WARNING: Your mileage may vary as these were only tested on my setupshutdown.yml and reboot.yml self-explanatoryclone_repos.yml clone prowler and dispy repositories (required!) on the worker nodessetup_node.yml installs all required packages on the worker nodes. Does not clone the repositories!Deploying ProwlerClone the git repository: git clone https://github.com/tlkh/prowler.gitInstall dependencies by running sudo pip3 install -r requirements.txt on the controller PiRun ansible-playbook playbooks/setup_node.yml to install the required packages on worker nodes.Clone the prowler and dispy repositories to the worker nodes using ansible-playbook playbooks/clone_repos.ymlRun clusterhat on on the controller Pi to ensure that all Pi Zeros are powered up.Run python3 cluster.py on the controller Pi to start ProwlerTo edit the range of IP addresses being scanned, edit the following lines in cluster.py:test_range = [] for i in range(0, 1): for j in range(100, 200): test_range.append(“172.22." + str(i) + "." + str(j))Old DemosCluster Scan Demonstration Jupyter NotebookSingle Scan Demonstration Jupyter NotebookTry out the web dashboard hereUseful SnippetsTo run ssh command on multiple devices, install pssh and pssh -h pssh-hosts -l username -A -i "command"To create the cluster (in compute.py): cluster = dispy.JobCluster(compute, nodes=’pi0_ip’, ip_addr=’pi3_ip’)Check connectivity: ansible all -m ping or ping p1.local -c 1 && ping p2.local -c 1 && ping p3.local -c 1 && ping p4.local -c 1Temperature Check: /opt/vc/bin/vcgencmd measure_temp && pssh -h workers -l pi -A -i "/opt/vc/bin/vcgencmd measure_temp" | grep temprpimonitor (how to install):Download Prowler

Link: http://feedproxy.google.com/~r/PentestTools/~3/qOTSZ3YjvmY/prowler-distributed-network.html

GyoiThon – A Growing Penetration Test Tool Using Machine Learning

GyoiThon is a growing penetration test tool using Machine Learning.GyoiThon identifies the software installed on web server (OS, Middleware, Framework, CMS, etc…) based on the learning data. After that, it executes valid exploits for the identified software using Metasploit. Finally, it generates reports of scan results. GyoiThon executes the above processing automatically.Processing steps GyoiThon executes the above “Step1" – "Step4" fully automatically.User’s only operation is to input the top URL of the target web server in GyoiThon.It is very easy!You can identify vulnerabilities of the web servers without taking time and effort.Processing flowStep 1. Gather HTTP responses.GyoiThon gathers several HTTP responses of target website while crawling.The following are example of HTTP responses gathered by GyoiThon.Example.1HTTP/1.1 200 OKDate: Tue, 06 Mar 2018 03:01:57 GMTConnection: closeContent-Type: text/html; charset=UTF-8Etag: "409ed-183-53c5f732641c0"Content-Length: 15271…snip…Example.2HTTP/1.1 200 OKDate: Tue, 06 Mar 2018 06:56:17 GMTConnection: closeContent-Type: text/html; charset=UTF-8Set-Cookie: f00e68432b68050dee9abe33c389831e=0eba9cd0f75ca0912b4849777677f587;path=/;Content-Length: 37496…snip…Example.3HTTP/1.1 200 OKDate: Tue, 06 Mar 2018 04:19:19 GMTConnection: closeContent-Type: text/html; charset=UTF-8Content-Length: 11819…snip…