Hashie – Crack Hashes In A Blink Of An Eye

Hashie is a multi functional tool written in python to deal with hashes.FeaturesHash cracking.Hash generation.Automatic hash type identification.Supports MD5, SHA1, SHA256, SHA384, SHA512 etc…How to Install and Run in Linux[1] Enter the following command in the terminal to download it.git clone https://github.com/Sameera-Madhushan/Hashie[2] After downloading the program, enter the following command to navigate to the Digger directory and listing the contentscd Hashie && ls[3] Install dependenciespip3 install -r requirements.txt[4] Now run the script with following command.python3 hashie.pyHow to Install and Run in Windows[1] Download and run Python 2.7.x and Python 3.7 setup file from Python.orgIn Install Python 3.7, enable Add Python 3.6 to PATH[2] Download and run Git setup file from Git-scm.com, choose Use Git from Windows Command Propmt.[3] Afther that, Run Command Propmt and enter this commands:git clone https://github.com/Sameera-Madhushan/Hashiecd Hashiepip3 install -r requirements.txtpython3 hashie.pyDownload Hashie

Link: http://feedproxy.google.com/~r/PentestTools/~3/YG5JSwlXNz0/hashie-crack-hashes-in-blink-of-eye.html

LDAP_Search – Tool To Perform LDAP Queries And Enumerate Users, Groups, And Computers From Windows Domains

LDAP_Search can be used to enumerate Users, Groups, and Computers on a Windows Domain. Authentication can be performed using traditional username and password, or NTLM hash. In addition, this tool has been modified to allow brute force/password-spraying via LDAP. Ldap_Search makes use of Impackets python36 branch to perform the main operations. (These are the guys that did the real heavy lifting and deserve the credit!)Installationgit clone –recursive https://github.com/m8r0wn/ldap_searchcd ldap_searchsudo chmod +x setup.shsudo ./setup.shUsageEnumerate all active users on a domain:python3 ldap_search.py users -u user1 -p Password1 -d demo.localLookup a single user and display field headings:python3 ldap_search.py users -q AdminUser -u user1 -p Password1 -d demo.localEnumerate all computers on a domain:python3 ldap_search.py computers -u user1 -p Password1 -d demo.localSearch for end of life systems on the domain:python3 ldap_search.py computers -q eol -u user1 -p Password1 -d demo.local -s DC01.demo.localEnumerate all groups on the domain:python3 ldap_search.py groups -u user1 -p Password1 -d demo.local -s group members:python3 ldap_search.py groups -q “Domain Admins" -u user1 -p Password1 -d demo.localQueriesBelow are the query options that can be specified using the "-q" argument:User active / [None] – All active users (Default) all – All users, even disabled [specific account or email] – lookup user, ex. "m8r0wn" group [None] – All domain groups [Specific group name] – lookup group members, ex. "Domain Admins" computer [None] – All Domain Computers eol – look for all end of life systems on domainOptionspositional arguments: lookup_type Lookup Types: user, group, computeroptional arguments: -q QUERY Specify user or group to query or use eol. -u USER Single username -U USER Users.txt file -p PASSWD Single password -P PASSWD Password.txt file -H HASH Use Hash for Authentication -d DOMAIN Domain (Ex. demo.local) -s SRV, -srv SRV LDAP Server (optional) -t TIMEOUT Connection Timeout (Default: 4) -v Show Search Result Attribute Names -vv Show Failed Logins & ErrorsDownload Ldap_Search

Link: http://www.kitploit.com/2018/12/ldapsearch-tool-to-perform-ldap-queries.html

imaginaryC2 – Tool Which Aims To Help In The Behavioral (Network) Analysis Of Malware

author: Felix Weyne (website) (Twitter)Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware.Imaginary C2 hosts a HTTP server which captures HTTP requests towards selectively chosen domains/IPs. Additionally, the tool aims to make it easy to replay captured Command-and-Control responses/served payloads.By using this tool, an analyst can feed the malware consistent network responses (e.g. C&C instructions for the malware to execute). Additionally, the analyst can capture and inspect HTTP requests towards a domain/IP which is off-line at the time of the analysis.Replay packet capturesImaginary C2 provides two scripts to convert packet captures (PCAPs) or Fiddler Session Archives into request definitions which can be parsed by imaginary C2. Via these scripts the user can extract HTTP request URLs and domains, as well as HTTP responses. This way, one can quickly replay HTTP responses for a given HTTP request.Technical detailsrequirements: Imaginary C2 requires Python 2.7 and Windows.modules: Currently, Imaginary C2 contains three modules and two configuration files: Filename Function 1. imaginary_c2.py Hosts python’s simple HTTP server. Main module. 2. redirect_to_imaginary_c2.py Alters Windows’ host file and Windows’ (IP) Routing Table. 3. unpack_fiddler_archive.py & unpack_pcap.py Extracts HTTP responses from packet captures. Adds corresponding HTTP request domains and URLs to the configuration files. 4. redirect_config.txt Contains domains and IPs which needs to be redirected to localhost (to the python HTTP server). 5. requests_config.txt Contains URL path definitions with the corresponding data sources. request definitions: Each (HTTP) request defined in the request configuration consists of two parameters:Parameter 1: HTTP request URL path (a.k.a. urlType) Value Meaning fixed Define the URL path as a literal string regex Define a regex pattern to be matched on the URL path Parameter 2: HTTP response source (a.k.a. sourceType) Value Meaning data Imaginary C2 will respond with the contents of a file on disk python Imaginary C2 will run a python script. The output of the python script defines the HTTP response. Demo use case: Simulating TrickBot serversImaginary C2 can be used to simulate the hosting of TrickBot components and configuration files. Additionally, it can also be used to simulate TrickBot’s web injection servers.How it works:Upon execution, the TrickBot downloader connects to a set of hardcoded IPs to fetch a few configuration files. One of these configuration files contains the locations (IP addresses) of the TrickBot plugin servers. The Trickbot downloader downloads the plugins (modules) from these servers and decrypts them. The decrypted modules are then injected into a svchost.exe instance.One of TrickBot’s plugins is called injectdll, a plugin which is responsible for TrickBot’s webinjects. The injectdll plugin regularly fetches an updated set of webinject configurations. For each targeted (banking) website in the configuration, the address of a webfake server is defined. When a victim browses to a (banking) website which is targeted by TrickBot, his browser secretly gets redirected to the webfake server. The webfake server hosts a replica of the targeted website. This replica website usually is used in a social-engineering attack to defraud the victim.Imaginary C2 in action:The below video shows the TrickBot downloader running inside svchost.exe and connecting to imaginary C2 to download two modules. Each downloaded module gets injected into a newly spawned svchost.exe instance. The webinject module tries to steal the browser’s saved passwords and exfiltrates the stolen passwords to the TrickBot server. Upon visiting a targeted banking website, TrickBot redirects the browser to the webfake server. In the demo, the webfake server hosts the message: “Default imaginary C2 server response" (full video).Download imaginaryC2

Link: http://feedproxy.google.com/~r/PentestTools/~3/V0gucmHB1Ec/imaginaryc2-tool-which-aims-to-help-in.html

Aircrack-ng 1.5 – Complete Suite Of Tools To Assess WiFi Network Security

Aircrack-ng is a complete suite of tools to assess WiFi network security.It focuses on different areas of WiFi security:Monitoring: Packet capture and export of data to text files for further processing by third party tools.Attacking: Replay attacks, deauthentication, fake access points and others via packet injection.Testing: Checking WiFi cards and driver capabilities (capture and injection).Cracking: WEP and WPA PSK (WPA 1 and 2).All tools are command line which allows for heavy scripting. A lot of GUIs have taken advantage of this feature. It works primarily Linux but also Windows, OS X, FreeBSD, OpenBSD, NetBSD, as well as Solaris and even eComStation 2.BuildingRequirementsAutoconfAutomakeLibtoolshtoolOpenSSL development package or libgcrypt development package.Airmon-ng (Linux) requires ethtool.On windows, cygwin has to be used and it also requires w32api package.On Windows, if using clang, libiconv and libiconv-develLinux: LibNetlink 1 or 3. It can be disabled by passing –disable-libnl to configure.pkg-config (pkgconf on FreeBSD)FreeBSD, OpenBSD, NetBSD, Solaris and OS X with macports: gmakeLinux/Cygwin: make and Standard C++ Library development package (Debian: libstdc++-dev)Optional stuffIf you want SSID filtering with regular expression in airodump-ng (-essid-regex) pcre development package is required.If you want to use airolib-ng and ‘-r’ option in aircrack-ng, SQLite development package >= 3.3.17 (3.6.X version or better is recommended)If you want to use Airpcap, the ‘developer’ directory from the CD/ISO/SDK is required.In order to build besside-ng, besside-ng-crawler, easside-ng, tkiptun-ng and wesside-ng, libpcap development package is required (on Cygwin, use the Aircap SDK instead; see above)For best performance on FreeBSD (50-70% more), install gcc5 (or better) via: pkg install gcc8rfkillFor best performance on SMP machines, ensure the hwloc library and headers are installed. It is strongly recommended on high core count systems, it may give a serious speed boostCMocka for unit testingInstalling required and optional dependenciesBelow are instructions for installing the basic requirements to build aircrack-ng for a number of operating systems.Note: CMocka should not be a dependency when packaging Aircrack-ng.LinuxDebian/Ubuntusudo apt-get install build-essential autoconf automake libtool pkg-config libnl-3-dev libnl-genl-3-dev libssl-dev ethtool shtool rfkill zlib1g-dev libpcap-dev libsqlite3-dev libpcre3-dev libhwloc-dev libcmocka-devFedora/CentOS/RHELsudo yum install libtool pkgconfig sqlite-devel autoconf automake openssl-devel libpcap-devel pcre-devel rfkill libnl3-devel gcc gcc-c++ ethtool hwloc-devel libcmocka-develBSDFreeBSDpkg install pkgconf shtool libtool gcc8 automake autoconf pcre sqlite3 openssl gmake hwloc cmockaDragonflyBSDpkg install pkgconf shtool libtool gcc7 automake autoconf pcre sqlite3 libgcrypt gmake cmockaOpenBSDpkg_add pkgconf shtool libtool gcc automake autoconf pcre sqlite3 openssl gmake cmockaOSXXCode, Xcode command line tools and HomeBrew are required.brew install autoconf automake libtool openssl shtool pkg-config hwloc pcre sqlite3 libpcap cmockaWindowsCygwinCygwin requires the full path to the setup.exe utility, in order to automate the installation of the necessary packages. In addition, it requires the location of your installation, a path to the cached packages download location, and a mirror URL.An example of automatically installing all the dependencies is as follows:c:\cygwin\setup-x86.exe -qnNdO -R C:/cygwin -s http://cygwin.mirror.constant.com -l C:/cygwin/var/cache/setup -P autoconf -P automake -P bison -P gcc-core -P gcc-g++ -P mingw-runtime -P mingw-binutils -P mingw-gcc-core -P mingw-gcc-g++ -P mingw-pthreads -P mingw-w32api -P libtool -P make -P python -P gettext-devel -P gettext -P intltool -P libiconv -P pkg-config -P git -P wget -P curl -P libpcre-devel -P openssl-devel -P libsqlite3-develMSYS2pacman -Sy autoconf automake-wrapper libtool msys2-w32api-headers msys2-w32api-runtime gcc pkg-config git python openssl-devel openssl libopenssl msys2-runtime-devel gcc binutils make pcre-devel libsqlite-develCompilingTo build aircrack-ng, the Autotools build system is utilized. Autotools replaces the older method of compilation.NOTE: If utilizing a developer version, eg: one checked out from source control, you will need to run a pre-configure script. The script to use is one of the following: autoreconf -i or env NOCONFIGURE=1 ./autogen.sh.First, ./configure the project for building with the appropriate options specified for your environment:./configureTIP: If the above fails, please see above about developer source control versions.Next, compile the project (respecting if make or gmake is needed):Compilation: make Compilation on *BSD or Solaris: gmake Finally, the additional targets listed below may be of use in your environment:Execute all unit testing: make check Installing: make install Uninstall: make uninstall ./configure flagsWhen configuring, the following flags can be used and combined to adjust the suite to your choosing: with-airpcap=DIR: needed for supporting airpcap devices on windows (cygwin or msys2 only) Replace DIR above with the absolute location to the root of the extracted source code from the Airpcap CD or downloaded SDK available online. Required on Windows to build besside-ng, besside-ng-crawler, easside-ng, tkiptun-ng and wesside-ng when building experimental tools. The developer pack (Compatible with version 4.1.1 and 4.1.3) can be downloaded at https://support.riverbed.com/content/support/software/steelcentral-npm/airpcap.html with-experimental: needed to compile tkiptun-ng, easside-ng, buddy-ng, buddy-ng-crawler, airventriloquist and wesside-ng. libpcap development package is also required to compile most of the tools. If not present, not all experimental tools will be built. On Cygwin, libpcap is not present and the Airpcap SDK replaces it. See –with-airpcap option above. with-ext-scripts: needed to build airoscript-ng, versuck-ng, airgraph-ng and airdrop-ng. Note: Each script has its own dependencies. with-gcrypt: Use libgcrypt crypto library instead of the default OpenSSL. And also use internal fast sha1 implementation (borrowed from GIT) Dependency (Debian): libgcrypt20-dev with-duma: Compile with DUMA support. DUMA is a library to detect buffer overruns and under-runs. Dependencies (debian): duma disable-libnl: Set-up the project to be compiled without libnl (1 or 3). Linux option only. without-opt: Do not enable stack protector (on GCC 4.9 and above). enable-shared: Make OSdep a shared library. disable-shared: When combined with enable-static, it will statically compile Aircrack-ng. with-avx512: On x86, add support for AVX512 instructions in aircrack-ng. Only use it when the current CPU supports AVX512. with-static-simd=: Compile a single optimization in aircrack-ng binary. Useful when compiling statically and/or for space-constrained devices. Valid SIMD options: x86-sse2, x86-avx, x86-avx2, x86-avx512, ppc-altivec, ppc-power8, arm-neon, arm-asimd. Must be used with –enable-static –disable-shared. When using those 2 options, the default is to compile the generic optimization in the binary. –with-static-simd merely allows to choose another one. Examples:Configure and compiling: ./configure –with-experimentalmakeCompiling with gcrypt: ./configure –with-gcryptmakeInstalling: make install Installing (strip binaries): make install-strip Installing, with external scripts: ./configure –with-experimental –with-ext-scriptsmakemake installTesting (with sqlite, experimental and pcre) ./configure –with-experimentalmakemake checkCompiling on OS X with macports (and all options): ./configure –with-experimentalgmakeCompiling on OS X 10.10 with XCode 7.1 and Homebrew: env CC=gcc-4.9 CXX=g++-4.9 ./configuremakemake checkNOTE: Older XCode ships with a version of LLVM that does not support CPU feature detection; which causes the ./configure to fail. To work around this older LLVM, it is required that a different compile suite is used, such as GCC or a newer LLVM from Homebrew.If you wish to use OpenSSL from Homebrew, you may need to specify the location to its’ installation. To figure out where OpenSSL lives, run: brew –prefix opensslUse the output above as the DIR for –with-openssl=DIR in the ./configure line: env CC=gcc-4.9 CXX=g++-4.9 ./configure –with-openssl=DIRmakemake checkCompiling on FreeBSD with gcc8 env CC=gcc8 CXX=g++8 MAKE=gmake ./configuregmakeCompiling on Cygwin with Airpcap (assuming Airpcap devpack is unpacked in Aircrack-ng directory) cp -vfp Airpcap_Devpack/bin/x86/airpcap.dll srccp -vfp Airpcap_Devpack/bin/x86/airpcap.dll src/aircrack-osdepcp -vfp Airpcap_Devpack/bin/x86/airpcap.dll src/aircrack-cryptocp -vfp Airpcap_Devpack/bin/x86/airpcap.dll src/aircrack-utildlltool -D Airpcap_Devpack/bin/x86/airpcap.dll -d build/airpcap.dll.def -l Airpcap_Devpack/bin/x86/libairpcap.dll.aautoreconf -i./configure –with-experimental –with-airpcap=$(pwd)makeCompiling on DragonflyBSD with gcrypt using GCC 7 autoreconf -ienv CC=gcc7 CXX=g++7 MAKE=gmake ./configure –with-experimental –with-gcryptgmakeCompiling on OpenBSD (with autoconf 2.69 and automake 1.16) export AUTOCONF_VERSION=2.69export AUTOMAKE_VERSION=1.16autoreconf -ienv MAKE=gmake ./configuregmakePackagingAutomatic detection of CPU optimization is done at run time. This behavior is desirable when packaging Aircrack-ng (for a Linux or other distribution.)Also, in some cases it may be desired to provide your own flags completely and not having the suite auto-detect a number of optimizations. To do this, add the additional flag –without-opt to the ./configure line:./configure –without-optUsing precompiled binariesLinux/BSDUse your package manager to download aircrack-ngIn most cases, they have an old version.WindowsInstall the appropriate “monitor" driver for your card (standard drivers doesn’t work for capturing data).aircrack-ng suite is command line tools. So, you have to open a commandline Start menu -> Run… -> cmd.exe then use themRun the executables without any parameters to have helpDocumentationDocumentation, tutorials, … can be found on https://aircrack-ng.orgSee also manpages and the forum.For further information check the README fileDownload Aircrack-Ng

Link: http://www.kitploit.com/2018/12/aircrack-ng-15-complete-suite-of-tools.html

NETworkManager – A Powerful Tool For Managing Networks And Troubleshoot Network Problems!

A powerful tool for managing networks and troubleshoot network problems!FeaturesNetwork Interface – Information, ConfigureIP-ScannerPort-ScannerPingTracerouteDNS LookupRemote DesktopPuTTY (requires PuTTY)TightVNC (requires TightVNC)SNMP – Get, Walk, Set (v1, v2c, v3)Wake on LANHTTP HeadersWhoisSubnet Calculator – Calculator, Subnetting, SupernettingLookup – OUI, PortConnectionsListenersARP TableLanguagesEnglishGermanRussianSpanishSystem requirementsWindows 7/Server 2008 R2 or later.NET-Framework 4.6RDP 8.1 (How to install RDP 8.1 on Windows 7/Server 2008 R2?)Download NETworkManager

Link: http://www.kitploit.com/2018/12/networkmanager-powerful-tool-for.html

Faraday v3.4 – Collaborative Penetration Test and Vulnerability Management Platform

Here’s the main new features and improvements in Faraday v3.4:Services can now be tagged. With this new feature, you can now easily identify important services, geolocate them and more.New search operators OR/NOTIn a previous release we added the AND operator, now with 3.4 you can also use OR and NOT operators in the Status Report search box.This will allow you to find vulnerabilities easily with filters like this one:(severity:critical or severity:high) or name:”MS18-172”Performance improvements for big workspacesWe have been working on optimization for our API Rest endpoints to support millions of vulnerabilities in each workspace.Here is the full change log for version 3.4In GTK, check active_workspace it’s not nullAdd fbruteforce services fpluginAttachments can be added to a vulnerability through the API.Catch gaierror error on lynis pluginAdd OR and NOT with parenthesis support on status report searchInfo API now is publicWeb UI now detects Appscan pluginImprove performance on the workspace using custom queryWorkspaces can be set as active/disable in the welcome page.Change Nmap plugin, response field in VulnWeb now goes to Data field.Update code to support latest SQLAlchemy versionFix `create_vuln` fplugin bug that incorrectly reported duplicated vulnsThe client can set a custom logo to FaradayCentered checkboxes in user list pageClient or pentester can’t activate/deactivate workspacesIn GTK, dialogs now check that user_info is not FalseAdd tags in Service object (Frontend and backend API)Limit of users only takes the active onesImprove error message when the license is not validDownload Faraday v3.4

Link: http://www.kitploit.com/2018/12/faraday-v34-collaborative-penetration.html

DevAudit – Open-source, Cross-Platform, Multi-Purpose Security Auditing Tool

DevAudit is an open-source, cross-platform, multi-purpose security auditing tool targeted at developers and teams adopting DevOps and DevSecOps that detects security vulnerabilities at multiple levels of the solution stack. DevAudit provides a wide array of auditing capabilities that automate security practices and implementation of security auditing in the software development life-cycle. DevAudit can scan your operating system and application package dependencies, application and application server configurations, and application code, for potential vulnerabilities based on data aggregated by providers like OSS Index and Vulners from a wide array of sources and data feeds such as the National Vulnerability Database (NVD) CVE data feed, the Debian Security Advisories data feed, Drupal Security Advisories, and many others.DevAudit helps developers address at least 4 of the OWASP Top 10 risks to web application development:A9 Using Components with Known VulnerabilitiesA5 Security MisconfigurationA6 Sensitive Data ExposureA2 Broken Authentication and Session Managementas well as risks classified by MITRE in the CWE dictionary such as CWE-2 Environment and CWE-200 Information Disclosure As development progresses and its capabilities mature, DevAudit will be able to address the other risks on the OWASP Top 10 and CWE lists like Injection and XSS. With the focus on web and cloud and distributed multi-user applications, software development today is increasingly a complex affair with security issues and potential vulnerabilities arising at all levels of the stack developers rely on to deliver applications. The goal of DevAudit is to provide a platform for automating implementation of development security reviews and best practices at all levels of the solution stack from library package dependencies to application and server configuration to source code.Features Cross-platform with a Docker image also available. DevAudit runs on Windows and Linux with *BSD and Mac and ARM Linux support planned. Only an up-to-date version of .NET or Mono is required to run DevAudit. A DevAudit Docker image can also be pulled from Docker Hub and run without the need to install Mono. CLI interface. DevAudit has a CLI interface with an option for non-interactive output and can be easily integrated into CI build pipelines or as post-build command-line tasks in developer IDEs. Work on integration of the core audit library into IDE GUIs has already begun with the Audit.Net Visual Studio extension. Continuously updated vulnerabilties data. DevAudit uses backend data providers like OSS Index and Vulners which provide continuously updated vulnerabilities data compiled from a wide range of security data feeds and sources such as the NVD CVE feeds, Drupal Security Advisories, and so on. Support for additional vulnerability and package data providers like vFeed and Libraries.io will be added. Audit operating system and development package dependencies. DevAudit audits Windows applications and packages installed via Windows MSI, Chocolatey, and OneGet, as well as Debian, Ubuntu, and CentOS Linux packages installed via Dpkg, RPM and YUM, for vulnerabilities reported for specific versions of the applications and packages. For development package dependencies and libraries DevAudit audits NuGet v2 dependencies for .NET, Yarn/NPM and Bower dependencies for nodejs, and Composer package dependencies for PHP. Support for other package managers for different languages is added regularly. Audit application server configurations. DevAudit audits the server version and the server configuration for the OpenSSH sshd, Apache httpd, MySQL/MariaDB, PostgreSQL, and Nginx servers with many more coming. Configuration auditing is based on the Alpheus library and is done using full syntactic analysis of the server configuration files. Server configuration rules are stored in YAML text files and can be customized to the needs of developers. Support for many more servers and applications and types of analysis like database auditing is added regularly. Audit application configurations. DevAudit audits Microsoft ASP.NET applications and detects vulnerabilities present in the application configuration. Application configuration rules are stored in YAML text files and can be customized to the needs of developers. Application configuration auditing for applications like Drupal and WordPress and DNN CMS is coming. Audit application code by static analysis. DevAudit currently supports static analysis of .NET CIL bytecode. Analyzers reside in external script files and can be fully customized based on the needs of the developer. Support for C# source code analysis via Roslyn, PHP7 source code and many more languages and external static code analysis tools is coming. Remote agentless auditing. DevAudit can connect to remote hosts via SSH with identical auditing features available in remote environments as in local environments. Only a valid SSH login is required to audit remote hosts and DevAudit running on Windows can connect to and audit Linux hosts over SSH. On Windows DevAudit can also remotely connect to and audit other Windows machines using WinRM. Agentless Docker container auditing. DevAudit can audit running Docker containers from the Docker host with identical features available in container environments as in local environments. GitHub repository auditing. DevAudit can connect directly to a project repository hosted on GitHub and perform package source and application configuration auditing. PowerShell support. DevAudit can also be run inside the PowerShell system administration environment as cmdlets. Work on PowerShell support is paused at present but will resume in the near future with support for cross-platform Powershell both on Windows and Linux. RequirementsDevAudit is a .NET 4.6 application. To install locally on your machine you will need either the Microsoft .NET Framework 4.6 runtime on Windows, or Mono 4.4+ on Linux. .NET 4.6 should be already installed on most recent versions of Windows, if not then it is available as a Windows feature that can be turned on or installed from the Programs and Features control panel applet on consumer Windows, or from the Add Roles and Features option in Server Manager on server versions of Windows. For older versions of Windows, the .NET 4.6 installer from Microsoft can be found here.On Linux the minimum version of Mono supported is 4.4. Although DevAudit runs on Mono 4 (with one known issue) it’s recommended that Mono 5 be installed. Mono 5 brings many improvements to the build and runtime components of Mono that benefit DevAudit.The existing Mono packages provided by your distro are probably not Mono 5 as yet, so you will have to install Mono packages manually to be able to use Mono 5. Installation instructions for the most recent packages provided by the Mono project for several major Linux distros are here. It is recommended you have the mono-devel package installed as this will reduce the chances of missing assemblies.Alternatively on Linux you can use the DevAudit Docker image if you do not wish to install Mono and already have Docker installed on your machine.InstallationDevAudit can be installed by the following methods:Building from source.Using a binary release archive file downloaded from Github for Windows or Linux.Using the release MSI installer downloaded from Github for Windows.Using the Chocolatey package manager on Windows.Pulling the ossindex/devaudit image from Docker Hub on Linux.Building from source on LinuxPre-requisites: Mono 4.4+ (Mono 5 recommended) and the mono-devel package which provides the compiler and other tools needed for building Mono apps. Your distro should have packages for at least Mono version 4.4 and above, otherwise manual installation instructions for the most recent packages provided by the Mono project for several major Linux distros are here Clone the DevAudit repository from https://github.com/OSSIndex/DevAudit.git Run the build.sh script in the root DevAudit directory. DevAudit should compile without any errors. Run ./devaudit –help and you should see the DevAudit version and help screen printed. Note that NuGet on Linux may occasionally exit with Error: NameResolutionFailure which seems to be a transient problem contacting the servers that contain the NuGet packages. You should just run ./build.sh again until the build completes normally.Building from source on WindowsPre-requisites: You must have one of: A .NET Framework 4.6 SDK or developer pack.Visual Studio 2015.Clone the DevAudit repository from https://github.com/OSSIndex/DevAudit.git From a visual Studio 2015 or ,NETRun the build.cmd script in the root DevAudit directory. DevAudit should compile without any errors. Run ./devaudit –help and you should see the DevAudit version and help screen printed. Installing from the release archive files on Windows on LinuxPre-requisites: You must have Mono 4.4+ on Linux or .NET 4.6 on Windows. Download the latest release archive file for Windows or Linux from the project releases page. Unpack this file to a directory. From the directory where you unpacked the release archive run devaudit –help on Windows or ./devaudit –help on Linux. You should see the version and help screen printed. (Optional) Add the DevAudit installation directory to your PATH environment variable Installing using the MSI Installer on WindowsThe MSI installer for a release can be found on the Github releases page.Click on the releases link near the top of the page.Identify the release you would like to install.A “DevAudit.exe" link should be visible for each release that has a pre-built installer.Download the file and execute the installer. You will be guided through a simple installation.Open a new command prompt or PowerShell window in order to have DevAudit in path.Run DevAudit.Installing using Chocolatey on WindowsDevAudit is also available on Chocolatey.Install Chocolatey.Open an admin console or PowerShell window.Type choco install devauditRun DevAudit.Installing using Docker on LinuxPull the Devaudit image from Docker Hub: docker pull ossindex/devaudit. The image tagged ossindex/devaudit:latest (which is the default image that is downloaded) is built from the most recent release while ossindex/devaudit:unstable is built on the master branch of the source code and contains the newest additions albeit with less testing.ConceptsAudit TargetRepresents a logical group of auditing functions. DevAudit currently supports the following audit targets:Package Source. A package source manages application and library dependencies using a package manager. Package managers install, remove or update applications and library dependencies for an operating system like Debian Linux, or for a development language or framework like .NET or nodejs. Examples of package sources are dpkg, yum, Chocolatey, Composer, and Bower. DevAudit audits the names and versions of installed packages against vulnerabilities reported for specific versions of those packages.Application. An application like Drupal or a custom application built using a framework like ASP.NET. DevAudit audits applications and application modules and plugins against vulnerabilities reported for specific versions of application binaries and modules and plugins. DevAudit can also audit application configurations for known vulnerabilities, and perform static analysis on application code looking for known weaknesses.Application Server. Application servers provide continuously running services or daemons like a web or database server for other applications to use, or for users to access services like authentication. Examples of application servers are the OpenSSH sshd and Apache httpd servers. DevAudit can audit application server binaries, modules and plugins against vulnerabilities reported for specific versions as well as audit server configurations for known server configuration vulnerabilities and weaknesses.Audit EnvironmentRepresents a logical environment where audits against audit targets are executed. Audit environments abstract the I/O and command executions required for an audit and allow identical functions to be performed against audit targets on whatever physical or network location the target’s files and executables are located. The follwing environments are currently supported :Local. This is the default audit environment where audits are executed on the local machine.SSH. Audits are executed on a remote host connected over SSH. It is not necessary to have DevAudit installed on the remote host.WinRM. Audits are executed on a remote Windows host connected over WinRM. It is not necessary to have DevAudit installed on the remote host.Docker. Audits are executed on a running Docker container. It is not necessary to have DevAudit installed on the container image.GitHub. Audits are executed on a GitHub project repository’s file-system directly. It is not necessary to checkout or download the project locally to perform the audit.Audit OptionsThese are different options that can be enabled for the audit. You can specify options that apply to the DevAudit program for example, to run in non-interactive mode, as well as options that apply to the target e.g if you set the AppDevMode option for auditing ASP.NET applications to true then certain audit rules will not be enabled.Basic UsageThe CLI is the primary interface to the DevAudit program and is suitable both for interactive use and for non-interactive use in scheduled tasks, shell scripts, CI build pipelines and post-build tasks in developer IDEs. The basic DevAudit CLI syntax is:devaudit TARGET [ENVIRONMENT] | [OPTIONS]where TARGET specifies the audit target ENVIRONMENT specifies the audit environment and OPTIONS specifies the options for the audit target and environment. There are 2 ways to specify options: program options and general audit options that apply to more than one target can be specified directly on the command-line as parameters . Target-specific options can be specified with the -o options using the format: -o OPTION1=VALUE1,OPTION2=VALUE2,…. with commas delimiting each option key-value pair.If you are piping or redirecting the program output to a file then you should always use the -n –non-interactive option to disable any interactive user interface features and animations.When specifying file paths, an @ prefix before a path indicates to DevAudit that this path is relative to the root directory of the audit target e.g if you specify: -r c:\myproject -b @bin\Debug\app2.exe DevAudit considers the path to the binary file as c:\myproject\bin\Debug\app2.exe.Audit TargetsPackage Sources msi Do a package audit of the Windows Installer MSI package source on Windows machines. choco Do a package audit of packages installed by the Choco package manager. oneget Do a package audit of the system OneGet package source on Windows. nuget Do a package audit of a NuGet v2 package source. You must specify the location of the NuGet packages.config file you wish to audit using the -f or –file option otherwise the current directory will be searched for this file. bower Do a package audit of a Bower package source. You must specify the location of the Bower packages.json file you wish to audit using the -f or –file option otherwise the current directory will be searched for this file. composer Do a package audit of a Composer package source. You must specify the location of the Composer composer.json file you wish to audit using the -f or –file option otherwise the current directory will be searched for this file. dpkg Do a package audit of the system dpkg package source on Debian Linux and derivatives. rpm Do a package audit of the system RPM package source on RedHat Linux and derivatives. yum Do a package audit of the system Yum package source on RedHat Linux and derivatives. For every package source the following general audit options can be used: -f –file Specify the location of the package manager configuration file if needed. The NuGet, Bower and Composer package sources require this option. –list-packages Only list the packages in the package source scanned by DevAudit. –list-artifacts Only list the artifacts found on OSS Index for packages scanned by DevAudit. Package sources tagged [Experimental] are only available in the master branch of the source code and may have limited back-end OSS Index support. However you can always list the packages scanned and artifacts available on OSS Index using the list-packages and list-artifacts options.Applications aspnet Do an application audit on a ASP.NET application. The relevant options are: -r –root-directory Specify the root directory of the application. This is just the top-level application directory that contains files like Global.asax and Web.config.-b –application-binary Specify the application binary. The is the .NET assembly that contains the application’s .NET bytecode. This file is usually a .DLL and located in the bin sub-folder of the ASP.NET application root directory.-c –configuration-file or -o AppConfig=configuration-file Specifies the ASP.NET application configuration file. This file is usually named Web.config and located in the application root directory. You can override the default @Web.config value with this option.-o AppDevMode=enabled Specifies that application development mode should be enabled for the audit. This mode can be used when auditing an application that is under development. Certain configuration rules that are tagged as disabled for AppDevMode (e.g running the application in ASP.NET debug mode) will not be enabled during the audit. netfx Do an application audit on a .NET application. The relevant options are: -r –root-directory Specify the root directory of the application. This is just the top-level application directory that contains files like App.config.-b –application-binary Specify the application binary. The is the .NET assembly that contains the application’s .NET bytecode. This file is usually a .DLL and located in the bin sub-folder of the ASP.NET application root directory.-c –configuration-file or -o AppConfig=configuration-file Specifies the .NET application configuration file. This file is usually named App.config and located in the application root directory. You can override the default @App.config value with this option.-o GendarmeRules=RuleLibrary Specifies that the Gendarme static analyzer should enabled for the audit with rules from the specified rules library used. For example: devaudit netfx -r /home/allisterb/vbot-debian/vbot.core -b @bin/Debug/vbot.core.dll –skip-packages-audit -o GendarmeRules=Gendarme.Rules.Naming will run the Gendarme static analyzer on the vbot.core.dll assembly using rules from Gendarme.Rules.Naming library. The complete list of rules libraries is (taken from the Gendarme wiki):Gendarme.Rules.BadPracticeGendarme.Rules.ConcurrencyGendarme.Rules.CorrectnessGendarme.Rules.DesignGendarme.Rules.Design.GenericGendarme.Rules.Design.LinqGendarme.Rules.ExceptionsGendarme.Rules.GendarmeGendarme.Rules.GlobalizationGendarme.Rules.InteroperabilityGendarme.Rules.Interoperability.ComGendarme.Rules.MaintainabilityGendarme.Rules.NUnitGendarme.Rules.NamingGendarme.Rules.PerformanceGendarme.Rules.PortabilityGendarme.Rules.SecurityGendarme.Rules.Security.CasGendarme.Rules.SerializationGendarme.Rules.SmellsGendarme.Rules.Ui drupal7 Do an application audit on a Drupal 7 application. -r –root-directory Specify the root directory of the application. This is just the top-level directory of your Drupal 7 install. drupal8 Do an application audit on a Drupal 8 application. -r –root-directory Specify the root directory of the application. This is just the top-level directory of your Drupal 8 install.All applications also support the following common options for auditing the application modules or plugins: –list-packages Only list the application plugins or modules scanned by DevAudit. –list-artifacts Only list the artifacts found on OSS Index for application plugins and modules scanned by DevAudit. –skip-packages-audit Only do an appplication configuration or code analysis audit and skip the packages audit. Application Servers sshd Do an application server audit on an OpenSSH sshd-compatible server. httpd Do an application server audit on an Apache httpd-compatible server. mysql Do an application server audit on a MySQL-compatible server (like MariaDB or Oracle MySQL.) nginx Do an application server audit on a Nginx server. pgsql Do an application server audit on a PostgreSQL server. This is an example command line for an application server audit: ./devaudit httpd -i httpd-2.2 -r /usr/local/apache2/ -c @conf/httpd.conf -b @bin/httpd which audits an Apache Httpd server running on a Docker container named httpd-2.2.The following are audit options common to all application servers:-r –root-directory Specifies the root directory of the server. This is just the top-level of your server filesystem and defaults to / unless you want a different server root.-c –configuration-file Specifies the server configuration file. e.g in the above audit the Apache configuration file is located at /usr/local/apache2/conf/httpd.conf. If you don’t specify the configuration file DevAudit will attempt to auto-detect the configuration file for the server selected.-b –application-binary Specifies the server binary. e.g in the above audit the Apache binary is located at /usr/local/apache2/bin/httpd. If you don’t specify the binary path DevAudit will attempt to auto-detect the server binary for the server selected.Application servers also support the following common options for auditing the server modules or plugins: –list-packages Only list the application plugins or modules scanned by DevAudit. –list-artifacts Only list the artifacts found on OSS Index for application plugins and modules scanned by DevAudit. –skip-packages-audit Only do a server configuration audit and skip the packages audit. EnvironmentsThere are currently 5 audit environment supported: local, remote hosts over SSH, remote hosts over WinRM, Docker containers, and GitHub. Local environments are used by default when no other environment options are specified.SSHThe SSH environment allows audits to be performed on any remote hosts accessible over SSH without requiring DevAudit to be installed on the remote host. SSH environments are cross-platform: you can connect to a Linux remote host from a Windows machine running DevAudit. An SSH environment is created by the following options:-s SERVER [–ssh-port PORT] -u USER [-k KEYFILE] [-p | –password-text PASSWORD]-s SERVER Specifies the remote host or IP to connect to via SSH.-u USER Specifies the user to login to the server with.–ssh-port PORT Specifies the port on the remote host to connect to. The default is 22.-k KEYFILE Specifies the OpenSSH compatible private key file to use to connect to the remote server. Currently only RSA or DSA keys in files in the PEM format are supported.-p Provide a prompt with local echo disabled for interactive entry of the server password or key file passphrase.–password-text PASSWORD Specify the user password or key file passphrase as plaintext on the command-line. Note that on Linux when your password contains special characters you should use enclose the text on the command-line using single-quotes like ‘MyPa

Link: http://www.kitploit.com/2018/12/devaudit-open-source-cross-platform.html

Radare2 – Unix-Like Reverse Engineering Framework And Commandline Tools Security

r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files.Radare project started as a forensics tool, a scriptable command-line hexadecimal editor able to open disk files, but later added support for analyzing binaries, disassembling code, debugging programs, attaching to remote gdb servers…radare2 is portable.Architecturesi386, x86-64, ARM, MIPS, PowerPC, SPARC, RISC-V, SH, m68k, AVR, XAP, System Z, XCore, CR16, HPPA, ARC, Blackfin, Z80, H8/300, V810, V850, CRIS, XAP, PIC, LM32, 8051, 6502, i4004, i8080, Propeller, Tricore, Chip8 LH5801, T8200, GameBoy, SNES, MSP430, Xtensa, NIOS II, Dalvik, WebAssembly, MSIL, EBC, TMS320 (c54x, c55x, c55+, c66), Hexagon, Brainfuck, Malbolge, DCPU16.File FormatsELF, Mach-O, Fatmach-O, PE, PE+, MZ, COFF, OMF, TE, XBE, BIOS/UEFI, Dyldcache, DEX, ART, CGC, Java class, Android boot image, Plan9 executable, ZIMG, MBN/SBL bootloader, ELF coredump, MDMP (Windows minidump), WASM (WebAssembly binary), Commodore VICE emulator, Game Boy (Advance), Nintendo DS ROMs and Nintendo 3DS FIRMs, various filesystems.Operating SystemsWindows (since XP), GNU/Linux, OS X, [Net|Free|Open]BSD, Android, iOS, OSX, QNX, Solaris, Haiku, FirefoxOS.BindingsVala/Genie, Python (2, 3), NodeJS, Lua, Go, Perl, Guile, PHP, Newlisp, Ruby, Java, OCaml…Dependenciesradare2 can be built without any special dependency, just get a working toolchain (gcc, clang, tcc…) and use make.Optionally you can use libewf for loading EnCase disk images.To build the bindings you need latest valabind, g++ and swig2.InstallThe easiest way to install radare2 from git is by running the following command:$ sys/install.shIf you want to install radare2 in the home directory without using root privileges and sudo, simply run:$ sys/user.shBuilding with meson + ninjaIf you don’t already have meson and ninja, you can install them with your distribution package manager or with r2pm:$ r2pm -i mesonIf you already have them installed, you can run this line to compile radare2:$ python ./sys/meson.py –prefix=/usr –shared –installThis method is mostly useful on Windows because the initial building with Makefile is not suitable. If you are lost in any way, just type:$ python ./sys/meson.py –helpUpdateTo update Radare2 system-wide, you don’t need to uninstall or pull. Just re-run:$ sys/install.shIf you installed Radare2 in the home directory, just re-run:$ sys/user.shUninstallIn case of a polluted filesystem, you can uninstall the current version or remove all previous installations:$ make uninstall$ make purgeTo remove all stuff including libraries, use$ make system-purgePackage managerRadare2 has its own package manager – r2pm. Its packages repository is on GitHub too. To start to using it for the first time, you need to initialize packages:$ r2pm initRefresh the packages database before installing any package:$ r2pm updateTo install a package, use the following command:$ r2pm install [package name]BindingsAll language bindings are under the r2-bindings directory. You will need to install swig and valabind in order to build the bindings for Python, Lua, etc..APIs are defined in vapi files which are then translated to swig interfaces, nodejs-ffi or other and then compiled.The easiest way to install the python bindings is to run:$ r2pm install lang-python2 #lang-python3 for python3 bindings$ r2pm install r2api-python$ r2pm install r2pipe-pyIn addition there are r2pipe bindings, which is an API interface to interact with the prompt, passing commands and receivent the output as a string, many commands support JSON output, so its integrated easily with many languages in order to deserialize it into native objects.$ npm install r2pipe # NodeJS$ gem install r2pipe # Ruby$ pip install r2pipe # Python$ opam install radare2 # OCamlAnd also for Go, Rust, Swift, D, .NET, Java, NewLisp, Perl, Haskell, Vala, OCaml, and many more to come!Regression TestsuiteRunning make tests will fetch the radare2-regressions repository and run all the tests in order to verify that no changes break any functionality.We run those tests on every commit, and they are also executed with ASAN and valgrind on different platforms to catch other unwanted ‘features’.DocumentationThere is no formal documentation of r2 yet. Not all commands are compatible with radare1, so the best way to learn how to do stuff in r2 is by reading the examples from the web and appending ‘?’ to every command you are interested in.Commands are small mnemonics of few characters and there is some extra syntax sugar that makes the shell much more pleasant for scripting and interacting with the APIs.You could also checkout the radare2 book.Webserverradare2 comes with an embedded webserver which serves a pure html/js interface that sends ajax queries to the core and aims to implement an usable UI for phones, tablets and desktops.$ r2 -c=H /bin/lsTo use the webserver on Windows, you require a cmd instance with administrator rights. To start the webserver, use the following command in the project root.> radare2.exe -c=H rax2.exePointersWebsite: https://www.radare.org/IRC: irc.freenode.net #radareTelegram: https://t.me/radareMatrix: @radare2:matrix.orgTwitter: @radareorgDownload Radare2

Link: http://feedproxy.google.com/~r/PentestTools/~3/d_ECVYw56ug/radare2-unix-like-reverse-engineering.html

Syhunt ScanTools 6.5 – Console Web Vulnerability Scan Tools

Syhunt ScanTools comes with four console applications: ScanURL, ScanCode, ScanLog and ScanConf, incorporating the functionality of the scanners Syhunt Dynamic, Syhunt Code, Syhunt Insight and Syhunt Harden respectively. Whether you want to scan a live web application, source code files, a GIT repository, web server logs or configuration files for vulnerabilities, weaknesses and more, ScanTools can help you start the task with a single line command. Syhunt ScanTools is available for download as a freeware portable package.ChangeLog:SYHUNT CODE (SCANCODE)Added support for GIT URLs and branchs (Note: GIT for Windows must be downloaded separately from https://gitforwindows.org/and installed on the same machine for this feature to work).Added Complete Scan (complete) and Paranoid (comppnoid) hunt methods. Experimental checks moved to Paranoid hunt method.Improved compatibility with SVN repositories.SYHUNT DYNAMIC (SCANURL)Added WII framework related optimizations.Improved XML exports.Reviewed hunt methods Malware Content and Structure Brute Force and enabled additional checks.Improved false positive prevention involving extension checking and structure brute force checks.Improved loop prevention in spider (additional cases).Do not cache lengthy responses during spidering.Fixed: reclassified dynamic XSS risk based on CVSS3 score.OTHER IMPROVEMENTS AND CHANGESAdded -nv parameter to all CLI scan tools, which turns off verbose – error messages and basic information still gets printed.Fixed: optional -rout parameter not being fully respected in ScanURL and ScanCode.Download Syhunt ScanTools

Link: http://www.kitploit.com/2018/12/syhunt-scantools-65-console-web.html

Tcpreplay – Pcap Editing And Replay Tools For *NIX And Windows

Tcpreplay is a suite of GPLv3 licensed utilities for UNIX (and Win32 under Cygwin) operating systems for editing and replaying network traffic which was previously captured by tools like tcpdump and Ethereal/Wireshark. It allows you to classify traffic as client or server, rewrite Layer 2, 3 and 4 packets and finally replay the traffic back onto the network and through other devices such as switches, routers, firewalls, NIDS and IPS’s. Tcpreplay supports both single and dual NIC modes for testing both sniffing and in-line devices.Tcpreplay is used by numerous firewall, IDS, IPS, NetFlow and other networking vendors, enterprises, universities, labs and open source projects. If your organization uses Tcpreplay, please let us know who you are and what you use it for so that I can continue to add features which are useful.Tcpreplay is designed to work with network hardware and normally does not penetrate deeper than Layer 2. Yazan Siam with sponsorship from Cisco developed tcpliveplay to replay TCP pcap files directly to servers. Use this utility if you want to test the entire network stack and into the application.As of version 4.0, Tcpreplay has been enhanced to address the complexities of testing and tuning IP Flow/NetFlow hardware. Enhancements include:Support for netmap modified network drivers for 10GigE wire-speed performanceIncreased accuracy for playback speedIncreased accuracy of results reportingFlow statistics including Flows Per Second (fps)Flow analysis for analysis and fine tuning of flow expiry timeoutsHundreds of thousands of flows per second (dependent flow sizes in pcap file)Version 4.0 is the first version delivered by Fred Klassen and sponsored by AppNeta. Many thanks to the author of Tcpreplay, Aaron Turner who has supplied the world with a a solid and full-featured test product thus far. The new author strives to take Tcprelay performance to levels normally only seen in commercial network test equipment.The Tcpreplay suite includes the following tools:Network playback products:tcpreplay – replays pcap files at arbitrary speeds onto the network with an option to replay with random IP addressestcpreplay-edit – replays pcap files at arbitrary speeds onto the network with numerous options to modify packets packets on the flytcpliveplay – replays TCP network traffic stored in a pcap file on live networks in a manner that a remote server will respond toPcap file editors and utilities:tcpprep – multi-pass pcap file pre-processor which determines packets as client or server and splits them into creates output files for use by tcpreplay and tcprewritetcprewrite – pcap file editor which rewrites TCP/IP and Layer 2 packet headerstcpbridge – bridge two network segments with the power of tcprewritetcpcapinfo – raw pcap file decoder and debuggerInstall packagePlease visit our downloads page on our wiki for detailed download and installation instructions.Simple directions for Unix users:./configure makesudo make installBuild netmap featureThis feature will detect netmap capable network drivers on Linux and BSD systems. If detected, the network driver is bypassed for the execution duration of tcpreplay and tcpreplay-edit, and network buffers will be written to directly. This will allow you to achieve full line rates on commodity network adapters, similar to rates achieved by commercial network traffic generators.Note that bypassing the network driver will disrupt other applications connected through the test interface. Don’t test on the same interface you ssh’ed into.Download latest and install netmap from http://info.iet.unipi.it/~luigi/netmap/ If you extracted netmap into /usr/src/ or /usr/local/src you can build normally. Otherwise you will have to specify the netmap source directory, for example:./configure –with-netmap=/home/fklassen/git/netmapmakesudo make installYou can also find netmap source here.Detailed installation instructions are available in the INSTALL document in the tar ball.Install Tcpreplay from source codeDownload the tar ball or zip file. Optionally clone the git repository:git clone git@github.com:appneta/tcpreplay.gitSupportIf you have a question or think you are experiencing a bug, submit them here. It is important that you provide enough information for us to help you.If your problem has to do with COMPILING tcpreplay:Version of tcpreplay you are trying to compilePlatform (Red Hat Linux 9 on x86, Solaris 7 on SPARC, OS X on PPC, etc)Contents of config.statusOutput from configure and makeAny additional information you think that would be useful.If your problem has to do with RUNNING tcpreplay or one of the sub-tools:Version information (output of -V)Command line used (options and arguments)Platform (Red Hat Linux 9 on Intel, Solaris 7 on SPARC, etc)Make & model of the network card(s) and driver(s) versionError message (if available) and/or description of problemIf possible, attach the pcap file used (compressed with bzip2 or gzip preferred)The core dump or backtrace if availableDetailed description of your problem or what you are trying to accomplishNote: The author of tcpreplay primarily uses OS X and Linux; hence, if you’re reporting an issue on another platform, it is important that you give very detailed information as I may not be able to reproduce your issue.You are also strongly encouraged to read the extensive documentation (man pages, FAQ, documents in /docs and email list archives) BEFORE posting to the tcpreplay-users email list:http://lists.sourceforge.net/lists/listinfo/tcpreplay-usersIf you have a bug to report you can submit it here:https://github.com/appneta/tcpreplay/issuesIf you want to help with development, visit our developers wiki:https://github.com/appneta/tcpreplay/wikiLastly, please don’t email the authors directly with your questions. Doing so prevents others from potentially helping you and your question/answer from showing up in the list archives.Authors and ContributorsTcpreplay is authored by Aaron Turner. In 2013 Fred Klassen, Founder and VP Network Technology, AppNeta added performance features and enhancements, and ultimately took over the maintenance of Tcpreplay.The source code repository has moved to GitHub. You can get a working copy of the repository by installing git and executing:git clone https://github.com/appneta/tcpreplay.gitHow To ContributeIt’s easy. Basically you…Set up gitForkEdit (we create a branch per issue)Send a PRDetails:You will find that you will not be able to contribute to the Tcpreplay project directly if you use clone the appneta/tcpreplay repo. If you believe that you may someday contribute to the repository, GitHub provides an innovative approach. Forking the @appneta/tcpreplay repository allows you to work on your own copy of the repository and submit code changes without first asking permission from the authors. Forking is also considered to be a compliment so fork away:if you haven’t already done so, get yourself a free GitHub ID and visit @appneta/tcpreplayclick the Fork button to get your own private copy of the repositoryon your build system clone your private repository:git clone git@github.com:/tcpreplay.gitwe like to keep the master branch available for projection ready code so we recommend that you make a branch for each feature or bug fixwhen you are happy with your work, push it to your GitHub repositoryon your GitHub repository select your new branch and submit a Pull Request to masteroptionally monitor the status of your submission hereWe will review and possibly discuss the changes with you through GitHub services. If we accept the submission, it will instantly be applied to the production master branch.Additional InformationPlease visit our wiki.or visit our developers wikiDownload Tcpreplay

Link: http://feedproxy.google.com/~r/PentestTools/~3/kaOMqcv3C4M/tcpreplay-pcap-editing-and-replay-tools.html