Malboxes – Builds Malware Analysis Windows VMs So That You Don’T Have To

Builds malware analysis Windows virtual machines so that you don’t have to.RequirementsPython 3.3+ packer: vagrant: VirtualBox or an vSphere / ESXi server Minimum specs for the build machineAt least 5 GB of RAM VT-X extensions strongly recommendedFedoradnf install ruby-devel gcc-c++ zlib-develvagrant plugin install winrm winrm-fsDebianapt install vagrant git python3-pipInstallationLinux/UnixInstall git, vagrant and packer using your distribution’s packaging tool (packer is sometimes called packer-io) pip install malboxes: sudo pip3 install git+ Note Starting with Windows 10 Hyper-V is always running below the operating system. Since VT-X needs to be operated exclusively by only one Hypervisor this causes VirtualBox (and malboxes) to fail. To disable Hyper-V and allow VirtualBox to run, issue the following command in an administrative command prompt then reboot: bcdedit /set hypervisorlaunchtype off Using ChocolateyThe following steps assume that you have Chocolatey installed. Otherwise, follow the manual installation procedure.Install dependencies: choco install python vagrant packer git virtualboxRefresh the console refreshenvInstall malboxes: pip3 install setuptoolspip3 install -U git+ VirtualBox, Vagrant and git Install Packer, drop the packer binary in a folder in your user’s PATH like C:\Windows\System32\ Install Python 3 (make sure to add Python to your environment variables) Open a console (Windows-Key + cmd) pip3 install setuptoolspip3 install -U git+ creationThis creates your base box that is imported in Vagrant. Afterwards you can re-use the same box several times per sample analysis.Run:malboxes build

Metasploit 5.0 – The World’s Most Used Penetration Testing Framework

Knowledge is power, especially when it’s shared. A collaboration between the open source community and Rapid7, Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness; it empowers and arms defenders to always stay one step (or two) ahead of the game.Rapid7 announced the release of Metasploit 5.0, the new version includes several new important features and, the company believes it will easier to use and more powerful.Metasploit is the most widely used penetration testing framework and it has more than 1500+ modules that deliver functionalities covering every phase of a penetration test, making the life of a penetration tester comparatively easier. Most important changes introduced in the Metasploit 5.0 include new database and automation APIs, evasion modules and libraries, language support, improved performance.Metasploit 5.0 is currently available from its official GitHub project. Rapid7 says it’s in the process of informing third-party developers that Metasploit 5.0 is stable – Linux distributions such as Kali and ParrotSec are shipped with Metasploit.Metasploit 5.0 Release NotesMetasploit 5.0 brings many new features, including new database and automation APIs, evasion modules and libraries, language support, improved performance, and ease-of-use.The following is a high-level overview of Metasploit 5.0’s features and capabilities.Metasploit users can now run the PostgreSQL database by itself as a RESTful service, which allows for multiple Metasploit consoles and external tools to interact with it.Parallel processing of the database and regular msfconsole operations improves performance by offloading some bulk operations to the database service.A JSON-RPC API enables users to integrate Metasploit with additional tools and languages.This release adds a common web service framework to expose both the database and the automation APIs; this framework supports advanced authentication and concurrent operations. Read more about how to set up and run these new services here.Adds evasion module type and libraries to let users generate evasive payloads without having to install external tools. Read the research underpinning evasion modules here. Rapid7’s first evasion modules are here.The metashell feature allows users to run background sessions and interact with shell sessions without needing to upgrade to a Meterpreter session.External modules add Metasploit support for Python and Go in addition to Ruby.Any module can target multiple hosts by setting RHOSTS to a range of IPs, or by referencing a hosts file with the file:// option. Metasploit now treats RHOST and RHOSTS as identical options.An updated search mechanism improves Framework start time and removes database dependency.Download Metasploit 5.0


Kube-Hunter – Hunt For Security Weaknesses In Kubernetes Clusters

Kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. You should NOT run kube-hunter on a Kubernetes cluster you don’t own!Run kube-hunter: kube-hunter is available as a container (aquasec/kube-hunter), and we also offer a web site at where you can register online to receive a token allowing you see and share the results online. You can also run the Python code yourself as described below.Contribute: We welcome contributions, especially new hunter modules that perform additional tests. If you would like to develop your own modules please read Guidelines For Developing Your First kube-hunter Module.HuntingWhere should I run kube-hunter?Run kube-hunter on any machine (including your laptop), select Remote scanning and give the IP address or domain name of your Kubernetes cluster. This will give you an attackers-eye-view of your Kubernetes setup.You can run kube-hunter directly on a machine in the cluster, and select the option to probe all the local network interfaces.You can also run kube-hunter in a pod within the cluster. This gives an indication of how exposed your cluster would be in the event that one of your application pods is compromised (through a software vulnerability, for example).Scanning optionsBy default, kube-hunter will open an interactive session, in which you will be able to select one of the following scan options. You can also specify the scan option manually from the command line. These are your options: Remote scanning To specify remote machines for hunting, select option 1 or use the –remote option. Example: ./ –remote Internal scanning To specify internal scanning, you can use the –internal option. (this will scan all of the machine’s network interfaces) Example: ./ –internal Network scanning To specify a specific CIDR to scan, use the –cidr option. Example: ./ –cidr Active HuntingActive hunting is an option in which kube-hunter will exploit vulnerabilities it finds, in order to explore for further vulnerabilities. The main difference between normal and active hunting is that a normal hunt will never change state of the cluster, while active hunting can potentially do state-changing operations on the cluster, which could be harmful.By default, kube-hunter does not do active hunting. To active hunt a cluster, use the –active flag. Example: ./ –remote –activeList of testsYou can see the list of tests with the –list option: Example: ./ –listTo see active hunting tests as well as passive: ./ –list –activeOutputTo control logging, you can specify a log level, using the –log option. Example: ./ –active –log WARNING Available log levels are:DEBUGINFO (default)WARNINGTo see only a mapping of your nodes network, run with –mapping option. Example: ./ –cidr –mapping This will output all the Kubernetes nodes kube-hunter has found.DeploymentThere are three methods for deploying kube-hunter:On MachineYou can run the kube-hunter python code directly on your machine.PrerequisitesYou will need the following installed:python 2.7pipClone the repository:git clone [email protected]:aquasecurity/kube-hunter.gitInstall module dependencies:cd ./kube-hunterpip install -r requirements.txtIn the case where you have python 3.x in the path as your default, and python2 refers to a python 2.7 executable, use “python2 -m pip install -r requirements.txt"Run: ./kube-hunter.pyContainerAqua Security maintains a containerised version of kube-hunter at aquasec/kube-hunter. This container includes this source code, plus an additional (closed source) reporting plugin for uploading results into a report that can be viewed at Please note that running the aquasec/kube-hunter container and uploading reports data are subject to additional terms and conditions.The Dockerfile in this repository allows you to build a containerised version without the reporting plugin.If you run the kube-hunter container with the host network it will be able to probe all the interfaces on the host:docker run -it –rm –network host aquasec/kube-hunterNote for Docker for Mac/Windows: Be aware that the "host" for Docker for Mac or Windows is the VM which Docker runs containers within. Therefore specifying –network host allows kube-hunter access to the network interfaces of that VM, rather than those of your machine. By default kube-hunter runs in interactive mode. You can also specify the scanning option with the parameters described above e.g.docker run –rm aquasec/kube-hunter –cidr option lets you discover what running a malicious container can do/discover on your cluster. This gives a perspective on what an attacker could do if they were able to compromise a pod, perhaps through a software vulnerability. This may reveal significantly more vulnerabilities.The job.yaml file defines a Job that will run kube-hunter in a pod, using default Kubernetes pod access settings.Run the job with kubectl create with that yaml file.Find the pod name with kubectl describe job kube-hunterView the test results with kubectl logs Download Kube-Hunter


Stretcher – Tool Designed To Help Identify Open Elasticsearch Servers That Are Exposing Sensitive Information

Stretcher is a tool to search for open elasticsearch servers.Usage: python –shodan {key} –action analyze –threads {0..100} –dork python –help _____ __ __ __ / ___// /_________ / /______/ /_ ___ _____ \__ \/ __/ ___/ _ \/ __/ ___/ __ \/ _ \/ ___/ ___/ / /_/ / / __/ /_/ /__/ / / / __/ / /____/\__/_/ \___/\__/\___/_/ /_/\___/_/ Tool designed to help identify incorrectly Applications that are exposing sensitive [+] Interesting indexes were found payment, address, email, user Browser: Organization: Hostnames: Domains: City: Ashburn Country: United States Status: Without authentication (Open)Installation$ sudo pip3 install pyfiglet shodan elasticsearch $ cd $HOME/$ git clone$ sudo chmod -R 777 stretcher/DisclaimerCode samples are provided for educational purposes. Adequate defenses can only be built by researching attack techniques available to malicious actors. Using this code against target systems without prior permission is illegal in most jurisdictions. The authors are not liable for any damages from misuse of this information or code.Download Stretcher


SQLMap v1.3 – Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.FeaturesFull support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix database management systems.Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band.Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.Support to dump database tables entirely, a range of entries or specific columns as per user’s choice. The user can also choose to dump only a range of characters from each column’s entry.Support to search for specific database names, specific tables across all databases or specific columns across all databases’ tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns’ names contain string like name and pass.Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user’s choice.Support for database process’ user privilege escalation via Metasploit’s Meterpreter getsystem command.InstallationYou can download the latest tarball by clicking here or latest zipball by clicking here.Preferably, you can download sqlmap by cloning the Git repository:git clone –depth 1 sqlmap-devsqlmap works out of the box with Python version 2.6.x and 2.7.x on any platform.UsageTo get a list of basic options and switches use:python -hTo get a list of all options and switches use:python -hhYou can find a sample run here. To get an overview of sqlmap capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the user’s manual.DemoLinksHomepage: http://sqlmap.orgDownload: .tar.gz or .zipCommits RSS feed: tracker:’s manual: Asked Questions (FAQ): @sqlmapDemos: SQLMap v1.2.11


Exrex – Irregular Methods On Regular Expressions

Exrex is a command line tool and python module that generates all – or random – matching strings to a given regular expression and more. It’s pure python, without external dependencies.There are regular expressions with infinite matching strings (eg.: [a-z]+), in these cases exrex limits the maximum length of the infinite parts.Exrex uses generators, so the memory usage does not depend on the number of matching strings.FeaturesGenerating all matching stringsGenerating a random matching stringCounting the number of matching stringsSimplification of regular expressionsInstallationTo install exrex, simply:$ pip install exrexor$ easy_install exrexUsageas python module>>> import exrex>>> exrex.getone(‘(ex)r\\1’)’exrex’>>> list(exrex.generate(‘((hai){2}|world!)’))[‘haihai’, ‘world!’]>>> exrex.getone(‘\d{4}-\d{4}-\d{4}-[0-9]{4}’)’3096-7886-2834-5671’>>> exrex.getone(‘(1[0-2]|0[1-9])(:[0-5]\d){2} (A|P)M’)’09:31:40 AM’>>> exrex.count(‘[01]{0,9}’)1023>>> print ‘\n’.join(exrex.generate(‘This is (a (code|cake|test)|an (apple|elf|output))\.’))This is a code.This is a cake.This is a test.This is an apple.This is an elf.This is an output.>>> print exrex.simplify(‘(ab|ac|ad)’)(a[bcd])Command line usage> exrex –helpusage: [-h] [-o FILE] [-l] [-d DELIMITER] [-v] REGEXexrex – regular expression string generatorpositional arguments: REGEX REGEX stringoptional arguments: -h, –help show this help message and exit -o FILE, –output FILE Output file – default is STDOUT -l N, –limit N Max limit for range size – default is 20 -c, –count Count matching strings -m N, –max-number N Max number of strings – default is -1 -r, –random Returns a random string that matches to the regex -s, –simplify Simplifies a regular expression -d DELIMITER, –delimiter DELIMITER Delimiter – default is \n -v, –verbose Verbose modeExamples:$ exrex ‘[asdfg]’asdfg$ exrex -r ‘(0[1-9]|1[012])-\d{2}’09-85$ exrex ‘[01]{10}’ -c1024Documentation exrex ‘( {20}(\| *\\|-{22}|\|)|\.={50}| ( ){0,5}\\\.| {12}~{39})’Eyes: exrex ‘(o|O|0)(_)(o|O|0)’Similar projectsTools that generate a list of all possible strings that match a given pattern:regldg (features a live demo on the website)regex-genex (supports using multiple regex patterns simultaneously)Tools that generate random strings, one by one, that match a given pattern:randexp.js (features several live demos on the website)rstr.xeger (a method of the rstr Python module)Profilingpython -m cProfile ‘[a-zA-Z][a-zA-Z][a-zA-Z][a-zA-Z]’ -o /dev/nullpython -m cProfile ‘[0-9]{6}’ -o /dev/nullDownload Exrex


Shodanploit – Shodan Command Line Interface Written In Python

Shodan is a search engine on the internet where you can find interesting things all over the world. For example, we can find cameras, bitcoin streams, zombie computers, ports with weakness in service, SCADA systems, and more. Moreover, more specific searches are possible. As a result of the search, Shodan shows us the number of vulnerable hosts on Earth.So what does shodansploit do ?With Shodan Exploit, you will have all your calls on your terminal. It also allows you to make detailed searches. All you have to do without running Shodansploiti is to add shodan api. Note : The quality of the search will change according to the api privileges you have used.Shodan API Documention : REST API Documentation Exploits REST API Documentation Shodan API Specification :Banner Specification The banner is the main type of information that Shodan provides through the REST and Streaming API. This document outlines the various properties that are always present and which ones are optional. Exploit Specification The exploit type contains the normalized data from a variety of vulnerability data sources. The Exploits REST API returns this type for its search results. This document outlines the various properties that are always present and which ones are optional. Programming Languages :PythonSystem :[email protected]:~# git clone[email protected]:~# cd [email protected]:~/shodansploit# python shodansploit.pyWhat’s on the tool menu ?[1] GET > /shodan/host/{ip} [2] GET > /shodan/host/count[3] GET > /shodan/host/search [4] GET > /shodan/host/search/tokens [5] GET > /shodan/ports [6] GET > /shodan/exploit/author[7] GET > /shodan/exploit/cve[8] GET > /shodan/exploit/msb[9] GET > /shodan/exploit/bugtraq-id[10] GET > /shodan/exploit/osvdb[11] GET > /shodan/exploit/title[12] GET > /shodan/exploit/description[13] GET > /shodan/exploit/date[14] GET > /shodan/exploit/code[15] GET > /shodan/exploit/platform[16] GET > /shodan/exploit/port[17] GET > /dns/resolve[18] GET > /dns/reverse [19] GET > /labs/honeyscore/{ip}[20] GET > /account/profile [21] GET > /tools/myip [22] GET > /tools/httpheaders[23] GET > /api-info [24] ExitCloning an Existing Repository ( Clone with HTTPS )[email protected]:~# git clone an Existing Repository ( Clone with SSH )[email protected]:~# git clone :Mail : [email protected] : : : Shodanploit


JSShell – An Interactive Multi-User Web JS Shell

An interactive multi-user web based javascript shell. It was initially created in order to debug remote esoteric browsers during experiments and research. This tool can be easily attached to XSS (Cross Site Scripting) payload to achieve browser remote code execution (similar to the BeeF framework).Version 2.0 is created entirely from scratch, introducing new exciting features, stability and maintainability.AuthorDaniel Abeles.Shell VideoFeaturesMulti client supportCyclic DOM objects supportPre flight scriptsCommand Queue & ContextExtensible with PluginsInjectable via