Bolt – CSRF Scanning Suite

Bolt is in beta phase of development which means there can be bugs. Any production use of this tool discouraged. Pull requests and issues are welcome. I also suggest you to put this repo on watch if you are interested in it.WorkflowCrawlingBolt crawls the target website to the specified depth and stores all the HTML forms found in a database for further processing.EvaluatingIn this phase, Bolt finds out the tokens which aren’t strong enough and the forms which aren’t protected.ComparingThis phase focuses on detection on replay attack scenarios and hence checks if a token has been issued more than one time. It also calculates the average levenshtein distance between all the tokens to see if they are similar.Tokens are also compared against a database of 250+ hash patterns.ObservingIn this phase, 100 simultaneous requests are made to a single webpage to see if same tokens are generated for the requests.TestingThis phase is dedicated to active testing of the CSRF protection mechanism. It includes but not limited to checking if protection exsists for moblie browsers, submitting requests with self-generated token and testing if token is being checked to a certain length.AnalysingVarious statistical checks are performed in this phase to see if the token is really random. Following tests are performed during this phaseMonobit frequency testBlock frequency testRuns testSpectral testNon-overlapping template matching testOverlapping template matching testSerial testCumultative sums testAproximate entropy testRandom excursions variant testLinear complexity testLongest runs testMaurers universal statistic testRandom excursions testUsageScanning a website for CSRF using Bolt is as easy as doingpython3 bolt.py -u https://github.com -l 2Where -u is used to supply the URL and -l is used to specify the depth of crawling.Other options and switches:-t number of threads–delay delay between requests–timeout http request timeout–headers supply http headersCreditsRegular Expressions for detecting hashes are taken from hashID.Bit level entropy tests are taken from highfestiva’s python implementation of statistical tests.Download Bolt

Link: http://feedproxy.google.com/~r/PentestTools/~3/vu2sbgER-jY/bolt-csrf-scanning-suite.html

Pwndb – Search For Creadentials Leaked On Pwndb

A data leak differs from a data breach in that the former usually happens through omission or faulty practices rather than overt action, and may be so slight that it is never detected. While a data breach usually means that sensitive data has been harvested by someone who should not have accessed it, a data leak is a situation where such sensitive information might have been inadvertently exposed. pwndb is an onion service where leaked accounts are searchable using a simple form.After a breach occurs the data obtained is often put on sale. Sometimes, people try to blackmail the affected company, asking for money in exchange of not posting the data online. The second option is selling the data to a competitor, a rival or even an enemy. This data is used in so many different ways by companies and countries… but when the people responsible for obtaining the data fail on selling it, the bundle becomes worthless and they end up being placed in some sites like pastebin or pwndb.pwndb is a tool to search for leaked creadentials on pwndb using the command line. _ _ | | | _ ____ ___ __ __| | |__ | ‘_ \ \ /\ / / ‘_ \ / _` | ‘_ \ | |_) \ V V /| | | | (_| | |_) | | .__/ \_/\_/ |_| |_|\__,_|_.__/ | | |_| pwndb.py -u -d <domain>TutorialGo to https://davidtavarez.github.io/osint/2019/01/25/pwndb-command-line-tool-python.htmlDownload Pwndb

Link: http://feedproxy.google.com/~r/PentestTools/~3/StIgYaSXjQ8/pwndb-search-for-creadentials-leaked-on.html

ADAPT – Tool That Performs Automated Penetration Testing For WebApps

ADAPT is a tool that performs Automated Dynamic Application Penetration Testing for web applications. It is designed to increase accuracy, speed, and confidence in penetration testing efforts. ADAPT automatically tests for multiple industry standard OWASP Top 10 vulnerabilities, and outputs categorized findings based on these potential vulnerabilities. ADAPT also uses the functionality from OWASP ZAP to perform automated active and passive scans, and auto-spidering. Due to the flexible nature of the ADAPT tool, all of theses features and tests can be enabled or disabled from the configuration file. For more information on tests and configuration, please visit the ADAPT wiki.How it WorksADAPT uses Python to create an automated framework to use industry standard tools, such as OWASP ZAP and Nmap, to perform repeatable, well-designed procedures with anticipated results to create an easly understandable report listing vulnerabilities detected within the web application.Automated Tests:* OTG-IDENT-004 – Account Enumeration* OTG-AUTHN-001 – Testing for Credentials Transported over an Encrypted Channel* OTG-AUTHN-002 – Default Credentials* OTG-AUTHN-003 – Testing for Weak lock out mechanism* OTG-AUTHZ-001 – Directory Traversal* OTG-CONFIG-002 – Test Application Platform Configuration* OTG-CONFIG-006 – Test HTTP Methods* OTG-CRYPST-001 – Testing for Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection* OTG-CRYPST-002 – Testing for Padding Oracle* OTG-ERR-001 – Testing for Error Code* OTG-ERR-002 – Testing for Stack Traces* OTG-INFO-002 – Fingerprinting the Webserver* OTG-INPVAL-001 – Testing for Reflected Cross site scripting* OTG-INPVAL-002 – Testing for Stored Cross site scripting* OTG-INPVAL-003 – HTTP Verb Tampering* OTG-SESS-001 – Testing for Session Management Schema* OTG-SESS-002 – Cookie AttributesInstalling the PluginDetailed install instructions.Download Adapt

Link: http://www.kitploit.com/2019/01/adapt-tool-that-performs-automated.html

ProcDump – A Linux Version Of The ProcDump Sysinternals Tool

ProcDump is a Linux reimagining of the classic ProcDump tool from the Sysinternals suite of tools for Windows. ProcDump provides a convenient way for Linux developers to create core dumps of their application based on performance triggers.Installation & UsageRequirementsMinimum OS:Red Hat Enterprise Linux / CentOS 7Fedora 26Mageia 6Ubuntu 14.04 LTSWe are actively testing against other Linux distributions. If you have requests for specific distros, please let us know (or create a pull request with the necessary changes).gdb >= 7.6.1zlib (build-time only)Install ProcDumpVia Package Manager [prefered method]1. Add the Microsoft Product feedcurl https://packages.microsoft.com/keys/microsoft.asc | gpg –dearmor > microsoft.gpgsudo mv microsoft.gpg /etc/apt/trusted.gpg.d/microsoft.gpgRegister the Microsoft Product feedUbuntu 16.04sudo sh -c ‘echo “deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-ubuntu-xenial-prod xenial main" > /etc/apt/sources.list.d/microsoft.list’Ubuntu 14.04sudo sh -c ‘echo "deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-ubuntu-trusty-prod trusty main" > /etc/apt/sources.list.d/microsoft.list’2. Install Procdumpsudo apt-get updatesudo apt-get install procdumpVia .deb PackagePre-Depends: dpkg(>=1.17.5)1. Download .deb PackageUbuntu 16.04wget https://packages.microsoft.com/repos/microsoft-ubuntu-xenial-prod/pool/main/p/procdump/procdump_1.0.1_amd64.debUbuntu 14.04wget https://packages.microsoft.com/repos/microsoft-ubuntu-trusty-prod/pool/main/p/procdump/procdump_1.0.1_amd64.deb2. Install Procdumpsudo dpkg -i procdump_1.0.1_amd64.debsudo apt-get -f installUninstallUbuntu 14.04+sudo apt-get purge procdumpUsageUsage: procdump [OPTIONS…] TARGET OPTIONS -C CPU threshold at which to create a dump of the process from 0 to 100 * nCPU -c CPU threshold below which to create a dump of the process from 0 to 100 * nCPU -M Memory commit threshold in MB at which to create a dump -m Trigger when memory commit drops below specified MB value. -n Number of dumps to write before exiting -s Consecutive seconds before dump is written (default is 10) TARGET must be exactly one of these: -p pid of the process -w Name of the process executableExamplesThe following examples all target a process with pid == 1234The following will create a core dump immediately.sudo procdump -p 1234The following will create 3 core dumps 10 seconds apart.sudo procdump -n 3 -p 1234The following will create 3 core dumps 5 seconds apart.sudo procdump -n 3 -s 5 -p 1234The following will create a core dump each time the process has CPU usage >= 65%, up to 3 times, with at least 10 seconds between each dump.sudo procdump -C 65 -n 3 -p 1234The following will create a core dump each time the process has CPU usage >= 65%, up to 3 times, with at least 5 seconds between each dump.sudo procdump -C 65 -n 3 -s 5 -p 1234The following will create a core dump when CPU usage is outside the range [10,65].sudo procdump -c 10 -C 65 -p 1234The following will create a core dump when CPU usage is >= 65% or memory usage is >= 100 MB.sudo procdump -C 65 -M 100 -p 1234All options can also be used with -w instead of -p. -w will wait for a process with the given name.The following waits for a process named my_application and creates a core dump immediately when it is found.sudo procdump -w my_applicationCurrent LimitationsCurrently will only run on Linux Kernels version 3.5+Does not have full feature parity with Windows version of ProcDump, specifically, stay alive functionality, and custom performance countersDownload ProcDump-for-Linux

Link: http://feedproxy.google.com/~r/PentestTools/~3/tkcqiIG2iUQ/procdump-linux-version-of-procdump.html

dnSpy – .NET Debugger And Assembly Editor

dnSpy is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don’t have any source code available.Want to say thanks? Click the star at the top of the page. Or fork dnSpy and send a PR!The following pictures show dnSpy in action. It shows dnSpy editing and debugging a .NET EXE file, not source code.FeaturesDebug .NET Framework, .NET Core and Unity game assemblies, no source code requiredEdit assemblies in C# or Visual Basic or IL, and edit all metadataLight and dark themesExtensible, write your own extensionHigh DPI support (per-monitor DPI aware)And much more, see belowdnSpy uses the ILSpy decompiler engine and the Roslyn (C# / Visual Basic) compiler and many other open source libraries, see below for more info.DebuggerDebug .NET Framework, .NET Core and Unity game assemblies, no source code requiredSet breakpoints and step into any assemblyLocals, watch, autos windowsVariables windows supports saving variables (eg. decrypted byte arrays) to disk or view them in the hex editor (memory window)Object IDsMultiple processes can be debugged at the same timeBreak on module loadTracepoints and conditional breakpointsExport/import breakpoints and tracepointsCall stack, threads, modules, processes windowsBreak on thrown exceptions (1st chance)Variables windows support evaluating C# / Visual Basic expressionsDynamic modules can be debugged (but not dynamic methods due to CLR limitations)Output window logs various debugging events, and it shows timestamps by default :)Assemblies that decrypt themselves at runtime can be debugged, dnSpy will use the in-memory image. You can also force dnSpy to always use in-memory images instead of disk files.Public API, you can write an extension or use the C# Interactive window to control the debuggerAssembly EditorAll metadata can be editedEdit methods and classes in C# or Visual Basic with IntelliSense, no source code requiredAdd new methods, classes or members in C# or Visual BasicIL editor for low level IL method body editingLow level metadata tables can be edited. This uses the hex editor internally.Hex EditorClick on an address in the decompiled code to go to its IL code in the hex editorReverse of above, press F12 in an IL body in the hex editor to go to the decompiled code or other high level representation of the bits. It’s great to find out which statement a patch modified.Highlights .NET metadata structures and PE structuresTooltips shows more info about the selected .NET metadata / PE fieldGo to position, file, RVAGo to .NET metadata token, method body, #Blob / #Strings / #US heap offset or #GUID heap indexFollow references (Ctrl+F12)OtherBAML decompilerBlue, light and dark themes (and a dark high contrast theme)BookmarksC# Interactive window can be used to script dnSpySearch assemblies for classes, methods, strings etcAnalyze class and method usage, find callers etcMultiple tabs and tab groupsReferences are highlighted, use Tab / Shift+Tab to move to next referenceGo to entry point and module initializer commandsGo to metadata token or metadata row commandsCode tooltips (C# and Visual Basic)Export to projectList of other open source libraries used by dnSpyILSpy decompiler engine (C# and Visual Basic decompilers)Roslyn (C# and Visual Basic compilers)dnlib (.NET metadata reader/writer which can also read obfuscated assemblies)VS MEF (Faster MEF equals faster startup)ClrMD (Access to lower level debugging info not provided by the CorDebug API)CreditsDownload dnSpy

Link: http://feedproxy.google.com/~r/PentestTools/~3/JZaPW594CQE/dnspy-net-debugger-and-assembly-editor.html

Faraday v3.5 – Collaborative Penetration Test and Vulnerability Management Platform

Here’s the main new features and improvements in Faraday v3.5:New vulnerability formWe are happy to introduce our new vulnerability form which makes the creation and editing of vulnerabilities easier.  The new form brings you tabs to make it smaller and group different fields.Custom fieldsAdd your own custom fields to your vulnerabilities. We currently support str, int and list types. You can also use these fields in your Executive Reports.2nd-factor authenticationWe added the optional feature for 2nd-factor authentication. You can use any mobile application to use our 2nd-factor authentication.Download Faraday v3.5

Link: http://feedproxy.google.com/~r/PentestTools/~3/Fq1vFkcIIFI/faraday-v35-collaborative-penetration.html

Malboxes – Builds Malware Analysis Windows VMs So That You Don’T Have To

Builds malware analysis Windows virtual machines so that you don’t have to.RequirementsPython 3.3+ packer: https://www.packer.io/docs/install/index.html vagrant: https://www.vagrantup.com/downloads.html VirtualBox or an vSphere / ESXi server Minimum specs for the build machineAt least 5 GB of RAM VT-X extensions strongly recommendedFedoradnf install ruby-devel gcc-c++ zlib-develvagrant plugin install winrm winrm-fsDebianapt install vagrant git python3-pipInstallationLinux/UnixInstall git, vagrant and packer using your distribution’s packaging tool (packer is sometimes called packer-io) pip install malboxes: sudo pip3 install git+https://github.com/GoSecure/malboxes.git#egg=malboxesWindows Note Starting with Windows 10 Hyper-V is always running below the operating system. Since VT-X needs to be operated exclusively by only one Hypervisor this causes VirtualBox (and malboxes) to fail. To disable Hyper-V and allow VirtualBox to run, issue the following command in an administrative command prompt then reboot: bcdedit /set hypervisorlaunchtype off Using ChocolateyThe following steps assume that you have Chocolatey installed. Otherwise, follow the manual installation procedure.Install dependencies: choco install python vagrant packer git virtualboxRefresh the console refreshenvInstall malboxes: pip3 install setuptoolspip3 install -U git+https://github.com/GoSecure/malboxes.git#egg=malboxesManuallyInstall VirtualBox, Vagrant and git Install Packer, drop the packer binary in a folder in your user’s PATH like C:\Windows\System32\ Install Python 3 (make sure to add Python to your environment variables) Open a console (Windows-Key + cmd) pip3 install setuptoolspip3 install -U git+https://github.com/GoSecure/malboxes.git#egg=malboxesUsageBox creationThis creates your base box that is imported in Vagrant. Afterwards you can re-use the same box several times per sample analysis.Run:malboxes build