Reverse Engineering Tools For Pl Sql Exception Handling
A Comprehensive Oracle PL/SQL Course Taught By Infinite Skills. From there, Lewis jumps into creating programs, using if statements, loops functions, how to handle exceptions, using packages, and even objects. This computer based training tutorial. Reverse Engineering and Exploit Development. Infinite Skills.
PL/SQL Developer by Allround Automations software review >>>PL/SQL Developer PL/SQL Developer by Allround Automations • • • • • • • • • • • • • 10-August-2001 Author: PL/SQL Developer and Direct Oracle Access are offered by Allround. For their website Rating PLSQL Developer is an extensible Oracle programming IDE that comes with almost every feature you'll need 'out of the box' to accomplish your daily programming tasks. No longer will you need to keep other editors or Oracle tools, telnet windows or SQL*Plus sessions open to get your job done. Once you skim the complete manual, you'll find yourself more productive than you ever thought possible.
It is highly customizable to fit the way you're accustomed to thinking and working. Somehow Allround manages to continue offering this tool for a very reasonable price, so it is a great value if you can't or won't cough up the exorbitant fees for the competition.
This version 4.0.2 came close to getting our highest rating of 5 stars. We expect that Allround will have fixed the minor problems we found and that this will be a 5 star product by early 2002. Usefulness to DBA Usefulness to developers Functionality, how much does it do User interface, intuitive/friendly Software quality, integrity, robustness Documentation quality and scope Technical support availability Value for money Ease of integration with other tools and systems Overall rating See the which compares the performance of PL/SQL Developer, TOAD, RapidSQL,and other tools Screen Shots • Two general themes come to mind when attempting to summarize what's great: value and flexibility. It doesn't have some of the DBA and advanced features that TOAD does, but it does pack an enormous feature set for the miniscule per-seat cost. It even includes features, like debugging and profiling, that cost hundreds more to add as modules to TOAD, SQLNavigator or RapidSQL.
Most of the time, I found working within PLSQL Developer (hereafter referred to as PSD) to be a dream. It simply worked the way my mind and ingrained Oracle habits worked. In the rare cases I wanted it to do something different, there was always some preference, template, or even menu customization that Allround had already anticipated in the design to accommodate me. Here's a list of other unique and excellent elements: • The action you need where you need it, all integrated and available from nearly every window.
2nd March 2015 - London, UK - As cyber security continues to hit the headlines, even smaller companies can expect to be subject to scrutiny and therefore securing their website is more important than ever. In response to this, Acunetix are offering the online edition of their vulnerability scanner at a new lower entry price. This new option allows consumers to opt for the ability to scan just one target or website and is a further step in making the top of the range scanner accessible to a wider market. A web vulnerability scanner allows the user to identify any weaknesses in their website architecture which might aid a hacker. They are then given the full details of the problem in order to fix it. While the scanner might previously have been a niche product used by penetration testers, security experts and large corporations, in our current cyber security climate, such products need to be made available to a wider market.
Acunetix have recognised this which is why both the product and its pricing have become more flexible and tailored to multiple types of user, with a one scan target option now available at $345. Pricing for other options has also been reduced by around 15% to reflect the current strength of the dollar. Use of the network scanning element of the product is also currently being offered completely free. Acunetix CEO Nicholas Galea said: ‘Due to recent attacks such as the Sony hack and the Anthem Inc breach, companies are under increasing pressure to ensure their websites and networks are secure. We’ve been continuously developing our vulnerability scanner for a decade now, it’s a pioneer in the field and continues to be the tool of choice for many security experts. We feel it’s a tool which can benefit a far wider market which is why we developed the more flexible and affordable online version.’.
User-friendly and competitively priced, Acunetix Vulnerability Scanner fully interprets and scans websites, including HTML5 and JavaScript and detects a large number of vulnerabilities, including SQL Injection and Cross Site Scripting, eliminating false positives. Acunetix beats competing products in many areas; including speed, the strongest support of modern technologies such as JavaScript, the lowest number of false positives and the ability to access restricted areas with ease. Acunetix also has the most advanced detection of WordPress vulnerabilities and a wide range of reports including HIPAA and PCI compliance. Unlike other online security scanners, Acunetix is able to find a much greater number of vulnerabilities because of its intelligent analysis engine – it can even detect and Blind vulnerabilities. And with a minimum of false positives. Remember that in the world of web scanning its not the number of different vulnerabilities that it can find, its the depth with which it can check for vulnerabilities.
Each scanner can find one or more SQL injection vulnerabilities, but few can find ALMOST ALL. Few scanners are able to find all pages and analyze all content, leaving large parts of your website unchecked. Acunetix will crawl the largest number of pages and analyze all content. And Acunetix OVS does not stop at web vulnerabilities. Recognizing the need to scan at network level and wanting to offer best of breed technology only, Acunetix has partnered with OpenVAS – the leading network security scanner. has been in development for more then 10 years and is backed by renowned security developers Greenbone.
OpenVAS draws on a vulnerability database of thousands of network level vulnerabilities. Importantly, OpenVAS vulnerability databases are always up to date, boasting an average response rate of less than 24 hours for updating and deploying vulnerability signatures to scanners. The areas of a website which are most likely to be attacked and are prone to vulnerabilities are those areas that require a user to login. Therefore the latest version of Acunetix vastly improves on its ‘Login Sequence Recorder’ which can now navigate multi-step authenticated areas automatically and with ease.
It crawls at lightning speed with its ‘DeepScan’ crawling engine now analyzing web applications developed using both Java Frameworks and Ruby on Rails. Version 10 also improves the automated scanning of RESTful and SOAP-based web services and can now detect over 1200 vulnerabilities in WordPress core and plugins. Latest automation functionality makes Acunetix not only even easier to use, but gives better peace of mind through ensuring the entire website is scanned.
Restricted areas, especially user login pages, make it more difficult for a scanner to access and often required manual intervention. The Acunetix “Login Sequence Recorder” overcomes this, having been significantly improved to allow restricted areas to be scanned completely automatically. This includes the ability to scan web applications that use Single Sign-On (SSO) and OAuth-based authentication. With the recorder following user actions rather than HTTP requests, it drastically improves support for anti-CSRF tokens, nonces or other one-time tokens, which are often used in restricted areas. With WordPress sites having exceeded 74 million in number, a single vulnerability found in the WordPress core, or even in a plugin, can be used to attack millions of individual sites. The flexibility of being able to use externally developed plugins leads to the development of even more vulnerabilities.
Acunetix v10 now tests for over 1200 WordPress-specific vulnerabilities, based on the most frequently downloaded plugins, while still retaining the ability to detect vulnerabilities in custom built plugins. No other scanner on the market can detect as many WordPress vulnerabilities.
Many enterprise-grade, mission critical applications are built using Java Frameworks and Ruby on Rails. Version 10 has been engineered to accurately crawl and scan web applications built using these technologies. With the increase in HTML5 Single Page Applications and mobile applications, web services have become a significant attack vector.
The new version improves support for SOAP-based web services with WSDL and WCF descriptions as well as automated scanning of RESTful web services using WADL definitions. Furthermore, version 10, introduces dynamic crawl pre-seeding by integrating with external, third-party tools including Fiddler, Burp Suite and the Selenium IDE to enhance Business Logic Testing and the workflow between Manual Testing and Automation. Free Download Samsung Pc Studio 3 Usb Driver Installer. New in Acunetix Vulnerability Scanner v10 • 'Login Sequence Recorder' has been re-engineered from the ground-up to allow restricted areas to be scanned entirely automatically. • Now tests for over 1200 WordPress-specific vulnerabilities in the WordPress core and plugins. • Acunetix WVS Crawl data can be augmented using the output of: Fiddler.saz files, Burp Suite saved items, Burp Suite state files, HTTP Archive (.har) files, Acunetix HTTP Sniffer logs, Selenium IDE Scripts. • Improved support for Java Frameworks (Java Server Faces [JSF], Spring and Struts) and Ruby on Rails.
• Increased web services support for web applications which make use of WSDL based web-services, Microsoft WCF-based web services and RESTful web services. • Ships with a malware URL detection service, which is used to analyse all the external links found during a scan against a constantly updated database of Malware and Phishing URLs. A tool to detect and crash Cuckoo Sandbox. Tested in and. Features • Detection: • Cuckoo hooks detection (all kind of cuckoo hooks). • Suspicius data in own memory (without APIs, page per page scanning).
• Crash (Execute with arguments) (out of a sandbox these args dont crash the program): • -c1: Modify the RET N instruction of a hooked API with a higher value. Next call to API pushing more args into stack. If the hooked API is called from the Cuckoo's HookHandler the program crash because it only pushes the real API args then the modified RET N instruction corrupt the HookHandler's stack. The overkill methods can be useful.
For example using the overkill methods you have two features in one: detection/crash and 'a kind of Sleep' (Cuckoomon bypass long Sleeps calls). Cuckoo Detection Submit Release/anticuckoo.exe to analysis in Cuckoo Sandbox. Check the screenshots (console output).
Also you can check Accesed Files in Sumary. You can select one or more crashes in the upper pane, and then save them (Ctrl+S) into text/html/xml/csv file or copy them to the clipboard,and paste them into Excel or other spreadsheet application. Command-Line Options /ProfilesFolder Specifies the user profiles folder (e.g: c: users) to load. If this parameter is not specified, the profiles folder of the current operating system is used. /ReportsFolder Specifies the folder that contains the WER files you wish to load. /ShowReportQueue Specifies whether to enable the 'Show ReportQueue Files' option. 1 = enable, 0 = disable /ShowReportArchive Specifies whether to enable the 'Show ReportArchive Files' option.
1 = enable, 0 = disable /stext Save the list of application crashes into a regular text file. /stab Save the list of application crashes into a tab-delimited text file. /scomma Save the list of application crashes into a comma-delimited text file (csv). /stabular Save the list of application crashes into a tabular text file.
/shtml Save the list of application crashes into HTML file (Horizontal). /sverhtml Save the list of application crashes into HTML file (Vertical).
/sxml Save the list of application crashes into XML file. /sort This command-line option can be used with other save options for sorting by the desired column. If you don't specify this option, the list is sorted according to the last sort that you made from the user interface. The parameter can specify the column index (0 for the first column, 1 for the second column, and so on) or the name of the column, like 'Event Name' and 'Process File'.
You can specify the '~' prefix character (e.g: '~Event Time') if you want to sort in descending order. You can put multiple /sort in the command-line if you want to sort by multiple columns. Examples: AppCrashView.exe /shtml 'f: temp crashlist.html' /sort 2 /sort ~1 AppCrashView.exe /shtml 'f: temp crashlist.html' /sort 'Process File' /nosort When you specify this command-line option, the list will be saved without any sorting. Akamai boast around 100,000 edge nodes around the world which offer load balancing, web application firewall, caching etc, to ensure that a minimal amount of requests actually hit your origin web-server beign protected. However, the issue with caching is that you cannot cache something that is non-deterministic, I.E a search result. A search that has not been requested before is likely not in the cache, and will result in a Cache-Miss, and the Akamai edge node requesting the resource from the origin server itself.
Ares is made of two main programs: • A Command aNd Control server, which is a Web interface to administer the agents • An agent program, which is run on the compromised host, and ensures communication with the CNC The Web interface can be run on any server running Python. You need to install the cherrypy package. The client is a Python program meant to be compiled as a win32 executable using.
It depends on the requests, pythoncom, pyhook python modules and on PIL (Python Imaging Library). It currently supports: • remote cmd.exe shell • persistence • file upload/download • screenshot • key logging. Installation Server To install the server, first create the sqlite database: cd server/ python db_init.py If no installed, install the cherrypy python package. Then launch the server by issuing: python server.py By default, the server listens on Agent The agent can be launched as a python script, but it is ultimately meant to be compiled as a win32 executable using. First, install all the dependencies: • requests • pythoncom • pyhook • PIL Then, configure agent/settings.py according to your needs: SERVER_URL = URL of the CNC http server BOT_ID = the (unique) name of the bot, leave empty to use hostname DEBUG = should debug messages be printed to stdout? IDLE_TIME = time of inactivity before going in idle mode (the agent checks the CNC for commands far less often when idle). REQUEST_INTERVAL = interval between each query to the CNC when active Finally, use pyinstaller to compile the agent into a single exe file: cd client/ pyinstaller --onefile --noconsole agent.py.
Ashttp provide a simple way to expose any shell command by HTTP. For example, to expose top by HTTP, try: ashttp -p8080 top; then try Dependencies ashttp depends on hl_vt100, a headless VT100 emulator. To get and compile hl_vt100: $ git clone $ aptitude install python-dev $ make python_module $ python setup.py install Usage ashttp can serve any text application over HTTP, like: $ ashttp -p 8080 top to serve a top on port 8080 $ ashttp -p 8080 watch -n 1 ls -lah /tmp to serve an actualized directory listing of /tmp.
Examples Delimiting the values on the CLI arguments it must be by double quotes only! User Guide - How to use?
• After installation, the Autorize tab will be added to Burp. • Open the configuration tab (Autorize ->Configuration). • Get your low-privileged user authorization token header (Cookie / Authorization) and copy it into the textbox containing the text 'Insert injected header here'.
• Click on 'Intercept is off' to start intercepting the traffic in order to allow Autorize to check for authorization enforcement. • Open a browser and configure the proxy settings so the traffic will be passed to Burp. • Browse to the application you want to test with a high privileged user. • The Autorize table will show you the request's URL and enforcement status. • It is possible to click on a specific URL and see the original/modified request/response in order to investigate the differences.
For example, if there is a request enforcement status that is detected as 'Authorization enforced??? (please configure enforcement detector)' it is possible to investigate the modified/original response and see that the modified response body includes the string 'You are not authorized to perform action', so you can add a filter with the fingerprint value 'You are not authorized to perform action', so Autorize will look for this fingerprint and will automatically detect that authorization is enforced. It is possible to do the same by defining content-length filter. What's new • Preinstalled Linux Kernel 3.16 • New Ubuntu 14.04.2 base • Ruby 2.1 • Installer with LVM and Full Disk Encryption options • Handy Thunar custom actions • RAM wipe at shutdown/reboot • System improvements • Upstream components • Bug corrections • Performance boost • Improved Anonymous mode • Predisposition to ARM architecture (armhf Debian packages) • Predisposition to BackBox Cloud platform • New and updated hacking tools: beef-project, btscanner, dirs3arch, metasploit-framework, ophcrack, setoolkit, tor, weevely, wpscan, etc. The Bacula Console service is the program that allows the administrator or user to communicate with the Bacula Director Currently, the Bacula Console is available in three versions: text-based console interface, QT-based interface, and a wxWidgets graphical interface. The first and simplest is to run the Console program in a shell window (i.e.
TTY interface). Most system administrators will find this completely adequate.
The second version is a GNOME GUI interface that is far from complete, but quite functional as it has most the capabilities of the shell Console. The third version is a wxWidgets GUI with an interactive file restore.
It also has most of the capabilities of the shell console, allows command completion with tabulation, and gives you instant help about the command you are typing. For more details see the Bacula Console Design Document_ConsoleChapter. The Bacula File service (also known as the Client program) is the software program that is installed on the machine to be backed up. It is specific to the operating system on which it runs and is responsible for providing the file attributes and data when requested by the Director. The File services are also responsible for the file system dependent part of restoring the file attributes and data during a recovery operation.
For more details see the File Services Daemon Design Document in the Bacula Developer’s Guide. This program runs as a daemon on the machine to be backed up. In addition to Unix/Linux File daemons, there is a Windows File daemon (normally distributed in binary format). The Windows File daemon runs on current Windows versions (NT, 2000, XP, 2003, and possibly Me and 98). The Catalog services are comprised of the software programs responsible for maintaining the file indexes and volume databases for all files backed up.
The Catalog services permit the system administrator or user to quickly locate and restore any desired file. The Catalog services sets Bacula apart from simple backup programs like tar and bru, because the catalog maintains a record of all Volumes used, all Jobs run, and all Files saved, permitting efficient restoration and Volume management.
Bacula currently supports three different databases, MySQL, PostgreSQL, and SQLite, one of which must be chosen when building Bacula. The packages for MySQL and PostgreSQL are available for several operating systems. Alternatively, installing from the source is quite easy, see the Installing and Configuring MySQLMySqlChapter chapter of this document for the details. For more information on MySQL, please see: www.mysql.comOr see the Installing and Configuring PostgreSQLPostgreSqlChapter chapter of this document for the details. For more information on PostgreSQL, please see: www.postgresql.orghttp://www.postgresql.org.
On the VM to be set up as the server, perform the following steps. Make sure to write down the administrative password. $ sudo apt-get install libffi-dev build-essential python-dev python-pip libssl-dev libxml2-dev libxslt1-dev $ pip install pydes --allow-external pydes --allow-unverified pydes $ pip install beeswarm Downloading/unpacking beeswarm.
Successfully installed Beeswarm Cleaning up. $ mkdir server_workdir $ cd server-workdir/ $ beeswarm --server. **************************************************************************** Default password for the admin account is: uqbrlsabeqpbwy ****************************************************************************. BEURK is an userland for GNU/Linux, heavily focused around anti-debugging and anti-detection. NOTE: BEURK is a recursive acronym for B EURK E xperimental U nix R oot K it Features • Hide attacker files and directories • Realtime log cleanup (on ) • Anti process and login detection • Bypass unhide, lsof, ps, ldd, netstat analysis • Furtive PTY backdoor client Upcoming features • hooking for anti-debugging • hooking undermines local sniffers • PAM backdoor for local privilege escalation Usage • Compile.
BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers. The repository contains 1308 tools. You can install tools individually or in groups.
BlackArch Linux is compatible with existing Arch installs. The BlackArch Live ISO contains multiple window managers. ChangeLog v2015.11.24: • added more than 100 new tools • updated system packages • include linux kernel 4.2.5 • updated all tools • updated menu entries for window managers • added (correct) multilib support • added more fonts • added missing group 'vboxsf'. Blackbone, Windows Memory Hacking Library Features • x86 and x64 support • Process interaction • Manage PEB32/PEB64 • Manage process through WOW64 barrier • Process Memory • Allocate and free virtual memory • Change memory protection • Read/Write virtual memory • Process modules • Enumerate all (32/64 bit) modules loaded.
Enumerate modules using Loader list/Section objects/PE headers methods. • Get exported function address • Get the main module • Unlink module from loader lists • Inject and eject modules (including pure IL images) • Inject 64bit modules into WOW64 processes • Manually map native PE images • Threads • Enumerate threads • Create and terminate threads.
Support for cross-session thread creation. What it can do? What tools and exploits it consist of? • Tools: • atshell.c by Bastian Ballmann (modified attest.c by Marcel Holtmann) • bccmd by Marcel Holtmann • bdaddr.c by Marcel Holtmann • bluetracker.py by smiley • carwhisperer v0.2 by Martin Herfurt • psm_scan and rfcomm_scan from bt_audit-0.1.1 by Collin R.
Mulliner • BSS (Bluetooth Stack Smasher) v0.8 by Pierre Betouin • btftp v0.1 by Marcel Holtmann • btobex v0.1 by Marcel Holtmann • greenplaque v1.5 by digitalmunition.com • L2CAP packetgenerator by Bastian Ballmann • obex stress tests 0.1 • redfang v2.50 by Ollie Whitehouse • ussp-push v0.10 by Davide Libenzi • exploits/attacks: • Bluebugger v0.1 by Martin J. Muench • bluePIMp by Kevin Finisterre • BlueZ hcidump v1.29 DoS PoC by Pierre Betouin • helomoto by Adam Laurie • hidattack v0.1 by Collin R.
Mulliner • Mode 3 abuse attack • Nokia N70 l2cap packet DoS PoC Pierre Betouin • opush abuse (prompts flood) DoS attack • Sony-Ericsson reset display PoC by Pierre Betouin • you can add your own tools by editing 'exploits/exploits.lst' and 'tools/tools.lst'. BlueZ (3.9/3.24) • Eterm to open tools somewhere, you can set another term in 'config/defaul.conf' changing the value of 'cmd_term' variable. (tested with 1.1 ver) • pkg-config(0.21), 'tee' used in tools/showmaxlocaldevinfo.sh, openobex, obexftp • libopenobex1 + libopenobex-dev (needed by ussp-push) • libxml2, libxml2-dev (needed by btftp) • libusb-dev (needed by bccmd) • libreadline5-dev (needed by atshell.c) • lightblue-0.3.3 (needed by obexstress.py) • hardware: any bluez compatible bluetooth-device. BlueScreenView scans all your minidump files created during 'blue screen of death' crashes, and displays the information about all crashes in one table. For each crash, BlueScreenView displays the minidump filename, the date/time of the crash, the basic crash information displayed in the blue screen (Bug Check Code and 4 parameters), and the details of the driver or module that possibly caused the crash (filename, product name, file description, and file version). For each crash displayed in the upper pane, you can view the details of the device drivers loaded during the crash in the lower pane.
BlueScreenView also mark the drivers that their addresses found in the crash stack, so you can easily locate the suspected drivers that possibly caused the crash. Features • Automatically scans your current minidump folder and displays the list of all crash dumps, including crash dump date/time and crash details. • Allows you to view a blue screen which is very similar to the one that Windows displayed during the crash. • BlueScreenView enumerates the memory addresses inside the stack of the crash, and find all drivers/modules that might be involved in the crash.
• BlueScreenView also allows you to work with another instance of Windows, simply by choosing the right minidump folder (In Advanced Options). • BlueScreenView automatically locate the drivers appeared in the crash dump, and extract their version resource information, including product name, file version, company, and file description. Crashes Information Columns (Upper Pane) • Dump File: The MiniDump filename that stores the crash data. • Crash Time: The created time of the MiniDump filename, which also matches to the date/time that the crash occurred.
• Bug Check String: The crash error string. This error string is determined according to the Bug Check Code, and it's also displayed in the blue screen window of Windows. • Bug Check Code: The bug check code, as displayed in the blue screen window. • Parameter 1/2/3/4: The 4 crash parameters that are also displayed in the blue screen of death. • Caused By Driver: The driver that probably caused this crash. BlueScreenView tries to locate the right driver or module that caused the blue screen by looking inside the crash stack. However, be aware that the driver detection mechanism is not 100% accurate, and you should also look in the lower pane, that display all drivers/modules found in the stack.
These drivers/modules are marked in pink color. • Caused By Address: Similar to 'Caused By Driver' column, but also display the relative address of the crash. • File Description: The file description of the driver that probably caused this crash.
This information is loaded from the version resource of the driver. • Product Name: The product name of the driver that probably caused this crash. This information is loaded from the version resource of the driver.
• Company: The company name of the driver that probably caused this crash. This information is loaded from the version resource of the driver. • File Version: The file version of the driver that probably caused this crash.
This information is loaded from the version resource of the driver. • Crash Address:The memory address that the crash occurred. (The address in the EIP/RIP processor register) In some crashes, this value might be identical to 'Caused By Address' value, while in others, the crash address is different from the driver that caused the crash. • Stack Address 1 - 3: The last 3 addresses found in the call stack.
Be aware that in some crashes, these values will be empty. Also, the stack addresses list is currently not supported for 64-bit crashes. Drivers Information Columns (Lower Pane) • Filename: The driver/module filename • Address In Stack: The memory address of this driver that was found in the stack. • From Address: First memory address of this driver. • To Address: Last memory address of this driver. • Size: Driver size in memory. • Time Stamp: Time stamp of this driver.
• Time String: Time stamp of this driver, displayed in date/time format. • Product Name: Product name of this driver, loaded from the version resource of the driver. • File Description: File description of this driver, loaded from the version resource of the driver. • File Version: File version of this driver, loaded from the version resource of the driver. • Company: Company name of this driver, loaded from the version resource of the driver. • Full Path: Full path of the driver filename. Lower Pane Modes Currently, the lower pane has 4 different display modes.
You can change the display mode of the lower pane from Options->Lower Pane Mode menu. • All Drivers: Displays all the drivers that were loaded during the crash that you selected in the upper pane. The drivers/module that their memory addresses found in the stack, are marked in pink color. • Only Drivers Found In Stack: Displays only the modules/drivers that their memory addresses found in the stack of the crash. There is very high chance that one of the drivers in this list is the one that caused the crash. • Blue Screen in XP Style: Displays a blue screen that looks very similar to the one that Windows displayed during the crash.
• DumpChk Output: Displays the output of Microsoft DumpChk utility. This mode only works when Microsoft DumpChk is installed on your computer and BlueScreenView is configured to run it from the right folder (In the Advanced Options window). Command-Line Options /LoadFrom Specifies the source to load from. 1 ->Load from a single MiniDump folder (/MiniDumpFolder parameter) 2 ->Load from all computers specified in the computer list file. (/ComputersFile parameter) 3 ->Load from a single MiniDump file (/SingleDumpFile parameter) /MiniDumpFolder Start BlueScreenView with the specified MiniDump folder.
/SingleDumpFile Start BlueScreenView with the specified MiniDump file. (For using with /LoadFrom 3) /ComputersFile Specifies the computers list filename. (When LoadFrom = 2) /LowerPaneMode Start BlueScreenView with the specified mode. 1 = All Drivers, 2 = Only Drivers Found In Stack, 3 = Blue Screen in XP Style. /stext Save the list of blue screen crashes into a regular text file. /stab Save the list of blue screen crashes into a tab-delimited text file.
/scomma Save the list of blue screen crashes into a comma-delimited text file (csv). /stabular Save the list of blue screen crashes into a tabular text file. /shtml Save the list of blue screen crashes into HTML file (Horizontal). /sverhtml Save the list of blue screen crashes into HTML file (Vertical). /sxml Save the list of blue screen crashes into XML file. /sort This command-line option can be used with other save options for sorting by the desired column.
If you don't specify this option, the list is sorted according to the last sort that you made from the user interface. The parameter can specify the column index (0 for the first column, 1 for the second column, and so on) or the name of the column, like 'Bug Check Code' and 'Crash Time'. You can specify the '~' prefix character (e.g: '~Crash Time') if you want to sort in descending order. You can put multiple /sort in the command-line if you want to sort by multiple columns. Examples: BlueScreenView.exe /shtml 'f: temp crashes.html' /sort 2 /sort ~1 BlueScreenView.exe /shtml 'f: temp crashes.html' /sort 'Bug Check String' /sort '~Crash Time' /nosort When you specify this command-line option, the list will be saved without any sorting.
The target domain is queried for MX and NS records. Sub-domains are passively gathered via NetCraft. The target domain NS records are each queried for potential Zone Transfers. If none of them gives up their spinach, Bluto will brute force subdomains using parallel sub processing on the top 20000 of the 'The Alexa Top 1 Million subdomains'.
NetCraft results are presented individually and are then compared to the brute force results, any duplications are removed and particularly interesting results are highlighted. Pip Install Instructions Note: To test if pip is already installed execute. Pip -V (1) Mac and Kali users can simply use the following command to download and install pip. Curl -o - python Bluto Install Instructions (1) Once pip has successfully downloaded and installed, we can install Bluto: sudo pip install git+git://github.com/RandomStorm/Bluto (2) You should now be able to execute 'bluto' from any working directory in any terminal. Bluto Upgrade Instructions (1) The upgrade process is as simple as; sudo pip install git+git://github.com/RandomStorm/Bluto --upgrade. The repository contains a first version of the components described in the Bohatei paper, as well as a web-based User Interface. The backend folder consists of: • an implementation of the FlowTags framework for the OpenDaylight controller • an implementation of the resource management algorithms • a topology file that was used to simulate an ISP topology • scripts that facilitate functions such as spawning, tearing down and retrieving the topology.
• scripts that automate and coordinate the components required for the usecases examined. # This will connect to the slave 40:14:33:66:CC:FF device and # wait for a connection from the master F1:64:F3:31:67:88 device btproxy F1:64:F3:31:67:88 40:14:33:66:CC:FF Where the master is typically the phone and the slave mac address is typically the other peripherial device (smart watch, headphones, keyboard, obd2 dongle, etc). The master is the device the sends the connection request and the slave is the device listening for something to connect to it. After the proxy connects to the slave device and the master connects to the proxy device, you will be able to see traffic and modify it.
How to find the BT MAC Address? Well, you can look it up in the settings usually for a phone. The most robost way is to put the device in advertising mode and scan for it.
There are two ways to scan for devices: scanning and inquiring. Hcitool can be used to do this. Sdptool records Usage Some devices may restrict connecting based on the name, class, or address of another bluetooth device. So the program will lookup those three properties of the target devices to be proxied, and then clone them onto the proxying adapter(s). Then it will first try connecting to the slave device from the cloned master adaptor. It will make a socket for each service hosted by the slave and relay traffic for each one independently. After the slave is connected, the cloned slave adaptor will be set to be listening for a connection from the master.
At this point, the real master device should connect to the adaptor. After the master connects, the proxied connection is complete. Using only one adapter This program uses either 1 or 2 Bluetooth adapters. If you use one adapter, then only the slave device will be cloned. Both devices will be cloned if 2 adapters are used; this might be necessary for more restrictive Bluetooth devices.
Advanced Usage Manipulation of the traffic can be handled via python by passing an inline script. Just implement the master_cb and slave_cb callback functions. This are called upon receiving data and the returned data is sent back out to the corresponding device. # replace.py def master_cb(req): '' Received something from master, about to be sent to slave.
'' print '>', repr(res) open('slavemessages.log', 'a+b').write(res) return res Also see the example functions for This code can be edited and reloaded during runtime by entering 'r' into the program console. This avoids the pains of reconnecting. Any errors will be caught and regular transmission will continue. TODO • BLE • Improve the file logging of the traffic and make it more interactive for • replays/manipulation. • Indicate which service is which in the output.
• Provide control for disconnecting/connecting services. • PCAP file support • ncurses?
How it works This program starts by killing the bluetoothd process, running it again with a LD_PRELOAD pointed to a wrapper for the bind system call to block bluetoothd from binding to L2CAP port 1 (SDP). All SDP traffic goes over L2CAP port 1 so this makes it easy to MiTM/forward between the two devices and we don't have to worry about mimicking the advertising. The program first scans each device for their name and device class to make accurate clones. It will append the string '_btproxy' to each name to make them distinguishable from a user perspective. Alternatively, you can specify the names to use at the command line. The program then scans the services of the slave device. It makes a socket connection to each service and open a listening port for the master device to connect to.
Once the master connects, the Proxy/MiTM is complete and output will be sent to STDOUT. Notes Some bluetooth devices have different methods of pairing which makes this process more complicated. Right now it supports SPP and legacy pin pairing. This program doesn't yet have support for Bluetooth Low Energy. A similiar approach to BLE can be taken.
Errors btproxy or bluetoothd hangs If you are using bluez 5, you should try uninstalling and installing. I've had problems with bluez 5 hanging. Error accessing bluetooth device Make sure the bluetooth adaptors are plugged in and enabled. • An intercepting, which lets you inspect and modify traffic between your browser and the target application. • An application-aware, for crawling content and functionality.
• An advanced web application, for automating the detection of numerous types of vulnerability. • An tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities. • A tool, for manipulating and resending individual requests.
• A tool, for testing the randomness of session tokens. • The ability to and resume working later.
•, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp. • An intercepting, which lets you inspect and modify traffic between your browser and the target application. • An application-aware, for crawling content and functionality. • An advanced web application, for automating the detection of numerous types of vulnerability. • An tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities. • A tool, for manipulating and resending individual requests.
• A tool, for testing the randomness of session tokens. • The ability to and resume working later. •, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp. • An intercepting, which lets you inspect and modify traffic between your browser and the target application. • An application-aware, for crawling content and functionality. • An advanced web application, for automating the detection of numerous types of vulnerability.
• An tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities. • A tool, for manipulating and resending individual requests. • A tool, for testing the randomness of session tokens. • The ability to and resume working later. •, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp. Welcome to the next generation of web application penetration testing - using WebKit to own the web. BurpKit is a BurpSuite plugin which helps in assessing complex web apps that render the contents of their pages dynamically.
It also provides a bi-directional JavaScript bridge API which allows users to create quick one-off BurpSuite plugin prototypes which can interact directly with the DOM and Burp's extender API. System Requirements BurpKit has the following system requirements: • Oracle JDK >=8u50 and.jar file and click Next when done.
If all goes well, you will see three additional top-level tabs appear in BurpSuite: • BurpKitty: a courtesy browser for navigating the web within BurpSuite. • BurpScript IDE: a lightweight integrated development environment for writing JavaScript-based BurpSuite plugins and other things. • Jython: an integrated python interpreter console and lightweight script text editor. BurpScript BurpScript enables users to write desktop-based JavaScript applications as well as BurpSuite extensions using the JavaScript scripting language. This is achieved by injecting two new objects by default into the DOM on page load: • burpKit: provides numerous features including file system I/O support and easy JS library injection. • burpCallbacks: the JavaScript equivalent of the IBurpExtenderCallbacks interface in Java with a few slight modifications.
Take a look at the examples folder for more information. More Information? A readable version of the docs can be found. A description of each feature follows: • Users can modify the X-Originating-IP, X-Forwarded-For, X-Remote-IP, X-Remote-Addr headers sent in each request.
This is probably the top bypass technique i the tool. It isn't unusual for a WAF to be configured to trust itself (127.0.0.1) or an upstream proxy device, which is what this bypass targets. • The 'Content-Type' header can remain unchanged in each request, removed from all requests, or by modified to one of the many other options for each request. Some WAFs will only decode/evaluate requests based on known content types, this feature targets that weakness. • The 'Host' header can also be modified. Poorly configured WAFs might be configured to only evaluate requests based on the correct FQDN of the host found in this header, which is what this bypass targets. • The request type option allows the Burp user to only use the remaining bypass techniques on the given request method of 'GET' or 'POST', or to apply them on all requests.
• The path injection feature can leave a request unmodified, inject random path info information (/path/to/example.php/randomvalue?restofquery), or inject a random path parameter (/path/to/example.php;randomparam=randomvalue?resetofquery). This can be used to bypass poorly written rules that rely on path information. • The path obfuscation feature modifies the last forward slash in the path to a random value, or by default does nothing. The last slash can be modified to one of many values that in many cases results in a still valid request but can bypass poorly written WAF rules that rely on path information. • The parameter obfuscation feature is language specific. PHP will discard a + at the beginning of each parameter, but a poorly written WAF rule might be written for specific parameter names, thus ignoring parameters with a + at the beginning. Similarly, ASP discards a% at the beginning of each parameter.
• The 'Set Configuration' button activates all the settings that you have chosen. CenoCipher is a free, open-source, easy-to-use tool for exchanging secure encrypted communications over the internet.
It uses strong cryptography to convert messages and files into encrypted cipher-data, which can then be sent to the recipient via regular email or any other channel available, such as instant messaging or shared cloud storage. Features at a glance • Simple for anyone to use. Just type a message, click Encrypt, and go • Handles messages and file attachments together easily • End-to-end encryption, performed entirely on the user's machine • No dependence on any specific intermediary channel. Works with any communication method available • Uses three strong cryptographic algorithms in combination to triple-protect data • Optional steganography feature for embedding encrypted data within a Jpeg image • No installation needed - fully portable application can be run from anywhere • Unencrypted data is never written to disk - unless requested by the user • Multiple input/output modes for convenient operation. Technical details • Open source, written in C++ • AES/Rijndael, Twofish and Serpent ciphers (256-bit keysize variants), cascaded together in CTR mode for triple-encryption of messages and files • HMAC-SHA-256 for construction of message authentication code • PBKDF2-HMAC-SHA256 for derivation of separate AES, Twofish and Serpent keys from user-chosen passphrase • Cryptographically safe pseudo-random number generator ISAAC for production of Initialization Vectors (AES/Twofish/Serpent) and Salts (PBKDF2). Example The next time you're forced to disarm a nuclear weapon without consulting Google, you may run: cheat tar You will be presented with a cheatsheet resembling: # To extract an uncompressed archive: tar -xvf /path/to/foo.tar # To extract a.gz archive: tar -xzvf /path/to/foo.tgz # To create a.gz archive: tar -czvf /path/to/foo.tgz /path/to/foo/ # To extract a.bz2 archive: tar -xjvf /path/to/foo.tgz # To create a.bz2 archive: tar -cjvf /path/to/foo.tgz /path/to/foo/ To see what cheatsheets are availble, run cheat -l. Note that, while cheat was designed primarily for *nix system administrators, it is agnostic as to what content it stores.
If you would like to use cheat to store notes on your favorite cookie recipes, feel free. Installing Using pip sudo pip install cheat Using homebrew brew install cheat Manually First install the required python dependencies with: sudo pip install docopt pygments Then, clone this repository, cd into it, and run: sudo python setup.py install Modifying Cheatsheets. Features • Instantly view all the Autofill list from Chrome browser • On startup, it auto detects Autofill file from Chrome's default profile location • Sort feature to arrange the data in various order to make it easier to search through 100's of entries. • Delete all the Autofill data with just a click of button • Save the displayed Autofill list to HTML/XML/TEXT/CSV file • Easier and faster to use with its enhanced user friendly GUI interface • Fully Portable, does not require any third party components like JAVA,.NET etc • Support for local Installation and uninstallation of the software. Here are the brief usage details • Launch ChromeAutofillViewer on your system • By default it will automatically find and display the autofill file from default profile location of Chrome. You can also select the desired file manually. • Next click on 'Show All' button and all stored Autofill data will be displayed in the list as shown in screenshot 1 below.
• If you want to remove all the entries, click on 'Delete All' button below. • Finally you can save all displayed entries to HTML/XML/TEXT/CSV file by clicking on 'Export' button and then select the type of file from the drop down box of 'Save File Dialog'.
You can use this feature from the UI, by selecting the 'Advanced Options' in the File menu, or from command-line, by using /external parameter. The user profile path should be something like 'C: Documents and Settings admin' in Windows XP/2003 or 'C: users myuser' in Windows Vista/2008. Command-Line Options /stext Save the list of passwords into a regular text file. /stab Save the list of passwords into a tab-delimited text file. /scomma Save the list of passwords into a comma-delimited text file. /stabular Save the list of passwords into a tabular text file. /shtml Save the list of passwords into HTML file (Horizontal).
/sverhtml Save the list of passwords into HTML file (Vertical). /sxml Save the list of passwords to XML file.
/skeepass Save the list of passwords to KeePass csv file. /external Load the Chrome passwords from external drive/profile. For example: chromepass.exe /external 'C: Documents and Settings admin' 'MyPassword'.
CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs. The main purpose of CMSmap is to integrate common vulnerabilities for different types of CMSs in a single tool.
At the moment, CMSs supported by CMSmap are WordPress, Joomla and Drupal. Please note that this project is an early state. As such, you might find bugs, flaws or mulfunctions. Use it at your own risk! Installation You can download the latest version of CMSmap by cloning the GitHub repository: git clone Usage CMSmap tool v0.3 - Simple CMS Scanner Author: Mike Manzotti Usage: cmsmap.py -t -t, --target target URL (e.g. '-v, --verbose verbose mode (Default: false) -T, --threads number of threads (Default: 5) -u, --usr username or file -p, --psw password or file -i, --input scan multiple targets listed in a given text file -o, --output save output in a file -k, --crack password hashes file -w, --wordlist wordlist file (Default: rockyou.txt - WordPress only) -a, --agent set custom user-agent -U, --update (C)MSmap, (W)ordpress plugins and themes, (J)oomla components, (D)rupal modules -f, --force force scan (W)ordpress, (J)oomla or (D)rupal -F, --fullscan full scan using large plugin lists. (Default: false) -h, --help show this help Example: cmsmap.py -t cmsmap.py -t -f W -F cmsmap.py -t -i targets.txt -o output.txt cmsmap.py -t -u admin -p passwords.txt cmsmap.py -k hashes.txt.
# set your $GOPATH go get github.com/codetainerapp/codetainer # you may get errors about not compiling due to Asset missing, it's ok. Bindata.go needs to be created # by `go generate` first. Cd $GOPATH/src/github.com/codetainerapp/codetainer # make install_deps # if you need the dependencies like godep make This will create./bin/codetainer. Configuring Docker You must configure Docker to listen on a TCP port.
DOCKER_OPTS='-H tcp://127.0.0.1:4500 -H unix:///var/run/docker.sock' Configuring codetainer See ~/.codetainer/config.toml. This file will get auto-generated the first time you run codetainer, please edit defaults as appropriate. lsof tutorial • Run the javascript to load the codetainer iframe from the codetainer API server (supply data-container as the id of codetainer on the div, or supply codetainer in the constructor options). A curated list of awesome honeypots, tools, components and much more. The list is divided into categories such as web, services, and others, focusing on open source projects. Commix (short for [comm]and [i]njection e[x]ploiter) has a simple environment and it can be used, from web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or string.
Commix is written in Python programming language. Requirements version 2.6.x or 2.7.x is required for running this program. Installation Download commix by cloning the Git repository: git clone commix Usage Usage: python commix.py [options] Options -h, --help Show help and exit. --verbose Enable the verbose mode. --install Install 'commix' to your system. --version Show version number and exit. --update Check for updates (apply if any) and exit.
Target This options has to be provided, to define the target URL. --url=URL Target URL. --url-reload Reload target URL after command execution. Request These options can be used, to specify how to connect to the target URL. --host=HOST HTTP Host header.
--referer=REFERER HTTP Referer header. --user-agent=AGENT HTTP User-Agent header. --cookie=COOKIE HTTP Cookie header. --headers=HEADERS Extra headers (e.g. 'Header1:Value1 nHeader2:Value2'). --proxy=PROXY Use a HTTP proxy (e.g. Login panel URL.
Login parameters and data. HTTP Basic Authentication credentials (e.g. Injection These options can be used, to specify which parameters to inject and to provide custom injection payloads.
--data=DATA POST data to inject (use 'INJECT_HERE' tag). --suffix=SUFFIX Injection payload suffix string.
--prefix=PREFIX Injection payload prefix string. --technique=TECH Specify a certain injection technique: 'classic', 'eval-based', 'time-based' or 'file-based'. --maxlen=MAXLEN The length of the output on time-based technique (Default: 10000 chars). --delay=DELAY Set Time-delay for time-based and file-based techniques (Default: 1 sec). --base64 Use Base64 (enc)/(de)code trick to prevent false- positive results. Set remote absolute path of temporary files directory.
Use the ICMP exfiltration technique (e.g. Usage Examples Exploiting python commix.py --url='--data='ip=INJECT_HERE&submit=submit' --cookie='security=medium; PHPSESSID=nq30op434117mo7o2oe5bl7is4' Exploiting using injection payload suffix & prefix string: python commix.py --url='--prefix='//' --suffix='' Exploiting using Extra headers and HTTP proxy: python commix.py --url='--data='target_host=INJECT_HERE' --headers='Accept-Language:fr nETag:123 n' --proxy='127.0.0.1:8081' Exploiting using ICMP exfiltration technique: su -c 'python commix.py --url='--data='addr=127.0.0.1' --icmp-exfil='ip_src=192.168.178.5,ip_dst=192.168.178.8'. This tools allows probe multiple urls through a input file, by a google domain (looking in all subdomains) or by a unique url. Also, supports multiple output like json, xml and csv. Features: • Multiple options for output (and export using >).
Xml, json, csv, grepable • Check the flags in multiple sites by a file input (one per line). This is very useful for pentesters when they want check the flags in multiple sites.
• Google search. Search in google all subdomains and check the cookies for each domain. • Colors for the normal output.
Usage Usage: cookiescanner.py [options] Example:./cookiescanner.py -i ips.txt Options: -h, --help show this help message and exit -i INPUT, --input=INPUT File input with the list of webservers -I, --info More info -u URL, --url=URL URL -f FORMAT, --format=FORMAT Output format (json, xml, csv, normal, grepable) --nocolor Disable color (for the normal format output) -g GOOGLE, --google=GOOGLE Search in google by domain Requirements requests >= 2.8.1 BeautifulSoup >= 4.2.1 Install requirements pip3 install --upgrade -r requirements.txt. CredCrack has been tested and runs with the tools found natively in Kali Linux. CredCrack solely relies on having PowerSploit's 'Invoke-Mimikatz.ps1' under the /var/www directory. Help usage: credcrack.py [-h] -d DOMAIN -u USER [-f FILE] [-r RHOST] [-es] [-l LHOST] [-t THREADS] CredCrack - A stealthy credential harvester by Jonathan Broche (@g0jhonny) optional arguments: -h, --help show this help message and exit -f FILE, --file FILE File containing IPs to harvest creds from.
One IP per line. -r RHOST, --rhost RHOST Remote host IP to harvest creds from. -es, --enumshares Examine share access on the remote IP(s) -l LHOST, --lhost LHOST Local host IP to launch scans from.
Credmap is an open source tool that was created to bring awareness to the dangers of credential reuse. It is capable of testing supplied user credentials on several known websites to test if the password has been reused on any of these. Help Menu Usage: credmap.py --email EMAIL --user USER --load LIST [options] Options: -h/--help show this help message and exit -v/--verbose display extra output information -u/--username=USER. Set the username to test with -p/--password=PASS. Set the password to test with -e/--email=EMAIL set an email to test with -l/--load=LOAD_FILE load list of credentials in format USER:PASSWORD -x/--exclude=EXCLUDE exclude sites from testing -o/--only=ONLY test only listed sites -s/--safe-urls only test sites that use HTTPS.
-i/--ignore-proxy ignore system default HTTP proxy --proxy=PROXY set proxy (e.g. 'socks5://192.168.1.2:9050') --list list available sites to test with Examples./credmap.py --username janedoe --email./credmap.py -u johndoe -e --exclude 'github.com, live.com'./credmap.py -u johndoe -p abc123 -vvv --only 'linkedin.com, facebook.com'./credmap.py -e --verbose --proxy './credmap.py --load list.txt./credmap.py --list Prerequisites To get started, you will need Python 2.6+ (previous versions may work as well, however I haven't tested them) • Python 2.6+ • Git (Optional) Running the program To run credmap, simply execute the main script 'credmap.py'.
$ python credmap.py -h Video. Like virtualization, chroots provide the guest OS with their own, segregated file system to run in, allowing applications to run in a different binary environment from the host OS. Unlike virtualization, you are not booting a second OS; instead, the guest OS is running using the Chromium OS system.
The benefit to this is that there is zero speed penalty since everything is run natively, and you aren't wasting RAM to boot two OSes at the same time. The downside is that you must be running the correct chroot for your hardware, the software must be compatible with Chromium OS's kernel, and machine resources are inextricably tied between the host Chromium OS and the guest OS. What this means is that while the chroot cannot directly access files outside of its view, it can access all of your hardware devices, including the entire contents of memory. A root exploit in your guest OS will essentially have unfettered access to the rest of Chromium OS. Crouton uses the concept of 'targets' to decide what to install. While you will have apt-get in your chroot, some targets may need minor hacks to avoid issues when running in the chrooted environment.
As such, if you expect to want something that is fulfilled by a target, install that target when you make the chroot and you'll have an easier time. Don't worry if you forget to include a target; you can always update the chroot later and add it. Free Download Mp3 Super Junior Kry What If.
You can see the list of available targets by running sh ~/Downloads/crouton -t help. There's multiple things that makes DAws better than every Web Shell out there: • Bypasses Disablers; DAws isn't just about using a particular function to get the job done, it uses up to 6 functions if needed, for example, if shell_exec was disabled it would automatically use exec or passthru or system or popen or proc_open instead, same for Downloading a File from a Link, if Curl was disabled then file_get_content is used instead and this Feature is widely used in every section and fucntion of the shell. • Automatic Encoding; DAws randomly and automatically encodes most of your GET and POST data using XOR(Randomized key for every session) + Base64(We created our own Base64 encoding functions instead of using the PHP ones to bypass Disablers) which will allow your shell to Bypass pretty much every WAF out there. • Advanced File Manager; DAws's File Manager contains everything a File Manager needs and even more but the main Feature is that everything is dynamically printed; the permissions of every File and Folder are checked, now, the functions that can be used will be available based on these permissions, this will save time and make life much easier. • Tools: DAws holds bunch of useful tools such as 'bpscan' which can identify useable and unblocked ports on the server within few minutes which can later on allow you to go for a bind shell for example. • Everything that can't be used at all will be simply removed so Users do not have to waste their time. We're for example mentioning the execution of c++ scripts when there's no c++ compilers on the server(DAws would have checked for multiple compilers in the first place) in this case, the function would be automatically removed and the User would know.
• Supports Windows and Linux. • Openned Source. A generation-based, context-free grammar fuzzer. Requirements None Examples Generate a single test-case.%./dharma.py -grammars grammars/webcrypto.dg Generate a single test case with multiple grammars.%./dharma.py -grammars grammars/canvas2d.dg grammars/mediarecorder.dg Generating test-cases as files.%./dharma.py -grammars grammars/webcrypto.dg -storage. Features • Multithreaded • Keep alive connections • Support for multiple extensions (-e --extensions asp,php) • Reporting (plain text, JSON) • Detect not found web pages when 404 not found errors are masked (.htaccess, web.config, etc). Changelog • 0.3.0 - 2015.2.5 Fixed issue3, fixed timeout exception, ported to python33, other bugfixes • 0.2.7 - 2014.11.21 Added Url List feature (-L).
Changed output. Minor Fixes • 0.2.6 - 2014.9.12 Fixed bug when dictionary size is greater than threads count. Fixed URL encoding bug (issue2). • 0.2.5 - 2014.9.2 Shows Content-Length in output and reports, added default.conf file (for setting defaults) and report auto save feature added. For use with Kali Linux. Custom bash scripts used to automate various pentesting tasks. Download, setup & usage • git clone git://github.com/leebaird/discover.git /opt/discover/ • All scripts must be ran from this location.
• cd /opt/discover/ •./setup.sh •./discover.sh RECON 1. Parse salesforce SCANNING 4. Generate target list 5.
IP or domain WEB 8. Open multiple tabs in Iceweasel 9. Crack WiFi 12. Parse XML 13. Start a Metasploit listener 14. Exit RECON Domain RECON 1.
Previous menu • Passive combines goofile, goog-mail, goohost, theHarvester, Metasploit, dnsrecon, URLCrazy, Whois and multiple webistes. • Active combines Nmap, dnsrecon, Fierce, lbd, WAF00W, traceroute and Whatweb. Person RECON First name: Last name: • Combines info from multiple websites. Parse salesforce Create a free account at salesforce (Perform a search on your target company >select the company name >see all. Copy the results into a new file. Enter the location of your list: • Gather names and positions into a clean list.
SCANNING Generate target list SCANNING 1. Local area network 2. Netdiscover 4. Ping sweep 5.
Previous menu • Use different tools to create a target list including Angry IP Scanner, arp-scan, netdiscover and nmap pingsweep. CIDR, List, IP or domain Type of scan: 1.
Previous menu • External scan will set the nmap source port to 53 and the max-rrt-timeout to 1500ms. • Internal scan will set the nmap source port to 88 and the max-rrt-timeout to 500ms. • Nmap is used to perform host discovery, port scanning, service enumeration and OS identification. • Matching nmap scripts are used for additional enumeration. • Matching Metasploit auxiliary modules are also leveraged.
WEB Open multiple tabs in Icewease Open multiple tabs in Iceweasel with: 1. Directories from a domain's robot.txt.
Previous menu • Use a list containing IPs and/or URLs. • Use wget to pull a domain's robot.txt file, then open all of the directories.
Nikto Run multiple instances of Nikto in parallel. List of IP:port. Previous menu SSL Check for SSL certificate issues. Enter the location of your list: • Use sslscan and sslyze to check for SSL/TLS certificate issues. MISC Crack WiFi • Crack wireless networks.
Parse XML Parse XML to CSV. Burp (Base64) 2.
Previous menu Start a Metasploit listener • Setup a multi/handler with a windows/meterpreter/reverse_tcp payload on port 443. Update • Use to update Kali Linux, Discover scripts, various tools and the locate database. Domi-Owned is a tool used for compromising IBM/Lotus Domino servers. Tested on IBM/Lotus Domino 8.5.2, 8.5.3, 9.0.0, and 9.0.1 running on Windows and Linux. Usage A valid username and password is not required unless 'names.nsf' and/or 'webadmin.nsf' requires authentication.
Fingerprinting Running Domi-Owned with just the --url flag will attempt to identify the Domino server version, as well as check if 'names.nsf' and 'webadmin.nsf' requires authentication. If a username and password is given, Domi-Owned will check to see if that account can access 'names.nsf' and 'webadmin.nsf' with those credentials. Reverse Bruteforce To perform a Reverse Bruteforce attack against a Domino server, specify a file containing a list of usernames with -U, a password with -p, and the --bruteforce flag.
Domi-Owned will then try to authenticate to 'names.nsf', returning successful accounts. Dump Hashes To dump all Domino accounts with a non-empty hash from 'names.nsf', run Domi-Owned with the --hashdump flag. This prints the results to the screen and writes them to separate out files depending on the hash type (Domino 5, Domino 6, Domino 8). Quick Console The Domino Quick Console is active by default; however, it will not show the command's output. A work around to this problem is to redirect the command output to a file, in this case 'log.txt', that is then displayed as a web page on the Domino server.
If the --quickconsole flag is given, Domi-Owned will access the Domino Quick Console, through 'webadmin.nsf', allowing the user to issue native Windows or Linux commands. Domi-Owned will then retrieve the output of the command and display the results in real time, through a command line interpreter. Type exit to quit the Quick Console interpreter, which will also delete the 'log.txt' output file. Examples Fingerprint Domino server python domi-owned.py --url Preform a reverse bruteforce attack python domi-owned.py --url -U./usernames.txt -p password --bruteforce Dump Domino account hashes python domi-owned.py --url -u user -p password --hashdump Interact with the Domino Quick Console python domi-owned.py --url -u user -p password --quickconsole. An analysis of scans performed over the past year following the launch of Acunetix Vulnerability Scanner (online version) show that on average 50% of the targets scanned have a medium or high network security vulnerability. It’s worrying that in the current cybersecurity climate, network devices remain vulnerable to attack.
The repercussions of a vulnerable network are catastrophic as seen in some recent, well publicised Lizard Squad attacks, the black hat hacking group, mainly known for their claims of DoS attacks. A network security scan checks the perimeter servers, locating any vulnerabilities in the operating system, server software, network services and protocols. Acunetix network security scan uses the OpenVAS database of network vulnerabilities and scans for more than 35,000 network level vulnerabilities. A network scan is where vulnerabilities such as Shellshock, Heartbleed and POODLE are detected, vulnerabilities which continue to plague not only web servers but also a large percentage of other network servers. A network scan will also. Partial functionality for: • Wordpress.
Computer:~/droopescan$ droopescan scan drupal -u -t 8 [+] No themes found. [+] Possible interesting urls found: Default changelog file - Default admin - [+] Possible version(s): 7.34 [+] Plugins found: views token pathauto libraries entity google_analytics ctools features [. Snip for README.] [+] Scan finished (0:27 elapsed) You can get a full list of options by running: droopescan --help droopescan scan --help Why not X? Because droopescan: • is fast • is stable • is up to date • allows simultaneous scanning of multiple sites • is 100% python Installation Installation is easy using pip: apt-get install python-pip pip install droopescan Manual installation is as follows: git clone cd droopescan pip install -r requirements.txt droopescan scan --help. This tool is able to perform four kinds of tests.
By default all tests are ran, but you can specify one of the following with the -e or --enumerate flag: • p -- Plugin checks: Performs several thousand HTTP requests and returns a listing of all plugins found to be installed in the target host. • t -- Theme checks: As above, but for themes. • v -- Version checks: Downloads several files and, based on the checksums of these files, returns a list of all possible versions.
• i -- Interesting url checks: Checks for interesting urls (admin panels, readme files, etc.) More notes regarding scanning can be. Target specification You can specify a particular host to scan by passing the -u or --url parameter: droopescan scan drupal -u example.org You can also omit the drupal argument. This will trigger “CMS identification”, like so: droopescan scan -u example.org Multiple URLs may be scanned utilising the -U or --url-file parameter. This parameter should be set to the path of a file which contains a list of URLs. Droopescan scan drupal -U list_of_urls.txt.
The drupal parameter may also be ommited in this example. For each site, it will make several GET requests in order to perform CMS identification, and if the site is deemed to be a supported CMS, it is scanned and added to the output list. This can be useful, for example, to run droopescan across all your organisation's sites. Droopescan scan -U list_of_urls.txt The code block below contains an example list of URLs, one per line: http://localhost/drupal/6.12/. Install all of the necessary Python modules listed above. Many of them are available via pip and/or apt-get.
Pygeoip is not yet available as a package and must be installed with pip or manually. All except dpkt are available with pip.
• sudo apt-get install python-crypto python-dpkt python-ipy python-pypcap • sudo pip install pygeoip • Configure pygeoip by moving the MaxMind data files (GeoIP.dat, GeoIPv6.dat, GeoIPASNum.dat, GeoIPASNumv6.dat) to /share/GeoIP/ • Run make. This will build Dshell. • Run./dshell. This is Dshell.
If you get a Dshell>prompt, you're good to go! Basic usage • decode -l • This will list all available decoders alongside basic information about them • decode -h • Show generic command-line flags available to most decoders • decode -d • Display information about a decoder, including available command-line flags • decode -d • Run the selected decoder on a pcap file Usage Examples Showing DNS lookups in Dshell>decode -d dns ~/pcap/dns.cap dns 2005-03-30 03:47:46 192.168.170.8:32795 ->192.168.170.20:53 ** 39867 PTR? 66.192.9.104 / PTR: 66-192-9-104.gen.twtelecom.net ** dns 2005-03-30 03:47:46 192.168.170.8:32795 ->192.168.170.20:53 ** 30144 A? Www.netbsd.org / A: 204.152.190.12 (ttl 82159s) ** dns 2005-03-30 03:47:46 192.168.170.8:32795 ->192.168.170.20:53 ** 61652 AAAA? Www.netbsd.org / AAAA: 2001:4f8:4:7:2e0:81ff:fe52:9a6b (ttl 86400s) ** dns 2005-03-30 03:47:46 192.168.170.8:32795 ->192.168.170.20:53 ** 32569 AAAA? Www.netbsd.org / AAAA: 2001:4f8:4:7:2e0:81ff:fe52:9a6b (ttl 86340s) ** dns 2005-03-30 03:47:46 192.168.170.8:32795 ->192.168.170.20:53 ** 36275 AAAA?
Www.google.com / CNAME: www.l.google.com ** dns 2005-03-30 03:47:46 192.168.170.8:32795 ->192.168.170.20:53 ** 9837 AAAA? Egress-Assess is a tool used to test egress data detection capabilities. Setup To setup, run the included setup script, or perform the following: • Install pyftpdlib • Generate a server certificate and store it as 'server.pem' on the same level as Egress-Assess.
This can be done with the following command: 'openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes' Usage Typical use case for Egress-Assess is to copy this tool in two locations. One location will act as the server, the other will act as the client. Egress-Assess can send data over FTP, HTTP, and HTTPS. To extract data over FTP, you would first start Egress-Assess’s FTP server by selecting “--server ftp” and providing a username and password to use:./Egress-Assess.py --server ftp --username testuser --password pass123 Now, to have the client connect and send data to the ftp server, you could run.