Security List Network™

IS VULNERABILITY RESEARCHER ,DIGITAL FORENSICS, INFORMATION SECURITY, APPLICATION SECURITY, PENETRATION TESTING, CODE SCRIPTING, EXPLOITS, SECURITY NEWS, MALWARE, FUZZER - FUZZING, SNIFFER, TUNNELING AND OTHER RANDOM GARBAGE.
Posts tagged "Penetration Testing"

It’s a Web User Interface with hacking functionalities.

Screenshot_Bl4ck0ps_Pro_Mozilla_Firefox_1
Install:
1 – Decompress uwui.tar.gz in /var/www
2 – Run visudo and add the line:
www-data ALL=NOPASSWD: ALL
3 – cp /var/www/uwui/bin/bin_intel/* /usr/bin
4 – cp /var/www/uwui/bin/scripts/* /usr/bin
5 – Start Apache:
/etc/init.t/apache2 start
6 – In Firefox go to http://127.0.0.1/uwui

ip_actions

Tips:
To show the info window of a node click over the icon
To show the actions window of a node click over the zone of the text.

If you want help me with the look and feel of the interface you need modify the files:
- /var/www/uwui/css/uwui.css
- /var/www/uwui/php/uwui_function.php

If you want help add new actions (new wifi attacks, etc …) or new info in info windows you need modify the files:
- /var/www/uwui/php/uwui_actions.php
- /var/www/uwui/php/uwui_info.php

Example actions:
if ($tipo==”monitor” ) {
action(“airmon-ng stop $valor”,””);
echo “<hr color=’green’>”;
action_bg(“airodump-ng –output-format csv -w ../data/captura $valor 1>/dev/null 2>/dev/null”,”Airodump CSV”);
action_bg(“airodump-ng –output-format pcap -w ../data/captura $valor 1>/dev/null 2>/dev/null”,”Airodump PCAP”);
action_bg(“airodump-ng –output-format csv,pcap -w ../data/captura $valor 1>/dev/null 2>/dev/null”,”Airodump CSV,PCAP”);
}

System Info

System Info

Examploe info:
if ($tipo==”system”) {
echo “<PRE>”;
echo “<U>TOP</U>\n”;
system(“sudo top -b -n 1 | head -15″);
echo “<hr color=green>\n”;
echo “<U>ROUTE</U>\n”;
system(“sudo route -n”);
echo “<hr color=green>\n”;
echo “<U>IPTABLES</U>\n”;
system(“sudo iptables –table nat –list|grep .”);
echo “<hr color=green>\n”;
echo “<U>IP FORWARD</U>\n”;
echo “IP Forward: “;
system(“sudo cat /proc/sys/net/ipv4/ip_forward”);
echo “</PRE>”;
}

If you want help optimizing or debuging you need modify the file:
- /var/www/uwui/php/uwui_core.php

PwnPi is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 114 network security tools pre-installed to aid the penetration tester. It is built on the debian squeeze image from the raspberry pi foundation’s website and uses Xfce as the window manager
a

Features Tools :

Information Gathering
—————————
dnstracer
lynis
netmask
tcptraceroute
tcpdump (new)
ngrep (new)
sslsniff (new)
dnswalk (new)
dmitry (new)
ike-scan (new)
darkstat (new)
arping (new)
tcpflow (new)
bing-ip2hosts-0.2 (new)
metagoofil-blackhat (new)
theHarvester (new)

Network Mapping
———————-
fping
hping3
nbtscan
netdiscover
nmap
onesixtyone
p0f
sslscan
tcptraceroute
xprobe
zenmap
pbnj (new)

Vulnerability Identification
———————————-
curl
flasm
ratproxy
smbclient
sqlmap
w3af
wapiti
wbox
nikto
skipfish (new)
metasploit (new)
S.E.T (new)
Fasttrack (new)

Penetration
————–
ExploitDB
metasploit (with db_autopwn)
S.E.T
Fasttrack (new)

Privilege Escalation
————————-
bkhive
chntpw
dsniff
etherape
ettercap
john
medusa
netsed
ophcrack
packeth
packit
samdump2
ssldump
tcpick
tcpreplay
wireshark
yersinia
fcrackzip (new)

Maintaining Access :
———————–
6tunnel
cryptcat
dns2tcp
proxychains
ptunnel
socat
stunnel4
tinyproxy
udptunnel
vidalia
netcat (new)
openvpn (new)
iodine (new)
httptunnel (new)

Radio Network Analysis
—————————–
airodump-ng
aircrack-ng
airdecloak-ng
packetforge-ng
wash
airdecap-ng
ivstools
makeivs-ng
airbase-ng
aireplay-ng
airserv-ng
airdriver-ng
airmon-ng
airtun-ng
btscanner
obexftp
reaver
weplab (new)
wavemon (new)
prismstumbler (new)
kismet(new)

PwnPI

VoIP Analysis
—————
sipcrack
sipsak (new)

Digital Forensic
—————-
aimage
chkrootkit
foremost
galleta
magicrescue
mboxgrep
scalpel
scrub
vinetto
wipe

Stress Testing
—————-
siege

Miscellanious
————-
pentbox-1.5 (new)
ppcalc
sendemail
macchanger (new)

The purpose of Bt5up is to update/add and bug fix BackTrack 5 tools.


Changelog : V1.5 :
- Added: FernWifi Update
- Added: Dedected Update
- Added: Wifite Update
- Added: BEEF Update
- Added: SQLNinja Update
- Added: FlashPlayer 11 to Fix BT5 Bugs/Customize BT5 Menu
- Added: Now the Additional Tools have there own module, this way I dont need to create a new version of bt5up everytime a new tool is added.
- Added: The new tools are now located in /pentest/bt5up/tools
- Added: Crypter to Additional Tools
- Added: Ghost Phisher to Additional Tools
- Added: The Teenage Mutant Ninja Turtles project to Additional Tools
- Added: MinidWep-GTK to Additional Tools
- Added: The Mole to Additional Tools
- Fixed: Paths from some tools to work with BT5 R3

1. Update and clean Backtrack.
2. Exploit tools.

  •  Metasploit Framework.
  •  Exploit-db.
  •  SET – Social Engineering Toolkit.
  •  Update all.


3. Wireless & Telephony.

  •  Aircrack-ng and Airdrop.
  •  WarVox.
  • WiFite.
  • Dedected.
  • Fern Wifi Cracker
  •  Giskismet.
  •  Update all


4. Web & Database.

  •  W3AF.
  •  Nikto.
  • BeEF
  •  Sqlmap.
  • SQLNinja.
  •  Fimap.
  • JoomScan.
  • WPScan.
  • HexorBase.


 Update all.
5. Others.

  •  Nessus.
  • Wireshark
  •  OpenVAS.
  • Nmap


 Update all.
6. Update All
7. Update Script
8. Changelog
9. Feedback (Gmail)
10. Fix BT5 Bugs/Customize BT5

  • Startx after login
  • Change Login message(motd)
  • Set PulseAudio to autostart
  • Set Wicd autostart
  • Install FlashPlayer 11


11. Additional Tools

  • Nessus
  • Crypter
  • Ghost Phisher
  • TMNT Project
  • MinidWep-GTK
  • The Mole

Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes. Grinder Nodes provide an automated way to fuzz a browser, and generate useful crash information (such as call stacks with symbol information as well as logging information which can be used to generate reproducible test cases at a later stage). A Grinder Server provides a central location to collate crashes and, through a web interface, allows multiple users to login and manage all the crashes being generated by all of the Grinder Nodes.


Changelog Version 0.3 2012
==========================
Server
———
* Added a Fuzzer tab to allow users to view statistics (bar charts) about the fuzzers that have been run in the system. You can also drill down in to individual fuzzers to view what targets they are generating crashes on. Added bar chart support via jqPlot.
* Added a Settings tab. Moved the user account management features from the System tab into this new Settings tab.

Node
——
* Add in initial work for automated testcase reduction via .\node\reduction.rb
* Added IE10 support (As seen in Windows 8 Consumer Preview) (grinder\node\browser\internetexplorer.rb).
* Added a —fuzzer parameter to grinder.rb. When bringing up a node you can now specify a single fuzzer to load instead of loading all the fuzzers in the nodes fuzzer directory. Usefull for testing a specific fuzzer (e.g. >ruby grinder.rb —fuzzer=DOMBlaster2000 FF)
* Added a —help and —version parameter to grinder.rb and testcase.rb.
* grinder_logger.dll is now thread safe and can handle log messages of an arbitrary size.
* Changed the server.rb 301 reditect to a 307 temporary redirect.
* Many small bug fixes!

Features
Grinder Server features:

  1. Multi user web application. User can login and manage all crashes reported by the Grinder Nodes. Administrators can create more users and view the login history.
  2. Users can view the status of the Grinder system. The activity of all nodes in the system is shown including status information such as average testcases being run per minute, the total crashes a node has generated and the last time a node generated a crash.
  3. Users can view all of the crashes in the system and sort them by node, target, fuzzer, type, hash, time or count.
  4. Users can view crash statistics for the fuzzers, including total and unique crashes per fuzzer and the targets each fuzzer is generating crashes on.
  5. Users can hide all duplicate crashes so as to only show unique crashes in the system in order to easily manage new crashes as they occur.
  6. Users can assign crashes to one another as well as mark a particular crash as interesting, exploitable, uninteresting or unknown.
  7. Users can store written notes for a particular crash (viewable to all other users) to help manage them.
  8. Users can download individual crash log files to help debug and recreate testcases.

Change Log for NOWASP 2.3.2 (Codename: Mutillidae):

  • Added large amount of code to help users who have database issues of some type or users unfamiliar with MySQL
  • Made change to bubble hint hanlder to return error message if hint retrieval fails rather than allow page to fail
  • Added new page database-offline.php to handle database error
  • Added database error detection to setup scripts
  • Changed how the database connection occurs. The MySQLHandler splits the connection to the database server and OWASP10 database into separate steps to help the user have a better chance of detecting issues. This allows the index.php page to connect later in the process as well.
  • Improved database connection in log handler
  • Changed database configuration to static properties
  • Added method connectToDefaultDatabase() to SQL Handler class



Screenshot





NOWASP (Mutillidae) is a free, open source web application provided to allow security enthusiest to pen-test a web application. NOWASP (Mutillidae) can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to administrate a webserver. It is already installed on Samurai WTF and Rapid7 Metasploitable-2. The existing version can be updated on either. NOWASP (Mutillidae) contains dozens of vulns and hints to help the user; providing an easy-to-use web hacking environment deliberately designed to be used as a lab for security enthusiast, classrooms, labs, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, in corporate web sec training courses, and as an “assess the assessor” target for vulnerability assessment software.

NOWASP (Mutillidae) has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and oth

Features :

  1. Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver.
  2. Installs easily by dropping project files into the “htdocs” folder of XAMPP.
  3. Preinstalled on Rapid7 Metasploitable 2
  4. Preinstalled on Samurai Web Testing Framework (WTF)
  5. Has dozen of vulnerablities and challenges. Contains at least one vulnearbility for each of the OWASP Top Ten 2007 and 2010
  6. System can be restored to default with single-click of “Setup” button
  7. Switches between secure and insecure mode
  8. Secure and insecure source code for each page stored in the same PHP file for easy comparison
  9. Used in graduate security courses, in corporate web sec training courses, and as an “assess the assessor” target for vulnerability software
  10. Contains 2 levels of hints to help users get started
  11. Instructional Videos: http://www.youtube.com/user/webpwnized
  12. Updates tweeted to @webpwnized
  13. Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and ot
Change Log for NOWASP 2.3.1 (Codename: Mutillidae):
  • Updated vulnerabilities listing
  • Added an entirely new attack on a new page: view-user-privilege-level.php
  • Added view-user-privilege-level.php to main menu under broken session management


NOWASP (Mutillidae) is a free, open source web application provided to allow security enthusiest to pen-test a web application. NOWASP (Mutillidae) can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to administrate a webserver. It is already installed on Samurai WTF and Rapid7 Metasploitable-2. The existing version can be updated on either. NOWASP (Mutillidae) contains dozens of vulns and hints to help the user; providing an easy-to-use web hacking environment deliberately designed to be used as a lab for security enthusiast, classrooms, labs, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, in corporate web sec training courses, and as an “assess the assessor” target for vulnerability assessment software.

NOWASP (Mutillidae) has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and oth

Features :

  1. Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver.
  2. Installs easily by dropping project files into the “htdocs” folder of XAMPP.
  3. Preinstalled on Rapid7 Metasploitable 2
  4. Preinstalled on Samurai Web Testing Framework (WTF)
  5. Has dozen of vulnerablities and challenges. Contains at least one vulnearbility for each of the OWASP Top Ten 2007 and 2010
  6. System can be restored to default with single-click of “Setup” button
  7. Switches between secure and insecure mode
  8. Secure and insecure source code for each page stored in the same PHP file for easy comparison
  9. Used in graduate security courses, in corporate web sec training courses, and as an “assess the assessor” target for vulnerability software
  10. Contains 2 levels of hints to help users get started
  11. Instructional Videos: http://www.youtube.com/user/webpwnized
  12. Updates tweeted to @webpwnized
  13. Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and other tools
WebSploit Is An Open Source Project For :
[>]Social Engineering Works
[>]Scan,Crawler & Analysis Web
[>]Automatic Exploiter
[>]Support Network Attacks
——
[+]Autopwn - Used From Metasploit For Scan and Exploit Target Service
[+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin
[+]format infector - inject reverse & bind payload into file format
[+]phpmyadmin Scanner
[+]LFI Bypasser
[+]Apache Users Scanner
[+]Dir Bruter
[+]admin finder
[+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks
[+]MITM - Man In The Middle Attack
[+]Java Applet Attack
[+]MFOD Attack Vector
[+]USB Infection Attack
[+]ARP Dos Attack
[+]Web Killer Attack
[+]Fake Update Attack
[+]Fake Access point Attack