Mac OS

Apple Mac OS X

PACK - Password Analysis & Cracking Kit

PACK (Password Analysis and Cracking Toolkit) is a collection of utilities developed to aid in analysis of password lists in order to enhance password cracking through pattern detection of masks, rules, character-sets and other password characteristics. The toolkit generates valid input files for Hashcat family of password crackers.

NOTE: The toolkit itself is not able to crack passwords, but instead designed to make operation of password crackers more efficient.

StatsGen
The most basic analysis that you can perform is simply obtaining most common length, character-set and other characteristics of passwords in the provided list. In the example below, we will use 'rockyou.txt' containing approximately 14 million passwords. Launch statsgen.py with the following command line:
$ python statsgen.py rockyou.txt

Using filters
Let's see how RockYou users tend to select their passwords using the "stringdigit" simple mask (a string followed by numbers):
$ python statsgen.py ../PACK-0.0.3/archive/rockyou.txt --simplemask stringdigit -q --hiderare

Saving advanced masks
While the "Advanced Mask" section only displays patterns matching greater than 1% of all passwords, you can obtain and save a full list of password masks matching a given dictionary by using the following command:
$ python statsgen.py rockyou.txt -o rockyou.masks

MaskGen
MaskGen allows you to craft pattern-based mask attacks for input into Hashcat family of password crackers. The tool uses output produced by statsgen above with the '-o' flag in order to produce the most optimal mask attack sorted by mask complexity, mask occurrence or ratio of the two (optimal index).
Let's run MaskGen with only StatGen's output as an argument:
$ python maskgen.py rockyou.masks

Specifying target time

DAVOSET

(Translation provided by google)
DDoS attacks via other sites execution tool (DAVOSET) - a tool for use by Abuse of Functionality and XML External Entities vulnerabilities at some sites for attacks on other sites (including DoS and DDoS attacks). Which was developed by me in 2010.

On these attacks, I wrote the article sites use to attack other sites . In the article the effectiveness of the attacks on sites through the use of other sites I announced DAVOSET and explored the effectiveness of these attacks. I also wrote about the benefits of these attacks .

This tool is written in perl.

# DDoS attacks via other sites execution tool
# DAVOSET v.1.1.4
# Tool for conducting of DDoS attacks on the sites via other sites
# Copyright (C) MustLive 2010-2013
# Last update: 03.12.2013
# <a href="Http://websecurity.com.ua<br />
#" title="Http://websecurity.com.ua<br />
#">Http://websecurity.com.ua<br />
#</a> # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Program summary
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

SSH Back

SSH Back is a set of shell scripts that assist you in shuffling an ssh connection over socat and ssl.

              __     ______              __
.-----.-----.|  |--.|   __ \.---.-.----.|  |--.
|__ --|__ --||     ||   __ <|  _  |  __||    <
|_____|_____||__|__||______/|___._|____||__|__|
Copyright (C) 2014

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

Have you ever needed to have access to an ssh server from behind
a NAT'ed firewall? Now you can. SSHBack allows you to have reverse
ssh connections connect back to you.

Made from 100% FOSS recycled materials, this software is made to
withstand the most demanding conditions, including, but not
limited to: __FILL_IN_BLANK_HERE__

(For amusement purposes only. Do not abuse or misuse this product.
Do not ruin anyone's day with this software, please!)

sshback client machine: has openssh-server on
sshback sever machine: has openssh-client on

NOTE: "Server_Common_Name" must be able to DNS resolve
      on the client machine, e.g.
$ host <a href="http://www.servercommonname.com<br />
www.servercommonname.com" title="www.servercommonname.com<br />
www.servercommonname.com">www.servercommonname.com<br />
www.servercommonname.com</a> has address xxx.xxx.xxx.xxx

run
$ ./sshback_make_certs.sh
to make all the certs

then move client.pem, server.crt, and sshback_client.sh to the
  machine with openssh-server installed
make sure 'socat' is installed
chmod +x sshback_client.sh

OpenFPC

OpenFPC is a set of scripts that combine to provide a lightweight full-packet network traffic recorder & buffering tool. It's design goal is to allow non-expert users to deploy a distributed network traffic recorder on COTS hardware while integrating into existing alert and log tools.

OpenFPC is described as lightweight because it follows a different design model to other FPC/Network traffic forensic tools that I have seen. It doesn't provide a user with the ability to trigger automatic events (IDS-like functions), or watch for anomalous traffic changes (NBA-like functions) as it is assumed external open source, or comercial tools already provide this detection capability. OpenFPC fits in as a companion to provide extra (full packet/traffic stream) data as a bolt-on to these tools allowing deeper analysis of event data where required.

Simply give it a logfile entry in one of the supported formats, and it will provide you with the PCAP.

For more information, visit the OpenFPC project home at http://www.openfpc.org
Features and futures

Automated install on Debain and RH style distributions
Extraction of single streams based on event occurrence time, or start/end timestamps
Extracts stream data based on common logfile/alert formats

Distributed collection with central extraction Optional compression and extract checksums Ability to request data from external tools/user interfaces
TODO

Central web-based UI for stream/data extraction from distributed remote storage buffers
Automatic calculation of an optimal configuration for extraction speed based on available storage.

miranda

Miranda is a Python-based Universal Plug-N-Play client application designed to discover, query and interact with UPNP devices, particularly Internet Gateway Devices (aka, routers). It can be used to audit UPNP-enabled devices on a network for possible vulnerabilities. Some of its features include:

Interactive shell with tab completion and command history
Passive and active discovery of UPNP devices
Customizable MSEARCH queries (query for specific devices/services)
Full control over application settings such as IP addresses, ports and headers
Simple enumeration of UPNP devices, services, actions and variables
Correlation of input/output state variables with service actions
Ability to send actions to UPNP services/devices
Ability to save data to file for later analysis and collaboration
Command logging

Miranda v1.3
The interactive UPnP client
Craig Heffner, http://www.devttys0.com

Command line usage: miranda.py [OPTIONS]

-s Load previous host data from struct file
-l Log user-supplied commands to log file
-i Specify the name of the interface to use (Linux
only, requires root)
-b Process commands from a file
-u Disable show-uniq-hosts-only option
-d Enable debug mode
-v Enable verbose mode
-h Show help

Alucard

Alucard is a UPnP port redirection application that allows a user to open ports on a UPnP enabled router.

To build first install MiniUpnpc from http://miniupnp.tuxfamily.org/
Then type "make"
Then run "./alucard 192.168.1.200 1044" to redirect all traffic from port 1044/TCP outside the NAT to port 1044/TCP on 192.168.1.200

dnsgrep

DNS hostname enumerator tool using zone transfer.

dnsgrep v0.16 beta by geinblues ( geinblues@gmail.com ) usage : ./dnsgrep -d *ta
rget domain -m *
dictionary mode:
-D
-sS : stealth mode
-sN : normal mode
-sQ : quick mode

-o

Capstone

Capstone is a lightweight multi-platform, multi-architecture disassembly framework.

Multiple architectures
Capstone is one of a very few disassembly frameworks that can support multi-architectures. So far, it can handle 4 most important architectures: ARM, ARM64 (aka ARMv8/AArch64), Mips & X86. More will be added in the future when possible.
Updated

As far as we are aware, in all 4 architectures, Capstone can handle more instructions than other frameworks. Especially, it even supports most modern CPU extensions & is guaranteed to remain updated in the future.
Clean, simple & intuitive architecture-neutral API

Clean & intuitive is the key principle in designing the API for Capstone. The interface has always been as simple as possible. It would take a new user just few minutes to understand & start writing his own tool based on available samples accompanying Capstone source code.

Even better, the API is independent of the hardwares, so your analysis tool can work in the same way across all the architectures.
Detailed instruction information

Capstone breaks down instruction information, making it straightforward to access to instruction operands & other internal instruction data.

This feature is called “decomposer” by some alternatives, but Capstone is the only framework having this across all the architectures, in seamless way.
Instruction semantics

Capstone provides some important semantics of the disassembled instruction, such as list of implicit registers read & written, or if this instruction belongs to a group of instructions (such as ARM Neon group, or Intel SSE4.2 group). Now writing your own machine code normalization becomes easier than ever.
Zero barrier

Implemented in pure C language, Capstone is easy to be adopted for your low-level tool. Furthermore, lightweight & efficient bindings for popular languages such as Python, Ruby, OCaml, C#, Java & Go are also available.

Malheur Malware Analyzer

Malheur is a tool for the automatic analysis of malware behavior (program behavior recorded from malicious software in a sandbox environment). It has been designed to support the regular analysis of malicious software and the development of detection and defense measures. Malheur allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes.

Malheur builds on the concept of dynamic analysis: Malware binaries are collected in the wild and executed in a sandbox, where their behavior is monitored during run-time. The execution of each malware binary results in a report of recorded behavior. Malheur analyzes these reports for discovery and discrimination of malware classes using machine learning.

Malheur can be applied to recorded behavior of various format, as long as monitored events are separated by delimiter symbols, for example as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox and Joebox.

Extraction of prototypes. From a given set of reports, Malheur identifies a subset of prototypes representative for the full data set. The prototypes provide a quick overview of recorded behavior and can be used to guide manual inspection.

Clustering of behavior. Malheur automatically identifies groups (clusters) of reports containing similar behavior. Clustering allows for discovering novel classes of malware and provides the basis for crafting specific detection and defense mechanisms, such as anti-virus signatures.

Classification of behavior. Based on a set of previously clustered reports, Malheur is able to assign unknown behavior to known groups of malware. Classification enables identifying novel variants of malware and can be used to filter program behavior prior to manual inspection.

Vega Web Security Scanner

Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.

Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities. Vega can be extended using a powerful API in the language of the web: Javascript.

Core:
Automated Crawler and Vulnerability Scanner
Consistent UI
Website Crawler
Intercepting Proxy
SSL MITM
Content Analysis
Extensibility through a Powerful Javascript Module API
Customizable alerts
Database and Shared Data Model

Modules:
Cross Site Scripting (XSS)
SQL Injection
Directory Traversal
URL Injection
Error Detection
File Uploads
Sensitive Data Discovery

Syndicate content