This tool stores up to 426 bytes in the MBR's bootloader code section of unused devices such as usb drivers, hrd disks (which are not supposed to boot) and other media. GRUB detection is implemented for safety reasons, Windows bootloader code will be shamelessly overwritten.
INSTALLATION
make
sudo make install
make clean
FIRST STEPS
Get yourself a copy of your own MBR with
dd if=/dev/sdx of=my_mbr.img count=1
or use one of the provided samples in doc/.
Read, store and check your results with your favorite hex editor (e.g. g
hex2).
Be careful to not demage your bootloader!
Run fdisk -l or dmesg to determine the correct device
AUTHOR
atzeton
nullsecurity.net
LICENSE
GNU GPLv2+
Against is a very fast ssh attack script which includes a multithreaded port scanning module (tcp connect) for discovering possible targets and a multithreaded brute-forcing module which attacks in parallel (multiprocessing) all discovered hosts or given ip addresses from a list.
Authored by pigtail23 | Site nullsecurity.net
Updated: Feb 28, 2014
Changes: Honeypot detection, optimizations, detection for key authentication, and much more.
# FantaGhost URL Scanner 1.0
Advanced web directory scanner with proxy and TOR support
#### About
This is an opensource advanced web directory scanner to find hidden contents on a web server using dictionary-like attack. FantaGhost URL scanner support proxy and TOR.
All options explained here are also available from `fgdev.pl --help`)
Usage: ./fgscan.pl --host=hostname [--proxy=filepath] [--sec=n] [--dump] [--dirlist=filepath] [--wordlist=filepath] [--tor] [--tordns] [--debug] [--help]
--debug : Print debug information
--dirs : Specify the directory list file
--pages : Specify the wordlist file
--host : Specify hostname to scan (without http:// or https://)
--proxy : Specify a proxy list
--sec : Seconds between requests. Value 999 will randomize delay between requests from 1 to 30 seconds
--dump : Save found pages on disk
--tor : Use TOR as proxy for each request
--tordns : Use TOR to resolve hostname. Without this options DNS queries will be directed to default DNS server outside TOR network.
--help : What you're reading now
A proof-of-concept packer for .NET executables, designed to provide a starting point to explain the basic principles of runtime packing.
It is a full implementation of a simple .NET PE file packer, which doesn't use native code.
It can perform the following tasks:
pack itself
packing files packed by itself (up to four layers of packing are tested)
automagically resolve dependencies of the packed EXE
The following downsides/problems are known:
output files are quite big
there is no compression
console applications/DLLs cannot be packed.
Implementation
The packer is implemented in a shared library called netcrypt.dll. If you reference this library you can just use the following code to pack a file:
byte[] arrayOfUnpackedExeBytes;
// ... perform file loading/generation logic
byte[] packedExe = Packer.Pack(arrayOfUnpackedExeBytes);
Bricks is a deliberately vulnerable web application built on PHP and MySQL.
The project focuses on variations of commonly seen application security vulnerabilities and exploits.
Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP).
The mission is to 'break the bricks' and thus learn the various aspects of web application security.
License: Apache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)
who is working on this project?
Project Leader(s):
Abhi M Balakrishnan
Get UWAMP. There are three options:
Exe/Install: Around 20 MB and has an installer. It can be installed just like installing any other software.
Portable RAR: Around 30 MB, portable. No installation needed, just extract and run. 7-Zip is a good software for handling RAR files.
Portable ZIP: Around 55 MB, portable. No installation needed, just extract and run.
Download Bricks and extract it.
Copy the bricks folder into the UwAmp\www directory.
Run uWAMP.exe and Start running the server.
Create a new database for Bricks:
Click on the PHPMyAdmin button on the UWAMP interface, or go to http:///mysql/ on browser.
Any name can be used for database. For example: bricks. Fill up the name and click on Create button.
Click on the www Site button on the UWAMP interface, or go to http:///bricks/ on browser.
Bricks will redirect automatically to http:///bricks/config/.
Fill in the configuration details:
Database username: root
Database password: root in uWAMP. Keep it blank in the xase of XAMPP
Database name: bricks
Database host: localhost
Show executed commands: checked by default
Click on Submit button and a file, LocalSettings.php, will get downloaded. Place this file in the UwAmp\www directory.
This is the vicnum project ("vicnum")
This project was registered on SourceForge.net on Jan 27, 2009, and is described by the project team as follows:
A flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. Helpful to IT auditors honing web security skills and setting up 'capture the flag' . Play the game at http://vicnum.ciphertechs.com
Vicnum (1.5) is an OWASP project consisting of multiple vulnerable web applications based on games commonly used to kill time. These applications demonstrate common web security problems such as cross site scripting, sql injections, and session management issues. The goal of this project is to strengthen security of web applications by educating different groups (students, management, users, developers, auditors) as to what might go wrong in a web app. And of course it's OK to have a little fun. There are currrently three applications (or challenges) in this version of Vicnum. Guessnum, a game to guess a number the computer has picked. Jotto, a game to guess a word the computer has picked. And the Union Challenge which is new to version 1.5 Besides untarring the tar into the right folder and some Apache webserver tweaking, three MySQL tables will need to be created.
Grabber is a web application scanner. Basically it detects some kind of vulnerabilities in your website.
Grabber is simple, not fast but portable and really adaptable. This software is designed to scan small websites such as personals, forums etc. absolutely not big application: it would take too long time and flood your network.
Contact
-------
author: Romain Gaucher
website: http://rgaucher.info/beta/grabber
email: [email protected]
Current features
Because it's a small tool, the set of vulnerabilities is small...
- Cross-Site Scripting
- SQL Injection (there is also a special Blind SQL Injection module)
- File Inclusion
- Backup files check
- Simple AJAX check (parse every JavaScript and get the URL and try to get the parameters)
- Hybrid analysis/Crystal ball testing for PHP application using PHP-SAT
- JavaScript source code analyzer: Evaluation of the quality/correctness of the JavaScript with JavaScript Lint
- Generation of a file [session_id, time(t)] for next stats analysis.
How do I use Grabber ?
You have a main script grabber.py which execute the modules (xss.py, sql.py, etc.).
Download Grabber
Download Grabber
The executable version produced by py2exe
Source code
Installation
For using Grabber you only need Python 2.4, BeautifulSoup and PyXML. You can download the packages on the websites given above.
Configuration
You can configure the run with a configuration file like this:
http://127.0.0.1/bank
1
Then launch the grabber.py script.
Or you can use the command line parameters:
$ python grabber.py --spider 1 --sql --xss --url http://127.0.0.1/bank
The two configuration are equivalents.
What you need to know ?
WATOBO is intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits. We (watobo team) are convinced that the semi-automated approach is the best way to perform an accurate audit and to identify most of the vulnerabilities.
WATOBO has no attack capabilities and is provided for legal vulnerability audit purposes only.
„Ok, how does it work?“
WATOBO works like a local proxy, similar to Webscarab, Paros or BurpSuite.
Additionally, WATOBO supports passive and active checks. Passive checks are more like filter functions. They are used to collect useful information, e.g. email or IP addresses. Passive checks will be performed during normal browsing activities. No additional requests are sent to the (web) application.
Active checks instead will produce a high number of requests (depending on the check module) because they do the automatic part of vulnerability identification, e.g. during a scan.
„So why should I use WATOBO instead of other web application auditing tools?“
The most important advantages are:
WATOBO has Session Management capabilities! You can define login scripts as well as logout signatures. So you don’t have to login manually each time you get logged out.
WATOB can act as an transparent proxy
WATOBO has anti-CSRF features
WATOBO can perform vulnerability checks out of the box.
WATOBO supports Inline De-/Encoding, so you don’t have to copy strings to a transcoder and back again. Just do it inside the request/response window with a simple mouse click.
WATOBO has smart filter functions, so you can find and navigate to the most interesting parts of the application easily.
WATOBO is written in (FX)Ruby and enables you to define your own checks
WATOBO is free software ( licensed under the GNU General Public License Version 2)
It’s by siberas
Supported operating systems
SearchDiggity 3.1 is the primary attack tool of the Google Hacking Diggity Project. It is Stach & Liu’s MS Windows GUI application that serves as a front-end to the most recent versions of our Diggity tools: GoogleDiggity, BingDiggity, Bing LinkFromDomainDiggity, CodeSearchDiggity, DLPDiggity, FlashDiggity, MalwareDiggity, PortScanDiggity, SHODANDiggity, BingBinaryMalwareSearch, and NotInMyBackYard Diggity.
peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. With peepdf it's possible to see all the objects in the document showing the suspicious elements, supports all the most used filters and encodings, it can parse different versions of a file, object streams and encrypted files. With the installation of PyV8 and Pylibemu it provides Javascript and shellcode analysis wrappers too. Apart of this it's able to create new PDF files and to modify/obfuscate existent ones.
The main functionalities of peepdf are the following:
Analysis:
Decodings: hexadecimal, octal, name objects
More used filters
References in objects and where an object is referenced
Strings search (including streams)
Physical structure (offsets)
Logical tree structure
Metadata
Modifications between versions (changelog)
Compressed objects (object streams)
Analysis and modification of Javascript (Spidermonkey): unescape, replace, join
Shellcode analysis (Libemu python wrapper, pylibemu)
Variables (set command)
Extraction of old versions of the document
Easy extraction of objects, Javascript code, shellcodes (>, >>, $>, $>>)
Checking hashes on VirusTotal
Creation/Modification:
Basic PDF creation
Creation of PDF with Javascript executed wen the document is opened
Creation of object streams to compress objects
Embedded PDFs
Strings and names obfuscation
Malformed PDF output: without endobj, garbage in the header, bad header...
Filters modification
Objects modification
Execution modes:
Simple command line execution
Powerful interactive console (colorized or not)
Batch mode
TODO:
Embedded PDFs analysis
Improving automatic Javascript analysis