SOLDIERX.COM Nobody Can Stop Information Insemination

SapCap is a SAP packet sniffer and decompression tool for analysing SAP GUI (DIAG) traffic. Using a 3rd-party JNI interface for pCap, it is also able to load previously captured tcpdump files.
Details on running SapCap can be found in the README.txt file included in the zip file.

Author: Ian de Villiers
Cost: Free
Source Code: GitHub
Version: 0.1
License : GPL
Release Date : 2011-09-02

Requirements
Java runtime environment.
Jpcap
Custom JNI Library.

The custom JNI library is included in the download.

Binary builds of the JNI library are only available for the following platforms:
Mac OS/X
Windows (32-bit)
Linux (32-bit)

If you wish to use a different platform, please download the sources for SAPProx and SapCompress and build the library yourself.

SAPProx is a proof of concept tool for intercepting and modifying SAP GUI (DIAG protocol) traffic.
Details on running SAPProx can be found in the README.txt file included in the zip file.

Author: Ian de Villiers
Cost: Free
Source Code: GitHub
Version : 0.1
License : GPL
Release Date : 2011-09-02

Requirements
Java runtime environment.
Custom JNI Library.

The custom JNI library is included in the download.

Binary builds of the JNI library are only available for the following platforms:
Mac OS/X
Windows (32-bit)
Linux (32-bit)

If you wish to use a different platform, please download the sources for SAPProx and SapCompress and build the library yourself.

The analysis and reverse engineering of SAP GUI network traffic has been the subject of numerous research projects in the past, and several methods have been available in the past for decoding SAP DIAG traffic. Until the release of SensePost's freely available proof of concept SAP DIAG tools (SAPProx and SApCap) in 2011, most methods were complicated and convoluted, or not in the public domain.

SAP is widely used and normally stores information of great sensitivity to companies. However, by default the communication protocol can be described as telnet-meets-gzip and Secure Network Communication (SNC) is not enabled in most organizations where SAP GUI is used. Furthermore, the protocol can be abused with relatively devastating effect against both server and client side components.

SensePost's tools for decoding and analyzing SAP DIAG protocol has now been refined to a production ready, and offensive platform with scripting and fuzzing support. In addition, the tool set has been extended to include support for intercepting and decoding RFC-based communication.

Oyedata is a new tool to perform black-box OData security testing and help secure OData deployments. Gursev Singh Kalra wrote Oyedata from a penetration testing perspective and its the major features are summarized below:

Intuitive GUI based tool written in C#.
Ability to create attack templates from local and remote Service Documents and Service Metadata Documents.
Support for XML and JSON data formats.
Ability to export attack templates in JSON and XML formats that can be fed to custom Fuzzing code.
Ability to engage the OData services for manual testing.
Data generator for EDMSimpleType test data generation.
Ability to generate “Read URIs” for Entities, Entity Properties and Entity Property Values.
Ability to generate attack templates for Creation of new Entries, updating existing Entries, Service Operation invocation, Entry deletion etc…
Ability to identify Keys, Nullable and Non-Nullable Properties and indicate the same in the attack templates.
Web proxy, HTTP and HTTPS support and Error logging.

The files are:
Oyedata User Guide Oyedata for OData Assessments.pdf - Oyedata user guide.
setup.exe and OyedataSetup.msi - Oyedata setup files.

System Requirements:
Microsoft .Net 4.0

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security and post exploitation during Penetraion Tests. The scripts are written on the basis of requirement by the author during real Penetration Tests. It contains many interesting scripts like download and execute, keylogger, password hash dumper, time based payload and much more.

PAYLOADS
It contains many interesting scripts like download and execute, keylogger, dns txt pwnage, wait for command and much more.

HELP
All payloads and scripts are Get-Help compatible. Use "Get-Help -full" on a PowerShell prompt to get full help details.

LATEST CODE
Checkout svn repo for latest code
svn checkout http://nishang.googlecode.com/svn/trunk/ nishang

Kautilya is a toolkit which provides various payloads for a Human Interface Device which may help in breaking in a computer. Written in Ruby, the toolkit contains useful payloads and modules which could be used at different stages of a Penetration Test. Kautilya is tested with Teensy++ device but could be used with most of the HIDs. It has been successfully tested for breaking into Windows 7, Ubuntu11 and Mac OS X Lion.

- The Windows payloads and modules are written mostly in powershell (in combination with native commands) and are tested on Windows 7 and Windows 8.

- The Linux payloads are mostly shell scripts (those installed by default) in combination with commands. These are tested on Ubuntu 11.

- The OS X payloads are shell scripts (those installed by default) with usage of native commands. Tested on OS X Lion running on a VMWare

- To get the latest version of the toolkit you should checkout the svn repository using

"svn checkout http://kautilya.googlecode.com/svn/trunk/ kautilya"

In principle, Kautilya should work with any HID capable of acting as a keyboard. Kautilya has been tested on Teensy++2.0 and Teensy 3.0 from pjrc.com.

Backfuzz is a fuzzing tool for different protocols (FTP, HTTP, IMAP, etc) written in Python. The general idea is that this script has several predefined functions, so whoever wants to write their own plugin's (for another protocol) can do that in few lines.

# Installation: git clone https://github.com/localh0t/backfuzz
# Contact: [email protected] (suggerences, ideas, reviews)
# Follow: @mattdch
# Blog: www.localh0t.com.ar

Scout is a security tool that lets Amazon Web Servers (AWS) administrators asses their environments security posture. Using the AWS API, Scout gathers configuration data for manual inspection or highlights high-risk areas automatically. Rather than pouring through dozens of pages on the web, Scout supplies a clear view of the attack surface automatically.

Running:
Scout is packaged as an executable jar. To run it, type

$ java -jar scout-0.9.5-standalone.jar

This will print a short message describing the commands Scout supports.

Usage:
java -jar scout-0.9.5-standalone.jar ACTION [OPTIONS]

The action argument will be explained in detail for each action below. The -c arguments specifies the credentials the tool will use to make requests to the AWS API.

Actions:
list-instances
Output a list of every instance in your EC2 account, grouped by security group, along with selected attributes of the instance.

list-groups
Output a list of every security group, broken down permission by permission.

audit-groups
Output a list of notable or dangerous security group permissions. Permissions are rated as critical, warning, or info depending on the service exposed and how much of the internet the service is exposed to (a /8 is more "critical" than a /24). For more information regarding this rating algorithm, consult the wiki.

compare-groups
Output the difference between what is configured in EC2 and the supplied ruleset file. Permissions marked "+" are configured in EC2 but missing from the ruleset, while permissions marked "-" are missing from EC2 but defined in the ruleset.

compare-groups requires that you specify a ruleset file for it to compare against. Here's an example ruleset:

(ruleset
(group :websrv
(permission :tcp [80] "0.0.0.0/0")
(permission :tcp [443] "0.0.0.0/0")
(permission :tcp [22] "134.82.0.0/16"))
(group :appsrv
(permission :tcp [8080 8083] :websrv)

..cantor.dust.. is an interactive binary visualization tool, a radical evolution of the traditional hex editor. By translating binary information to a visual abstraction, reverse engineers and forensic analysts can sift through mountains of arbitrary data in seconds. Even previously unseen instruction sets and data formats can be easily located and understood through their visual fingerprint. ..cantor.dust.. dramatically accelerates the analysis process, and, for the experienced user, forms an indispensable tool in the reverser's arsenal.

JMSDigger is a new tool that can be leveraged to engage and assess enterprise messaging applications with the current release focuses on ActiveMQ. JMSDigger has following features:

Validate credentials and perform credential bruteforce
Dump destinations (topics, queues and queue browsers)
Create, dump and delete durable subscribers
Perform anonymous authentication
Password Decryption
Retrieve Statistics for Broker, Topic and Queues
Create dynamic queues and topics