hwk is an easy-to-use wireless authentication and deauthentication tool. Furthermore, it also supports probe response fuzzing, beacon injection flooding, antenna alignment and various injection testing modes. Information gathering is selected by default and shows the incoming traffic indicating the packet types.
What is hwk?
===============
hwk is a collection of packet crafting/network flooding tools:
Grabber is a web application scanner. Basically it detects some kind of vulnerabilities in your website.
Grabber is simple, not fast but portable and really adaptable. This software is designed to scan small websites such as personals, forums etc. absolutely not big application: it would take too long time and flood your network.
Contact
-------
author: Romain Gaucher
website: http://rgaucher.info/beta/grabber
email: [email protected]
Current features
Because it's a small tool, the set of vulnerabilities is small...
- Cross-Site Scripting
- SQL Injection (there is also a special Blind SQL Injection module)
- File Inclusion
- Backup files check
- Simple AJAX check (parse every JavaScript and get the URL and try to get the parameters)
- Hybrid analysis/Crystal ball testing for PHP application using PHP-SAT
- JavaScript source code analyzer: Evaluation of the quality/correctness of the JavaScript with JavaScript Lint
- Generation of a file [session_id, time(t)] for next stats analysis.
How do I use Grabber ?
You have a main script grabber.py which execute the modules (xss.py, sql.py, etc.).
Download Grabber
Download Grabber
The executable version produced by py2exe
Source code
Installation
For using Grabber you only need Python 2.4, BeautifulSoup and PyXML. You can download the packages on the websites given above.
Configuration
You can configure the run with a configuration file like this:
http://127.0.0.1/bank
1
Then launch the grabber.py script.
Or you can use the command line parameters:
$ python grabber.py --spider 1 --sql --xss --url http://127.0.0.1/bank
The two configuration are equivalents.
What you need to know ?
1. Enable network proxy
2. Snapshot file system
3. Install App
4. Decrypt app
5. Snapshot file system
6. Binary analysis:
a. PIE enabled?
b. Stack smashing protection enabled?
c. Reference counting enabled?
d. Class-dump or class-dump-z
e. XML processors installed?
f. Jailbreak Detection?
ii. (if yes, disable)
7. Runtime Analysis:
a. Use the app and record data
b. Certificate enforcement
i. if yes, bypass (import cert, hook cert functions)
c. Snapshot file system
d. Analyze shanpshot diffs
i. Locate storage of sensitive data
1. Was it stored securely?
ii. Protocol handlers installed?
e. Locate transmission of sensitive data
i. Was it transmitted securely?
ii. Privacy Analysis
1. Did the app transmit Contacts?
2. Did the app transmit Calendar?
3. Did the app transmit Location?
4. Did the app store a location log?
a. What was the granularity of the location?
5. Did the app transmit UDID?
f. Abuse the app and record data
i. If protocol handlers in use, can they be abused?
ii UIWebView in use?
1. Attempt XSS
a. Attempt to exploit objc bridge
iii. XML in use?
1. Attempt local XML attacks
iv. Attempt buffer overflows
v. Attempt format string attacks
vi. Attempt local file traversal
vii. Attempt local SQLi
viii. Logic flaw abuse
ix. (If in scope - Server side analysis)
g. Snapshot file system
h. Analyze snapshot diffs
i. As findings are discovered, repeat any steps in 7. as needed
SiRA is able to automate or semi-automate many of the steps involved in an application
assessment. SiRA includes some assistance for all 7 of the major methodology steps outlined
above. Not all automatable substeps are currently implemented, but work is ongoing. In
addition, SiRA provides a convenient single location for a variety of manual and semi-automated
functionalities. Finally, SiRA can automate your automation by providing a step-by-step guided
Backfuzz is a fuzzing tool for different protocols (FTP, HTTP, IMAP, etc) written in Python. The general idea is that this script has several predefined functions, so whoever wants to write their own plugin's (for another protocol) can do that in few lines.
# Installation: git clone https://github.com/localh0t/backfuzz
# Contact: [email protected] (suggerences, ideas, reviews)
# Follow: @mattdch
# Blog: www.localh0t.com.ar
GScrape is a small perl script that uses Google's Ajax API (Google::Search) to find vulnerable websites.
GScrape is a simple tool, it will look for a file specified by the user containing a list of search terms, query google with those search terms and retrieve an array of websites, which are then tested for Local File Inclusion and SQL injection vulnerabilities, if any are found they are logged to the output file specified by the user.
Example:
perl gscrape.pl -f dork.lst -o gscrape.log
Note:
GScrape will not return any results unless your input file actually contains a list of search terms.
Voice over IP penetration testing tookit providing SIP and NGN Services Testing Modules for Metasploit Framework
Viproy Voip Pen-Test Kit is developed to improve the quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 10 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services.
SDL Regex Fuzzer is a verification tool to help test regular expressions for potential denial of service vulnerabilities. Regular expression patterns containing certain clauses that execute in exponential time (for example, grouping clauses containing repetition that are themselves repeated) can be exploited by attackers to cause a denial-of-service (DoS) condition. SDL Regex Fuzzer integrates with the SDL Process Template and the MSF-Agile+SDL Process Template to help users track and eliminate any detected regex vulnerabilities in their projects.