Security-Shell

OWASP Europe Tour - Bucharest 2013

2013-05-23T08:56:00.000+02:00

OWASP Europe TOUR, is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.

Date: Wednesday 5th of June
Venue Location: University "Politehnica" of Bucharest
Venue Address: Splaiul Independentei nr. 313, sector 6, Bucuresti, ROMANIA; Rectorship Building, Senate Hall Postal cod: RO-060042

Source: https://www.owasp.org

DroidSQLi - MySQL Injection tool for Android

2013-05-20T16:56:00.000+02:00

DroidSQLi is the first automated MySQL Injection tool for Android. It allows you to test your MySQL-based web application against SQL injection attacks.

DroidSQLi supports the following injection techniques:
- Time based injection
- Blind injection
- Error based injection
- Normal injection

Get it from https://play.google.com/store/apps/details?id=net.edgard.droidsqli

Static Analysis Technologies Evaluation Criteria Released

2013-05-12T20:08:00.003+02:00

Introduction:

Static code analysis is the analysis of software source or binary code. It aims at automating code analysis to find as many common software security weaknesses as possible. There are several open source and commercial static code analysis tools and services available in the market for organizations to choose from.

Static code analysis is rapidly becoming an essential part of most software organizations' application security assurance program. Mainly because of their ability to analyze large amounts of source code in considerably shorter amount of time than a human could, uncover potential weaknesses, in addition to the ability to automate security knowledge and workflows.

Download PDF: http://projects.webappsec.org/w/file/fetch/66107997/SATEC_Manual-02.pdf

Source: http://projects.webappsec.org

AttackVector Linux

2013-05-12T10:41:00.003+02:00

Linux distro for anonymized penetration based on Kali and TAILS

AttackVector Linux is a new distribution for anonymized penetration and security. It is based on Kali and TAILS, which are both based on Debian. While Kali requires a modified kernel for network drivers to use injection and so forth, the Tor Project's TAILS is designed from the bottom up for encryption, and anonymity. Nmap can't UDP via Tor. The intention of AttackVector Linux is to provide the capability to anonymize attacks while warning the user when he or she takes actions that may compromize anonymity. The two projects have different design philosophies that can directly conflict with one another. In spite of this, the goal of AttackVector Linux is to integrate them complementarily into one OS.

Download: https://bitbucket.org/attackvector

More Info: https://github.com/ksoona/attackvector

SpiderFoot v.2.0 Released

2013-05-07T17:35:00.001+02:00

Open source Footprinting tool

SpiderFoot is an open source footprinting tool, available for Windows and Linux. It is written in Python and provides an easy-to-use GUI. SpiderFoot obtains a wide range of information about a target, such as web servers, netblocks, e-mail addresses and more.

SpiderFoot is designed from the ground-up to be modular. This means you can easily add your own modules that consume data from other modules to perform whatever task you desire.
As a simple example, you could create a module that automatically attempts to brute-force usernames and passwords any time a password-handling webpage is identified by the spidering module.

Download: https://github.com/smicallef/spiderfoot
http://sourceforge.net/projects/spiderfoot/

More Info: http://www.spiderfoot.net

Arachni v0.4.2 Released

2013-04-30T09:52:00.005+02:00

Web Application Security Scanner Framework

Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives. It is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform.

The change-log is quite sizeable but the gist is:

* Brand new web interface -- allowing for team collaboration.
* Significant decreases in memory usage.
* Issue remarks – Providing extra context to logged issues.
* Improved payloads for Windows machines for path traversal and OS command injection.
* RPC API updates allowing for much easier remote scan management.
* Much improved profiling and detection of custom 404 responses.
* The ability to exclude pages from the scan based on content.

For more details and Download visit: http://www.arachni-scanner.com

Canari Framework

2013-04-15T16:00:00.000+02:00

Canari - Maltego Rapid Transform Development Framework

Canari is a rapid transform development framework for Maltego written in Python. The original focus of Canari was to provide a set of transforms that would aid in the execution of penetration tests, and vulnerability assessments. Ever since it's first prototype, it has become evident that the framework can be used for much more than that. Canari is perfect for anyone wishing to graphically represent their data in Maltego without the hassle of learning a whole bunch of unnecessary stuff. It has generated interest from digital forensics analysts to pen-testers, and even psychologists.

Canari's core features include:
- An easily extensible and configurable framework that promotes maximum reusability;
- A set of powerful and easy-to-use scripts for debugging, configuring, and installing transforms;
-Finally, a great number of community provided transforms.

More info and Download: http://www.canariproject.com

Video demo: http://www.youtube.com/allfro

AppUse - Android Pentest Platform Unified Standalone Environment

2013-04-03T13:42:00.000+02:00

AppSec Labs recently developed the AppUse Virtual Machine. This system is a unique, free, platform for mobile application security testing in the android environment, and it includes unique custom-made tools created by AppSec Labs.

There is no need for installation of simulators and testing tools, no need for SSL certificates of the proxy software, everything comes straight out of the box pre-installed and configured for an ideal user experience.Security experts who have seen the machine were very excited, calling it the next ‘BackTrack’ (a famous system for testing security problems), specifically adjusted for android application security testing.

AppUse VM closes gaps in the world of security, now there is a special and customized testing environment for android applications.

This machine is intended for the daily use of security testers everywhere for Android applications, and is a must-have tool for any security person.

Download: http://sourceforge.net

XSSF - Cross-Site Scripting Framework v.3.0 Released

2013-03-19T16:43:00.002+01:00

The Cross-Site Scripting Framework (XSSF) is a security tool designed to turn the XSS vulnerability exploitation task into a much easier work. The XSSF project aims to demonstrate the real dangers of XSS vulnerabilities, vulgarizing their exploitation. This project is created solely for education, penetration testing and lawful research purposes.

XSSF allows creating a communication channel with the targeted browser (from a XSS vulnerability) in order to perform further attacks. Users are free to select existing modules (a module = an attack) in order to target specific browsers.

XSSF provides a powerfull documented API, which facilitates development of modules and attacks. In addition, its integration into the Metasploit Framework allows users to launch MSF browser based exploit easilly from an XSS vulnerability.

XSSF Basics: Install on Kali-1.0 Video Demo : http://www.youtube.com/watch?v=AhUhOirEfTE

Download: https://code.google.com

jSQL Injection v0.3

2013-03-18T14:11:00.002+01:00

jSQL Injection is a lightweight application used to find database information from a distant server.

jSQL is free, open source and cross-platform (Windows, Linux, Mac OS X, Solaris).

Features:

GET, POST, header, cookie methods
Normal, error based, blind, time based algorithms
Automatic best algorithm selection
Thread control (start/pause/resume/stop)
Expose URL calls
Simple evasion
Data retrieving progression bar
Proxy setting
Distant file reading
Webshell deposit
Terminal for webshell commands
Configuration backup
jSQL version checker
Supports MySQL

Download: https://code.google.com

SCIP – Indentify, Enumerate and Execute Invisible ASP.net Controls

2013-03-15T11:50:00.000+01:00

SCIP is an OWASP ZAP extension designed to assess the security of ASP.net and Mono applications, while abusing platform specific behaviors and misconfigurations.

The extension currently supports the following features:

Identify the existence of invisible, commented and disabled server side web controls in ASP.net – passively (!). Identify which ASP.net security configuration is active in each page (EventValidation, MAC), and in which cases the invisible controls are exploitable – passively (!)

Enumerate the names of invisible controls using built-in customizable dictionaries with ASP.net naming conventions.
Rebuild the event validation whenever possible (MAC=off)

Execute invisible controls when either one of the security features is turned OFF, or when there is a server-side callback implementation flaw.

Execute disabled controls and commented out controls regardless of security
Support additional manual techniques for executing controls despite the security features.

The extension can be obtained from the project's website or from ZAP's built-in marketplace feature:

https://code.google.com/p/ria-scip/

WPScan - WordPress Security Scanner Android App.

2013-02-22T20:32:00.001+01:00

WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses within WordPress installations. Its intended use it to be for security professionals or WordPress administrators to asses the security posture of their WordPress installations.

Download: https://play.google.com or from Github https://github.com

OWASP Top 10 Application Security Risks – 2013 Released

2013-02-15T19:37:00.000+01:00

The OWASP Top 10 is based on risk data from 8 firms that specialize in application security, including 4 consulting companies and 4 tool vendors (2 static and 2 dynamic). This data spans over 500,000 vulnerabilities across hundreds of organizations and thousands of applications. The Top 10 items are selected and prioritized according to this prevalence data, in combination with consensus estimates of exploitability, detectability, and impact estimates.

Download: https://code.google.com/p/owasptop10

Source: https://www.owasp.org

Active Defense Harbinger Distribution v.0.4.1

2013-02-08T08:09:00.001+01:00

The Active Defense Harbinger Distribution (ADHD) is a Linux distro based on Ubuntu 12.04 LTS. It comes with many tools aimed at active defense preinstalled and configured. The purpose of this distribution is to aid defenders by giving them tools to "strike back" at the bad guys.

ADHD has tools whose functions range from interfering with the attackers' reconnaissance to compromising the attackers' systems. Innocent bystanders will never notice anything out of the ordinary as the active defense mechanisms are triggered by malicious activity such as network scanning or connecting to restricted services.

Download: http://sourceforge.net

Watcher v1.5.6 Released

2013-01-09T08:48:00.001+01:00

Web security testing tool and passive vulnerability scanner

Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as operational configuration issues. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads (potential XSS), cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more.

Watcher is built as a plugin for the Fiddler HTTP debugging proxy available at www.fiddlertool.com. Fiddler provides all of the rich functionality of a good Web/HTTP proxy. With Fiddler you can capture all HTTP traffic, intercept and modify, replay requests, and much much more. Fiddler provides the HTTP proxy framework for Watcher to work in, allowing for seamless integration with today’s complex Web 2.0 or Rich Internet Applications. Watcher runs silently in the background while you drive your browser and interact with the Web-application.

Download: http://websecuritytool.codeplex.com

SQL Fingerprint Xmas Released

2012-12-24T17:09:00.002+01:00

Microsoft SQL Server fingerprinting can be a time consuming process, because it involves trial and error methods to determine the exact version. Intentionally inserting an invalid input to obtain a typical error message or using certain alphabets that are unique for certain server are two of the many ways to possibly determine the version, but most of them require authentication, permissions and/or privileges on Microsoft SQL Server to succeed.

Instead, ESF.pl uses a combination of crafted packets for SQL Server Resolution Protocol (SSRP) and Tabular Data Stream Protocol (TDS) (protocols natively used by Microsoft SQL Server) to accurately perform version fingerprinting and determine the exact Microsoft SQL Server version. ESF.pl also applies a sophisticated Scoring Algorithm Mechanism (Powered by Exploit Next Generation⁺⁺ Technology), which is a much more reliable technique to determine the Microsoft SQL Server version. It is a tool intended to be used by:

This version is a completely rewritten version in Perl, making ESF.pl much more portable than the previous binary 
version (Win32), and its original purpose is to be used as a tool to perform automated penetration test. This version 
also includes the followingMicrosoft SQL Server versions to its fingerprint database:
        • Microsoft SQL Server 2012 SP1 (CU1)
        • Microsoft SQL Server 2012 SP1
        • Microsoft SQL Server 2012 SP1 CTP4
        • Microsoft SQL Server 2012 SP1 CTP3
        • Microsoft SQL Server 2012 SP0 (CU4)
        • Microsoft SQL Server 2012 SP0 (MS12-070)
        • Microsoft SQL Server 2012 SP0 (CU3)
        • Microsoft SQL Server 2012 SP0 (CU2)
        • Microsoft SQL Server 2012 SP0 (CU1)
        • Microsoft SQL Server 2012 SP0 (MS12-070)
        • Microsoft SQL Server 2012 SP0 (KB2685308)
        • Microsoft SQL Server 2012 RTM

Download: http://code.google.com

Source: http://code.google.com/p/sql-fingerprint-next-generation

Xenotix XSS Exploit Framework v.2 Released

2012-11-29T15:40:00.000+01:00

Xenotix XSS Exploit Framework is a penetration testing tool to detect and exploit XSS vulnerabilities in Web Applications. This tool can inject codes into a webpage which are vulnerable to XSS. It is basically a payload list based XSS Scanner and XSS Exploitation kit. It provides a penetration tester the ability to test all the XSS payloads available in the payload list against a web application to test for XSS vulnerabilities. The tool supports both manual mode and automated time sharing based test modes. The exploitation framework in the tool includes a XSS encoder, a victim side XSS keystroke logger, an Executable Drive-by downloader and a XSS Reverse Shell. These exploitation tools will help the penetration tester to create proof of concept attacks on vulnerable web applications during the creation of a penetration test report.

Features:

Built in XSS Payloads
XSS Key logger
XSS Executable Drive-by downloader
Automatic XSS Testing
XSS Encoder
XSS Reverse Shell (new)

Download: https://www.owasp.org/index.php/File:Xenotix_XSS_Exploit_Framework_2013_v2.zip

Diviner - OWASP Zed Attack Proxy Extension

2012-11-06T09:45:00.000+01:00

Diviner is a unique platform that attempts to predict the structure of the server-side memory, source code and processes,by executing scenarios aimed to fingerprint behaviors that derive from specific lines of code, processes or memory allocations,by employing the use of a variety of coverage processes, content differentiation tests and entry point execution scenarios,and by using deduction algorithms that convert this information into a visual map of the application.

Diviner analyzes and reuses the requests found in ZAP's history at at the moment of its activation, activates the application entry points under different extreme conditions, generates and isolates specific application behaviors,and uses the information obtained to predict the structure of the server side memory,source code, and processes.These aspects are then presented in the form of a visual map,which includes leads, tasks and payload recommendations.

Diviner also attempts to analyze this information in order to locate potential leads for vulnerabilities,both simple and complex, and provides recommendations for detecting and exploiting them.

Video Demo:

Using the Clairvoyance Feature to Gain Insight into the Server Memory, Code and Processes
Using the Advisor Feature to Detect SQL Injection via Session Attributes
Using the Advisor Feature to Detect XSS via Session Attributes

More info: http://sectooladdict.blogspot.com

Download: http://code.google.com

Cookie Cadger v.0.9

2012-11-03T19:14:00.001+01:00

An auditing tool for Wi-Fi or wired Ethernet connections

Cookie Cadger helps identify information leakage from applications that utilize insecure HTTP GET requests.

Cookie Cadger works on Windows, Linux, or Mac, and requires Java 7. Using Cookie Cadger requires having “tshark” – a utility which is part of the Wireshark suite, to be installed. Usually simply installing Wireshark will be sufficient. Additionally, to capture packets promiscuously requires compatible hardware. Capturing Wi-Fi traffic requires hardware capable of monitor mode, and the knowledge of how to place your device into monitor mode.

Download: https://www.cookiecadger.com

Scylla v.1.0 - Advanced Audit Tool

2012-11-01T11:14:00.000+01:00

Scylla is a tool to audit different online application protocols and configurations, built over a brute-force core.This tool acts at a tool for unifying auditing techniques, in other words, it does what oscanner, winfingerprint, Hydra, DirBuster, and other tools do, and also what those tools don’t do.

Scylla is arguably the first free-open source auditing/hacking tool for protocols such as LDAP, DB2, Postgres, terminal and Mssql; Scylla adds tons of new features to what those other tools do but with a key difference: it does them faster and smarter!

Supported Protocols:

- Terminal (Telnet, SSH, telnets)
- FTP (FTPS, FTP, SFTP)
- SMB (Also Windows RPC)
- LDAP
- POP3 (POP3S)
- SMTP (SMTPS)
- IMAP
- MySql
- MSSQL
- Oracle (Database and TNS Listener)
- DB2 (Database and DAS)
- HTTP(HTTPS; Basic AUTH Brute Force, Digest AUTH Brute Force, Form Brute Force, Directory and files Brute Force)
- DNS (DNS snooping)
- Postgres SQL

Scylla functions on three basic stages: - Pre-Hack Stage,Brute Force Stage and Post Hack Stage.

Basic features:

- User, password list based Brute force
- Multiple hosts support
- Multiple session support
- Nmap integration
- Non-synchronized threads (proof to be a bit faster)
- Ability to restore sessions
- Session auto-saving (based on SQL Server CE)
- Easy to use
- Auto configured options
- Hacker oriented
- Free, and always free
- Database browser (who have hacked a DB and don’t have a DB client to connect to it? And worse if you don’t have internet)
- Open source tool

Download: http://code.google.com

More Screenshots: http://code.google.com/p/scylla-v1/wiki/ScyllaScreenShots

Burp Suite Free Edition v1.5 released

2012-10-31T15:37:00.000+01:00

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.

This is a significant upgrade with a wealth of new features added since v1.4. The most notable of these are described below. http://blog.portswigger.net

In my opinion this is one of the best tool around so don't hesitate to try it!

The Teenage Mutant Ninja Turtles project

2012-10-26T10:10:00.000+02:00

The Teenage Mutant Ninja Turtles project is four things:

A Web Application payload database.
A Web Application error database.
A Web Application payload mutator.
A Web Application payload manager (e.g. does database clean up).

Nowadays all high profile sites found in financial and telecommunication sector use filters to filter out all types of vulnerabilities such as SQL, XSS, XXE, Http Header Injection e.t.c. In this particular project I am going to provide you with a tool to generate Obfuscated Fuzzing Injection attacks on order to bypass badly implemented Web Application injection filters (e.t.c SQL Injections, XSS Injections e.t.c).

Download: http://code.google.com
More Info: http://code.google.com

Subterfuge Beta Version 4.2 Released

2012-10-25T09:29:00.000+02:00

Automated Man-in-the-Middle Attack Framework

Abstract:

Enter Subterfuge, a Framework to take the arcane art of Man-in-the-Middle Attack and make it as simple as point and shoot. A beautiful, easy to use interface which produces a more transparent and effective attack is what sets Subterfuge apart from other attack tools. Subterfuge demonstrates vulnerabilities in the ARP Protocol by harvesting credentials that go across the network, and even exploiting machines through race conditions. Now walk into a corporation… A rapidly-expanding portion of today’s Internet strives to increase personal efficiency by turning tedious or complex processes into a framework which provides instantaneous results.

On the contrary, much of the information security community still finds itself performing manual, complicated tasks to administer and protect their computer networks. Given the increase in automated hacking tools, it is surprising that a simplistic, “push-button” tool has not been created for information security professionals to validate their networks’ ability to protect against a Man-In-The-Middle attack. Subterfuge is a small but devastatingly effective credential-harvesting program which exploits a vulnerability in the Address Resolution Protocol. It does this in a way that a non-technical user would have the ability, at the push of a button, to harvest all of the usernames and passwords of victims on their connected network, thus equipping information and network security professionals with a “push-button” security validation tool.

Download: http://code.google.com/p/subterfuge

Subterfuge DEFCON 20 Teaser: http://www.youtube.com

Snuck - Automatic XSS filter bypass tool

2012-10-23T12:12:00.002+02:00

snuck is an automated tool that may definitely help in finding XSS vulnerabilities in web applications. It is based on Selenium and supports Mozilla Firefox, Google Chrome and Internet Explorer. The approach, it adopts, is based on the inspection of the injection's reflection context and relies on a set of specialized and obfuscated attack vectors for filter evasion. In addition, XSS testing is performed in-browser, a real web browser is driven for reproducing the attacker's behavior and possibly the victim's.

snuck is quite different from typical web security scanners, it basically tries to break a given XSS filter by specializing the injections in order to increase the success rate. The attack vectors are selected on the basis of the reflection context, that is the exact point where the injection falls in the reflection web page's DOM. Having access to the pages' DOM is possible through Selenium Web Driver, which is an automation framework, that allows to replicate operations in web browsers. Since many steps could be involved before an XSS filter is "activated", an XML configuration file should be filled in order to make snuck aware of the steps it needs to perform with respect to the tested web application. Practically speaking, the approach is similar to the iSTAR's one, but it focuses on one particular XSS filter.

Download: http://code.google.com/p/snuck/

dSploit - An Android network penetration suite

2012-10-10T10:16:00.000+02:00

dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assesments on a mobile device.

Once dSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack logon procedures of many tcp protocols, perform man in the middle attacks such as password sniffing ( with common protocols dissection ), real time traffic manipulation, etc, etc .

This application is still in beta stage, a stable release will be available as soon as possible, but expect some crash or strange behaviour until then, in any case, feel free to submit an issue here on GitHub.

Requirements:

An Android device with at least the 2.3 ( Gingerbread ) version of the OS.

The device must be rooted.

The device must have a BusyBox full install, this means with every utility installed ( not the partial installation ).

Available Modules

RouterPWN
Launch the http://routerpwn.com/ service to pwn your router.
Port Scanner
A syn port scanner to find quickly open ports on a single target.
Inspector
Performs target operating system and services deep detection, slower than syn port scanner but more accurate.
Vulnerability Finder
Search for known vulnerabilities for target running services upon National Vulnerability Database.
Login Cracker
A very fast network logon cracker which supports many different services.
Packet Forger
Craft and send a custom TCP or UDP packet to the target.
MITM
A set of man-in-the-middle tools to command&conquer the whole network .

Download: https://github.com