Sep 25, 2015

Tools: ARDT - Akamai Reflective DDoS Tool

Akamai Reflective DDoS Tool - Attack the origin host behind the Akamai Edge hosts and DDoS protection offered by Akamai services.

Source:: https://github.com/m57/ARDT

Tools: Tango - Set of scripts and Splunk apps for Honeypot

Tango is a set of scripts and Splunk apps which help organizations and users quickly and easily deploy honeypots and then view the data and analysis of the attacker sessions. There are two scripts provided which facilitate the installation of the honeypots and/or Splunk Universal Forwarder. One of the scripts uf_only.sh will install the Splunk Universal Forwarder and install the necessary input and output configuration files. The other script sensor.sh will install the Splunk Universal Forwarder along with the Cowrie honeypot required for the Tango Honeypot Intelligence app to work.

Source:: https://github.com/aplura/Tango/blob/master/README.md

Sep 24, 2015

Tools: Powercat - A PowerShell version of netcat.

PowerCat is a PowerShell module. First you need to load the function before you can execute it. You can put one of the below commands into your powershell profile so powercat is automatically loaded when powershell starts

Source:: http://seclist.us/powercat-a-powershell-version-of-netcat.html

Tools: php-malware-finder - Detect potentially malicious PHP files

PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells.
The following list of encoders/obfuscators/webshells are also detected:

Source:: https://github.com/nbs-system/php-malware-finder

Tools: Pupy - opensource RAT (Remote Administration Tool) written in Python

Pupy is an opensource RAT (Remote Administration Tool) written in Python. Pupy uses reflective dll injection and leaves no traces on disk.

Features :

  • On windows, the Pupy payload is compiled as a reflective DLL and the whole python interpreter is loaded from memory. Pupy does not touch the disk :)
  • Pupy can reflectively migrate into other processes
  • Pupy can remotely import, from memory, pure python packages (.py, .pyc) and compiled python C extensions (.pyd). The imported python modules do not touch the disk. (.pyd mem import currently work on Windows only, .so memory import is not implemented).
  • modules are quite simple to write and pupy is easily extensible.
  • Pupy uses rpyc (https://github.com/tomerfiliba/rpyc) and a module can directly access python objects on the remote client
    • we can also access remote objects interactively from the pupy shell and even auto completion of remote attributes works !
  • communication channel currently works as a ssl reverse connection, but a bind payload will be implemented in the future
  • all the non interactive modules can be dispatched on multiple hosts in one command
  • Multi-platform (tested on windows 7, windows xp, kali linux, ubuntu)
  • modules can be executed as background jobs
  • commands and scripts running on remote hosts are interruptible
  • auto-completion and nice colored output :-)
  • commands aliases can be defined in the config

Sep 21, 2015

Tools: scanmem - memory scanner for Linux

scanmem is a debugging utility designed to isolate the address of an arbitrary variable in an executing process. scanmem simply needs to be told the pid of the process, and the value of the variable at several different times.
After several scans of the process, scanmem isolates the position of the variable and allows you to modify it's value.
GameConqueror is a GUI of scanmem and more than that, it provides flexible syntax for searching, multiple memory locking and a memory editor.

Source:: https://github.com/scanmem/scanmem