A Collection of Awesome Penetration Testing Resources - OffSec

A collection of awesome penetration testing resources

• Online Resources
  • Penetration Testing Resources
  • Exploit development
  • Social Engineering Resources
  • Lock Picking Resources
• Tools
  • Penetration Testing Distributions
  • Basic Penetration Testing Tools
  • Docker for Penetration Testing
  • Vulnerability Scanners
  • Network Tools
  • Wireless Network Tools
  • SSL Analysis Tools
  • Web exploitation
  • Hex Editors
  • Crackers
  • Windows Utils
  • Linux Utils
  • DDoS Tools
  • Social Engineering Tools
  • OSInt Tools
  • Anonymity Tools
  • Reverse Engineering Tools
  • CTF Tools
• Books
  • Penetration Testing Books
  • Hackers Handbook Series
  • Network Analysis Books
  • Reverse Engineering Books
  • Malware Analysis Books
  • Windows Books
  • Social Engineering Books
  • Lock Picking Books
• Vulnerability Databases
• Security Courses
• Information Security Conferences
• Information Security Magazines
• Awesome Lists
• Contribution
• License
• 
  

Online Resources

Penetration Testing Resources

• Metasploit Unleashed - Free Offensive Security metasploit course
• PTES - Penetration Testing Execution Standard
• OWASP - Open Web Application Security Project

Exploit development

• Shellcode Tutorial - Tutorial on how to write shellcode
• Shellcode Examples - Shellcodes database
• Exploit Writing Tutorials - Tutorials on how to develop exploits
• GDB-peda - Python Exploit Development Assistance for GDB
• shellsploit - New Generation Exploit Development Kit

Social Engineering Resources

• Social Engineering Framework - An information resource for social engineers

Lock Picking Resources

• Schuyler Towne channel - Lockpicking videos and security talks
• /r/lockpicking - Resources for learning lockpicking, equipment recommendations.

Tools

Penetration Testing Distributions

• Kali - A Linux distribution designed for digital forensics and penetration testing
• ArchStrike - An Arch Linux repository for security professionals and enthusiasts
• BlackArch - Arch Linux-based distribution for penetration testers and security researchers
• NST - Network Security Toolkit distribution
• Pentoo - Security-focused livecd based on Gentoo
• BackBox - Ubuntu-based distribution for penetration tests and security assessments
• Parrot - A distribution similar to Kali, with multiple architecture

Basic Penetration Testing Tools

• Metasploit Framework - World's most used penetration testing software
• Burp Suite - An integrated platform for performing security testing of web applications
• ExploitPack - Graphical tool for penetration testing with a bunch of exploits
• BeeF - The Browser Exploitation Framework Project
• faraday - Collaborative Penetration Test and Vulnerability Management Platform
• evilgrade - The update explotation framework
• commix - Automated All-in-One OS Command Injection and Exploitation Tool
• routersploit - Automated penetration testing software for router

Docker for Penetration Testing

• docker pull kalilinux/kali-linux-docker official Kali Linux
• docker pull owasp/zap2docker-stable - official OWASP ZAP
• docker pull wpscanteam/wpscan - official WPScan
• docker pull pandrew/metasploit - docker-metasploit
• docker pull citizenstig/dvwa - Damn Vulnerable Web Application (DVWA)
• docker pull wpscanteam/vulnerablewordpress - Vulnerable WordPress Installation
• docker pull hmlio/vaas-cve-2014-6271 - Vulnerability as a service: Shellshock
• docker pull hmlio/vaas-cve-2014-0160 - Vulnerability as a service: Heartbleed
• docker pull opendns/security-ninjas - Security Ninjas
• docker pull diogomonica/docker-bench-security - Docker Bench for Security
• docker pull ismisepaul/securityshepherd - OWASP Security Shepherd
• docker pull danmx/docker-owasp-webgoat - OWASP WebGoat Project docker image
• docker pull citizenstig/nowasp - OWASP Mutillidae II Web Pen-Test Practice Application

Vulnerability Scanners

• Netsparker - Web Application Security Scanner
• Nexpose - Vulnerability Management & Risk Management Software
• Nessus - Vulnerability, configuration, and compliance assessment
• Nikto - Web application vulnerability scanner
• OpenVAS - Open Source vulnerability scanner and manager
• OWASP Zed Attack Proxy - Penetration testing tool for web applications
• Secapps - Integrated web application security testing environment
• w3af - Web application attack and audit framework
• Wapiti - Web application vulnerability scanner
• WebReaver - Web application vulnerability scanner for Mac OS X
• DVCS Ripper - Rip web accessible (distributed) version control systems: SVN/GIT/HG/BZR
• arachni - Web Application Security Scanner Framework

Network Tools

• nmap - Free Security Scanner For Network Exploration & Security Audits
• pig - A Linux packet crafting tool
• tcpdump/libpcap - A common packet analyzer that runs under the command line
• Wireshark - A network protocol analyzer for Unix and Windows
• Network Tools - Different network tools: ping, lookup, whois, etc
• netsniff-ng - A Swiss army knife for for network sniffing
• Intercepter-NG - a multifunctional network toolkit
• SPARTA - Network Infrastructure Penetration Testing Tool
• dnschef - A highly configurable DNS proxy for pentesters
• DNSDumpster - Online DNS recon and search service
• dnsenum - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results
• dnsmap - Passive DNS network mapper
• dnsrecon - DNS Enumeration Script
• dnstracer - Determines where a given DNS server gets its information from, and follows the chain of DNS servers
• passivedns-client - Provides a library and a query tool for querying several passive DNS providers
• passivedns - A network sniffer that logs all DNS server replies for use in a passive DNS setup
• Mass Scan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
• Zarp - Zarp is a network attack tool centered around the exploitation of local networks
• mitmproxy - An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers
• mallory - HTTP/HTTPS proxy over SSH
• Netzob - Reverse engineering, traffic generation and fuzzing of communication protocols
• DET - DET is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time
• pwnat - punches holes in firewalls and NATs
• dsniff - a collection of tools for network auditing and pentesting
• tgcd - a simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls
• smbmap - a handy SMB enumeration tool
• scapy - a python-based interactive packet manipulation program & library

Wireless Network Tools

• Aircrack-ng - a set of tools for auditing wireless network
• Kismet - Wireless network detector, sniffer, and IDS
• Reaver - Brute force attack against Wifi Protected Setup
• Wifite - Automated wireless attack tool
• wifiphisher - Automated phishing attacks against Wi-Fi networks

SSL Analysis Tools

• SSLyze - SSL configuration scanner
• sslstrip - a demonstration of the HTTPS stripping attacks
• sslstrip2 - SSLStrip version to defeat HSTS
• tls_prober - fingerprint a server's SSL/TLS implementation

Web exploitation

• WPScan - Black box WordPress vulnerability scanner
• SQLmap - Automatic SQL injection and database takeover tool
• weevely3 - Weaponized web shell
• Wappalyzer - Wappalyzer uncovers the technologies used on websites
• cms-explorer - CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
• joomscan - Joomla CMS scanner
• WhatWeb - Website Fingerprinter
• BlindElephant - Web Application Fingerprinter
• fimap - Find, prepare, audit, exploit and even google automatically for LFI/RFI bugs
• Kadabra - Automatic LFI exploiter and scanner
• Kadimus - LFI scan and exploit tool
• liffy - LFI exploitation tool

Hex Editors

• HexEdit.js - Browser-based hex editing
• Hexinator (commercial) - World's finest Hex Editor

Crackers

• John the Ripper - Fast password cracker
• Online MD5 cracker - Online MD5 hash Cracker
• Hashcat - The more fast hash cracker

Windows Utils

• Sysinternals Suite - The Sysinternals Troubleshooting Utilities
• Windows Credentials Editor - security tool to list logon sessions and add, change, list and delete associated credentials
• mimikatz - Credentials extraction tool for Windows OS
• PowerSploit - A PowerShell Post-Exploitation Framework
• Windows Exploit Suggester - Detects potential missing patches on the target
• Responder - A LLMNR, NBT-NS and MDNS poisoner
• Empire - Empire is a pure PowerShell post-exploitation agent
• Fibratus - Tool for exploration and tracing of the Windows kernel

Linux Utils

• Linux Exploit Suggester - Linux Exploit Suggester; based on operating system release number.

DDoS Tools

• LOIC - An open source network stress tool for Windows
• JS LOIC - JavaScript in-browser version of LOIC
• T50 - The more fast network stress tool

Social Engineering Tools

• SET - The Social-Engineer Toolkit from TrustedSec

OSInt Tools

• Maltego - Proprietary software for open source intelligence and forensics, from Paterva.
• theHarvester - E-mail, subdomain and people names harvester
• creepy - A geolocation OSINT tool
• metagoofil - Metadata harvester
• Google Hacking Database - a database of Google dorks; can be used for recon
• Censys - Collects data on hosts and websites through daily ZMap and ZGrab scans
• Shodan - Shodan is the world's first search engine for Internet-connected devices
• ZoomEye - A cyberspace search engine for Internet-connected devices and websites using Xmap and Wmap
• recon-ng - A full-featured Web Reconnaissance framework written in Python
• github-dorks - CLI tool to scan github repos/organizations for potential sensitive information leak

Anonymity Tools

• Tor - The free software for enabling onion routing online anonymity
• I2P - The Invisible Internet Project
• Nipe - Script to redirect all traffic from the machine to the Tor network.

Reverse Engineering Tools

• IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
• IDA Free - The freeware version of IDA v5.0
• WDK/WinDbg - Windows Driver Kit and WinDbg
• OllyDbg - An x86 debugger that emphasizes binary code analysis
• Radare2 - Opensource, crossplatform reverse engineering framework.
• x64_dbg - An open-source x64/x32 debugger for windows.
• Pyew - A Python tool for static malware analysis.
• Bokken - GUI for Pyew Radare2.
• Immunity Debugger - A powerful new way to write exploits and analyze malware
• Evan's Debugger - OllyDbg-like debugger for Linux
• Medusa disassembler - An open source interactive disassembler
• plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.

CTF Tools

• Pwntools - CTF framework for use in CTFs

Books

Penetration Testing Books

• The Art of Exploitation by Jon Erickson, 2008
• Metasploit: The Penetration Tester's Guide by David Kennedy et al., 2011
• Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014
• Rtfm: Red Team Field Manual by Ben Clark, 2014
• The Hacker Playbook by Peter Kim, 2014
• The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013
• Professional Penetration Testing by Thomas Wilhelm, 2013
• Advanced Penetration Testing for Highly-Secured Environments by Lee Allen, 2012
• Violent Python by TJ O'Connor, 2012
• Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton et al., 2007
• Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz, 2014
• Penetration Testing: Procedures & Methodologies by EC-Council, 2010
• Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp, 2010
• Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson, 2014
• Bug Hunter's Diary by Tobias Klein, 2011

Hackers Handbook Series

• The Database Hacker's Handbook, David Litchfield et al., 2005
• The Shellcoders Handbook by Chris Anley et al., 2007
• The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009
• The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011
• iOS Hackers Handbook by Charlie Miller et al., 2012
• Android Hackers Handbook by Joshua J. Drake et al., 2014
• The Browser Hackers Handbook by Wade Alcorn et al., 2014
• The Mobile Application Hackers Handbook by Dominic Chell et al., 2015
• Car Hacker's Handbook by Craig Smith, 2016

Network Analysis Books

• Nmap Network Scanning by Gordon Fyodor Lyon, 2009
• Practical Packet Analysis by Chris Sanders, 2011
• Wireshark Network Analysis by by Laura Chappell & Gerald Combs, 2012
• Network Forensics: Tracking Hackers through Cyberspace by Sherri Davidoff & Jonathan Ham, 2012

Reverse Engineering Books

• Reverse Engineering for Beginners by Dennis Yurichev
• Hacking the Xbox by Andrew Huang, 2003
• The IDA Pro Book by Chris Eagle, 2011
• Practical Reverse Engineering by Bruce Dang et al., 2014
• Gray Hat Hacking The Ethical Hacker's Handbook by Daniel Regalado et al., 2015

Malware Analysis Books

• Practical Malware Analysis by Michael Sikorski & Andrew Honig, 2012
• The Art of Memory Forensics by Michael Hale Ligh et al., 2014
• Malware Analyst's Cookbook and DVD by Michael Hale Ligh et al., 2010

Windows Books

• Windows Internals by Mark Russinovich et al., 2012

Social Engineering Books

• The Art of Deception by Kevin D. Mitnick & William L. Simon, 2002
• The Art of Intrusion by Kevin D. Mitnick & William L. Simon, 2005
• Ghost in the Wires by Kevin D. Mitnick & William L. Simon, 2011
• No Tech Hacking by Johnny Long & Jack Wiles, 2008
• Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010
• Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014
• Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014

Lock Picking Books

• Practical Lock Picking by Deviant Ollam, 2012
• Keys to the Kingdom by Deviant Ollam, 2012
• CIA Lock Picking Field Operative Training Manual
• Lock Picking: Detail Overkill by Solomon
• Eddie the Wire books

Vulnerability Databases

• NVD - US National Vulnerability Database
• CERT - US Computer Emergency Readiness Team
• OSVDB - Open Sourced Vulnerability Database
• Bugtraq - Symantec SecurityFocus
• Exploit-DB - Offensive Security Exploit Database
• Fulldisclosure - Full Disclosure Mailing List
• MS Bulletin - Microsoft Security Bulletin
• MS Advisory - Microsoft Security Advisories
• Inj3ct0r - Inj3ct0r Exploit Database
• Packet Storm - Packet Storm Global Security Resource
• SecuriTeam - Securiteam Vulnerability Information
• CXSecurity - CSSecurity Bugtraq List
• Vulnerability Laboratory - Vulnerability Research Laboratory
• ZDI - Zero Day Initiative

Security Courses

• Offensive Security Training - Training from BackTrack/Kali developers
• SANS Security Training - Computer Security Training & Certification
• Open Security Training - Training material for computer security classes
• CTF Field Guide - everything you need to win your next CTF competition
• Cybrary - online IT and Cyber Security training platform

Information Security Conferences

• DEF CON - An annual hacker convention in Las Vegas
• Black Hat - An annual security conference in Las Vegas
• BSides - A framework for organising and holding security conferences
• CCC - An annual meeting of the international hacker scene in Germany
• DerbyCon - An annual hacker conference based in Louisville
• PhreakNIC - A technology conference held annually in middle Tennessee
• ShmooCon - An annual US east coast hacker convention
• CarolinaCon - An infosec conference, held annually in North Carolina
• HOPE - A conference series sponsored by the hacker magazine 2600
• SummerCon - One of the oldest hacker conventions, held during Summer
• Hack.lu - An annual conference held in Luxembourg
• HITB - Deep-knowledge security conference held in Malaysia and The Netherlands
• Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany
• Hack3rCon - An annual US hacker conference
• ThotCon - An annual US hacker conference held in Chicago
• LayerOne - An annual US security conference held every spring in Los Angeles
• DeepSec - Security Conference in Vienna, Austria
• SkyDogCon - A technology conference in Nashville
• SECUINSIDE - Security Conference in Seoul
• DefCamp - Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania
• AppSecUSA - An annual conference organised by OWASP
• BruCON - An annual security conference in Belgium
• Infosecurity Europe - Europe's number one information security event, held in London, UK
• Nullcon - An annual conference in Delhi and Goa, India
• RSA Conference USA - An annual security conference in San Francisco, California, USA
• Swiss Cyber Storm - An annual security conference in Lucerne, Switzerland
• Virus Bulletin Conference - An annual conference going to be held in Denver, USA for 2016
• Ekoparty - Largest Security Conference in Latin America, held annually in Buenos Aires, Argentina
• 44Con - Annual Security Conference held in London
• BalCCon - Balkan Computer Congress, annualy held in Novi Sad, Serbia
• FSec - FSec - Croatian Information Security Gathering in Varaždin, Croatia

Information Security Magazines

• 2600: The Hacker Quarterly - An American publication about technology and computer "underground"
• Phrack Magazine - By far the longest running hacker zine

Awesome Lists

• Kali Linux Tools - List of tools present in Kali Linux
• SecTools - Top 125 Network Security Tools
• C/C++ Programming - One of the main language for open source security tools
• .NET Programming - A software framework for Microsoft Windows platform development
• Shell Scripting - Command-line frameworks, toolkits, guides and gizmos
• Ruby Programming by @dreikanter - The de-facto language for writing exploits
• Ruby Programming by @markets - The de-facto language for writing exploits
• Ruby Programming by @Sdogruyol - The de-facto language for writing exploits
• JavaScript Programming - In-browser development and scripting
• Node.js Programming by @sindresorhus - JavaScript in command-line
• Node.js Programming by @vndmtrx - JavaScript in command-line
• Python tools for penetration testers - Lots of pentesting tools are written in Python
• Python Programming by @svaksha - General Python programming
• Python Programming by @vinta - General Python programming
• Android Security - A collection of android security related resources
• Awesome Awesomness - The List of the Lists
• AppSec - Resources for learning about application security
• CTFs - Capture The Flag frameworks, libraries, etc
• Hacking - Tutorials, tools, and resources
• Honeypots - Honeypots, tools, components, and more
• Infosec - Information security resources for pentesting, forensics, and more
• Malware Analysis - Tools and resources for analysts
• PCAP Tools - Tools for processing network traffic
• Security - Software, libraries, documents, and other resources
• Awesome List - A curated list of awesome lists
• SecLists - Collection of multiple types of lists used during security assessments
• Security Talks - A curated list of security conferences
• OffensiveSecBlog - Tools for Hackers and Pentesters

OffensiveSec 2016

Read More

Remote Vulnerability Testing Framework - Pocsuite

Pocsuite is an open-sourced remote vulnerability testing and PoC development framework developed by the Knownsec Security Team. It serves as the cornerstone of the team.

You can use Pocsuite to verify and exploit vulnerabilities or write PoC/Exp based on it. You can also integrate Pocsuite in your vulnerability testing tool, which provides a standard calling class.

Requirements

• Python 2.6+
• Works on Linux, Windows, Mac OSX, BSD

Functions

Vulnerability Testing Frameworkul_test

Written in Python and supported both validation and exploitation two plugin-invoked modes, Pocsuite could import batch targets from files and test those targets against multiple exploit-plugins in advance.

PoC/Exp Development Kit

Like Metasploit, it is a development kit for pentesters to develope their own exploits. Based on Pocsuite, you can write the most core code of PoC/Exp without caring about the resulting output etc. There are at least several hundred people writing PoC/Exp based on Pocsuite up to date.

 Integratable Module

Users could utilize some auxiliary modules packaged in Pocsuite to extend their exploit functions or integrate Pocsuite to develop other vulnerability assesment tools.

 Integrated ZoomEye And Seebug APIs

Pocsuite is also an extremely useful tool to integrate Seebug and ZoomEye APIs in a collaborative way. Vulnerablity assessment can be done automatically and effectively by searching targets through ZoomEye and acquiring PoC scripts from Seebug or locally.

Installation
The quick way:

$ pip install pocsuite

Or download the latest source zip package and extract

$ wget https://github.com/knownsec/Pocsuite/archive/master.zip
$ unzip master.zip

The latest version of this software is available from: http://pocsuite.org

Documentation
Documentation is available in the english docs / chinese docs directory.

Download Pocsuite

Read More

Vulnerability Scanner - HellRaiser

Install
Install ruby, bundler and rails. https://gorails.com/setup/ubuntu/16.04
Install redis-server and nmap.

sudo apt-get update
sudo apt-get install redis-server nmap

Clone HellRaiser repository, change to hellraiser web app directory and run bundle install.

git clone https://github.com/m0nad/HellRaiser/
cd HellRaiser/hellraiser/
bundle install

Start
Start redis server.

redis-server

Go to the hellraiser web app directory and start sidekiq.

bundle exec sidekiq

Go to the hellraiser web app directory and start rails server.

rails s

Usage
Access http://127.0.0.1:3000

How it works?
HellRaiser scan with nmap then correlates cpe's found with cve-search to enumerate vulnerabilities.

Download HellRaiser

Read More

Efficient And Advanced Man In The Middle Framework - Xerosploit

Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for testing purposes. It brings various modules that allow to realise efficient attacks, and also allows to carry out denial of service attacks and port scanning. Powered by bettercap and nmap .

Dependencies

• nmap
• hping3
• build-essential
• ruby-dev
• libpcap-dev
• libgmp3-dev
• tabulate
• terminaltables

Instalation
Dependencies will be automatically installed.

git clone https://github.com/LionSec/xerosploit
cd xerosploit && sudo python install.py
sudo xerosploit

Tested on

Operative system	Version
Ubuntu	16.10 / 15.10
Kali linux	Rolling / Sana
Parrot OS	3.1

Features

• Port scanning
• Network mapping
• Dos attack
• Html code injection
• Javascript code injection
• Download intercaption and replacement
• Sniffing
• Dns spoofing
• Background audio reproduction
• Images replacement
• Drifnet
• Webpage defacement and more ...

Contact

• Website : http://lionsec.net
• Youtube : https://youtube.com/inf98es
• Facebook : https://facebook.com/in98
• Twitter: @LionSec1
• Email : ledonman@gmail.com

Download xerosploit

Read More

Network Protocol Analyzer - Wireshark 2.0.5

If you've ever wondered just how your network is being used, Wireshark may be the tool you have been looking for. Network analysers are nothing new, but they have a tendency to be impenetrable programs reliant on command line operations and provide information in a text based form which can be difficult to interpret. Wireshark boasts a graphical front end which makes it easy to analyse all traffic which travels over a network using a variety of protocols.

Data packets can be captured from both wired and wireless network and this information can be viewed live as it is captured or analysed at a later date. The wealth of information that the program can reveal about network usage is staggering, and support for plugins means that the tool can be extended to add new protocols and features further down the line. Wireshark is available for Windows, Linux and Mac, making it ideal for mixed platform networks .

As well as working with data that has been captured directly through Wireshark itself, it is also possible to analyse data that has been captured with the likes of Aircrack, tcpdump and CA NetMaster. Easy to configure colouring and filtering makes it simple to make sense of complex data, and while this is not a tool for the average home user, it remain powerful yet approachable.

OffSec

Download Wireshark

Read More

Easy Tool For Generate Backdoor with Msfvenom - TheFatRat

Easy tool for generate backdoor with msfvenom ( part of metasploit framework ) and program compiles a C program with a meterpreter reverse_tcp payload In it that can then be executed on a windows host Program to create a C program after it is compiled that will bypass most AV.

Automating metasploit functions

• Checks for metasploit service and starts if not present
• Easily craft meterpreter reverse_tcp payloads for Windows, Linux, Android and Mac and another
• Start multiple meterpreter reverse_tcp listners
• Fast Search in searchsploit
• Bypass AV
• Drop into Msfconsole
• Some other fun stuff :)

Getting Started

git clone https://github.com/Screetsec/TheFatRat.git
cd Fatrat    

How it works

• Extract The lalin-master to your home or another folder
• chmod +x fatrat
• chmod +x powerfull.sh
• And run the tools ( ./fatrat )
• Easy to Use just input your number

❗ Requirements

• A linux operating system. We recommend Kali Linux 2 or Kali 2016.1 rolling / Cyborg / Parrot / Dracos / BackTrack / Backbox / and another operating system ( linux )
  
• Must install metasploit framework
  
• required gcc program , i586-mingw32msvc-gcc or i686-w64-mingw32-gcc ( apt-get install mingw32 ) for fix error
  

Screenshots

Credits

• Thanks to allah and Screetsec [ Edo -maland- ]
• Offensive Security for the awesome OS ( http://www.offensive-security.com/ )
• http://www.kali.org/ "
  
• Jack Wilder admin in http://www.linuxsec.org
• And another open sources tool in github
• Uptodate new tools hacking visit http://www.kitploit.com

Disclaimer
Note: modifications, changes, or alterations to this sourcecode is acceptable, however,any public releases utilizing this code must be approved by writen this tool ( Edo -m- ).

Download TheFatRat

Read More

Penetration Testing Operating system based on Ubuntu - LionSec Linux 5.0

LionSec Linux 5.0 is a Ubuntu based penetration testing distribution . It was built in order to perform Computer Forensics , Penetration Tests , Wireless Analysis . With the "Anonymous Mode" , you can browse the internet or send packets anonymously . There are lots of inbuilt tools like netool ,websploit , burpsuite , web analysis tools , social engineering tools and other pentesting tools . .

Minimum System Requirements

• 1.7 GHz processor (for example Intel Celeron) or better.
• 2.0 GB RAM (system memory).
• 8 GB of free hard drive space for installation.
• Either a CD/DVD drive or a USB port for the installer media.
• Internet access is helpful (for installing updates during the installation process).

If you have an old machine, you may consider other alternative like LionSec Linux 3.1

 LionSec Linux 5.0 Teaser

Screenshots

Download LionSec Linux 5.0

Read More

Pentest Security OS - ParrotOS 3.7

Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, privacy/anonimity and cryptography. Based on Debian and developed by Frozenbox network.

Who can use it

Parrot is designed for everyone, from the Pro pentester to the newbie, because it provides the most professional tools combined in a easy to use, fast and lightweight pentesting environment, and it can be used also for an everyday use.

Features:

System Specs

• Debian jessie core
• Custom hardened linux 4.5 kernel
• Rolling release upgrade line
• MATE desktop environment
• Lightdm Dislpay Manager
• Custom themes, icons and wallpapers

Cloud

• Parrot Server Edition
• Parrot Cloud Controller
• Parrot VPS Service
• Custom installation script for Debian VPS

Digital Forensic

• "Forensic" boot option to avoid boot automounts
• Most famous Digital Forensic tools and frameworks out of the box
• Reliable acquisition and imaging tools
• Top class analysis softwares
• Evidence management and reporting tools
• Disabled automount
• Software blockdev write protection system

Cryptography

• Custom Anti Forensic tools
• Custom interfaces for GPG
• Custom interfaces for cryptsetup
• Support for LUKS, Truecrypt and VeraCrypt
• NUKE patch for cryptsetup LUKS disks
• Encrypted system installation

Anonymity

• AnonSurf
• Entire system anonymization
• TOR and I2P out of the box
• DNS requests anonymization
• "Change Identity" function for AnonSurf
• BleachBit system cleaner
• NoScript plugin
• UserAgentOverrider plugin
• Browser profile manager
• RAM-only browser profile
• Pandora's Box - RAM cleaner
• Hardened system behaviour

Programming

• FALCON Programming Language (1.0)
• System editor tuned for programming
• Many compilers and debuggers available
• Reverse Engineering Tools
• Programming Template Files
• Pre-installed most-used libs
• Full Qt5 development framework
• Full .net/mono development framework
• Development frameworks for embedded devices

Download Parrot Security OS 3.7

Read More

Post-Exploitation Powershell Tool for Extracting Juicy info from Memory - Mimikittenz

mimikittenz is a post-exploitation powershell tool that utilizes the Windows function ReadProcessMemory() in order to extract plain-text passwords from various target processes.

mimikittenz can also easily extract other kinds of juicy info from target processes using regex patterns including but not limited to:

• TRACK2 (CreditCard) data from merchant/POS processes
• PII data
• Encryption Keys & All the other goodstuff

note : This tool is targeting running process memory address space, once a process is killed it's memory 'should' be cleaned up and inaccessible however there are some edge cases in which this does not happen.

Description

The aim of mimikittenz is to provide user-level (non-admin privileged) sensitive data extraction in order to maximise post exploitation efforts and increase value of information gathered per target.

Currently mimikittenz is able to extract the following credentials from memory:

Webmail

• Gmail
• Office365
• Outlook Web

Accounting

• Xero
• MYOB

Remote Access

• Juniper SSL-VPN
• Citrix NetScaler
• Remote Desktop Web Access 2012

Developement

• Jira
• Github
• Bugzilla
• Zendesk
• Cpanel

IHateReverseEngineers

• Malwr
• VirusTotal
• AnubisLabs

Misc

• Dropbox
• Microsoft Onedrive
• AWS Web Services
• Slack
• Twitter
• Facebook

Customization

• Custom regex - The syntax for adding custom regex is as follows:

    [mimikittenz.MemProcInspector]::AddRegex("<NameOfTarget>","<regex_here>")   

• Custom target process - Just append your target proccess name into the array:

    $matches=[mimikittenz.MemProcInspector]::InspectManyProcs("iexplore","chrome","firefox")   

Download Mimikittenz

Read More

Deepmagic Information Gathering Tool - DMitry

DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU) Linux Command Line Application coded in C language.

DMitry has the ability to gather as much information as possible about a host. Base functionality is able to gather possible subdomains, email addresses, uptime information, tcp port scan, whois lookups, and more. The information are gathered with following methods:

• Perform an Internet Number whois lookup.
• Retrieve possible uptime data, system and server data.
• Perform a SubDomain search on a target host.
• Perform an E-Mail address search on a target host.
• Perform a TCP Portscan on the host target.
• A Modular program allowing user specified modules

Download and installation

DMitry can be downloaded by issuing following commands:

$ cd /data/src/
$ wget http://mor-pah.net/code/DMitry-1.3a.tar.gz

For installation, issue following commands:

$ tar xzvf DMitry-1.3a.tar.gz
$ cd DMitry-1.3a/
$ ./configure
$ make
$ sudo make install

Then optionally create a symbolic link to your /pentest/ directory:

$ mkdir -p /pentest/enumeration/dmitry/
$ ln -s /usr/local/bin/dmitry /pentest/enumeration/dmitry/dmitry

Use

help
DMitry help can be displayed by issuing:

$ dmitry --help

Download DMitry

Read More

Reverse engineering, Malware analysis of Android applications - Androguard

Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !)

Features
Androguard is a full python tool to play with Android files.

•  Map and manipulate DEX/ODEX/APK/AXML/ARSC format into full Python objects, 
•  Diassemble/Decompilation/Modification of DEX/ODEX/APK format, 
•  Decompilation with the first native (directly from dalvik bytecodes to java source codes) dalvik decompiler (DAD), 
•  Access to the static analysis of the code (basic blocks, instructions, permissions (with database from http://www.android-permissions.org/) ...) and create your own static analysis tool, 
•  Analysis a bunch of android apps, 
•  Analysis with ipython/Sublime Text Editor, 
•  Diffing of android applications, 
•  Measure the efficiency of obfuscators (proguard, ...), 
•  Determine if your application has been pirated (plagiarism/similarities/rip-off indicator), 
•  Check if an android application is present in a database (malwares, goodwares ?), 
•  Open source database of android malware (this opensource database is done on my free time, of course my free time is limited, so if you want to help, you are welcome !), 
•  Detection of ad/open source librairies (WIP), 
•  Risk indicator of malicious application, 
•  Reverse engineering of applications (goodwares, malwares), 
•  Transform Android's binary xml (like AndroidManifest.xml) into classic xml, 
•  Visualize your application with gephi (gexf format), or with cytoscape (xgmml format), or PNG/DOT output, 
•  Integration with external decompilers (JAD+dex2jar/DED/fernflower/jd-gui...) 

1. ScreenShots

Download Stable Release

Read More

A DNS Reconnaissance Tool for Locating Non-Contiguous IP Space - Fierce

First, credit where credit is due, fierce was originally written by RSnake along with others at http://ha.ckers.org/ . This is simply a conversion to Python 3 to simplify and modernize the codebase.

The original description was very apt, so I'll include it here:

Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains. It's really meant as a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all of those require that you already know what IP space you are looking for. This does not perform exploitation and does not scan the whole internet indiscriminately. It is meant specifically to locate likely targets both inside and outside a corporate network. Because it uses DNS primarily you will often find mis-configured networks that leak internal address space. That's especially useful in targeted malware.

Installing

$ pip3 install fierce
$ fierce -h

OR

$ git clone https://github.com/mschwager/fierce.git
$ cd fierce
$ pip3 install -r requirements.txt
$ python3 fierce.py -h

Using
Let's start with something basic:

$ fierce --domain google.com --subdomains accounts admin ads

Traverse IPs near discovered domains to search for contiguous blocks with the --traverse flag:

$ fierce --domain facebook.com --subdomains admin --traverse 10

Limit nearby IP traversal to certain domains with the --search flag:

$ fierce --domain facebook.com --subdomains admin --search fb.com fb.net

Attempt an HTTP connection on domains discovered with the --connect flag:

$ fierce --domain stackoverflow.com --subdomains mail --connect

Exchange speed for breadth with the --wide flag, which looks for nearby domains on all IPs of the /24 of a discovered domain:

$ fierce --domain facebook.com --wide

Zone transfers are rare these days, but they give us the keys to the DNS castle. zonetransfer.me is a very useful service for testing for and learning about zone transfers:

$ fierce --domain zonetransfer.me

To save the results to a file for later use we can simply redirect output:

$ fierce --domain zonetransfer.me > output.txt

Internal networks will often have large blocks of contiguous IP space assigned. We can scan those as well:

$ fierce --dns-servers 10.0.0.1 --range 10.0.0.0/24

Check out --help for further information:

$ fierce --help

Download Fierce

Read More