Open-Source Phishing Toolkit - Gophish

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training.

One-Click Installation

Download and Extract the ZIP - Gophish binaries are provided for most platforms

Run the Binary Gophish is a standalone, portable binary with static assets.

That's It. - Gophish is now available on http://localhost:3333. Login with admin:gophish

Point-and-Click Phishing

Beautiful Web UI A full web UI makes creating simulated phishing campaigns easy.

Pixel-Perfect Phishing Create pixel-perfect emails and landing pages from scratch or by importing them directly into gophish.

Automate Phishing Campaigns

RESTful API - Gophish is built from the ground-up with a fully-featured JSON API.

Automated Training Use your favorite language or API utility to manage every aspect of your phishing training automatically.

Download Gophish

Read More

Black Box vBulletin Vulnerability Scanner - VBScan 0.1.4

VBScan is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them.

Why VBScan ?

If you want to do a penetration test on a vBulletin Forum, VBScan is Your best shot ever! This Project is being faster than ever and updated with the latest VBulletin vulnerabilities.

• Project Leader : Mohammad Reza Espargham
• Github : https://github.com/rezasp/vbscan/
• SourceForge : https://sourceforge.net/projects/vbscan/

usage :

./vbscan.pl <target>
./vbscan.pl http://target.com/vbulletin

VBScan 0.1.4 [Dennis Ritchie]

• Changed vulnerability scanner engine
• Changed default specified timeout to 180 seconds
• Added VBulletin 5.x RCE Exploit
• Added txt report output
• Fixed YUI 2.9.0 XSS false positive
• Fixed reported bugs

Download VBScan

Read More

Mac OSX Arp Spoof (MITM) Tool - Arpy

Arpy is an easy-to-use ARP spoofing MiTM tool for Mac. It provides 3 targeted functions:

• Packet Sniffing
• Visited Domains
• Visited Domains with Gource

Each function will be explained below.

Tested OS (to date)

• Darwin 14.3.0 Darwin Kernel Version 14.3.0 (Mac OS X)

Requirements

• Python 2.7
• Gource
• Scapy

Installation

Gource

brew install gource

Scapy

pip install scapy

Sample Commands

ivanvza:~/ > sudo arpy
     _____
    |  _  |___ ___ _ _
    |     |  _| . | | |
    |__|__|_| |  _|_  |
    MiTM Tool |_| |___|
    v3.15 -@viljoenivan

Usage: arpy -t <Target IP> -g <Gateway IP> -i <Interface>

ARP MiTM Tool

Options:
  -h, --help            show this help message and exit
  -t TARGET, --target=TARGET
                        The Target IP
  -g GATEWAY, --gateway=GATEWAY
                        The Gateway
  -i INTERFACE, --interface=INTERFACE
                        Interface to use
  --tcp                 Filters out only tcp traffic
  --udp                 Filters out only udp traffic
  -d D_PORT, --destination_port=D_PORT
                        Filter for a destination port
  -s S_PORT, --source_port=S_PORT
                        Filter for a source port
  --sniff               Sniff all passing data
  --sniff-dns           Sniff only searched domains
  --sniff-dns-gource    Output target's DNS searches in gource format
  -v                    Verbose scapy packet print

Packet Sniff

This is the packet sniffer, it allows you to see your target's traffic.

ivanvza:~/ > sudo arpy -t 192.168.1.3 -g 192.161.1.1 -i en0 --sniff
     _____
    |  _  |___ ___ _ _
    |     |  _| . | | |
    |__|__|_| |  _|_  |
    MiTM Tool |_| |___|
    v3.15 -@viljoenivan


  [Info] Starting Sniffer...

[Info] Enabling IP Forwarding...
[Info] Filter: ((src host 192.168.1.3 or dst host 192.168.1.3))

[Info] Found the following (IP layer): 192.168.1.3 -> 46.101.34.90
GET / HTTP/1.1
User-Agent: curl/7.37.1
Host: ivanvza.ninja
Accept: */*



[Info] Found the following (IP layer): 46.101.34.90 -> 192.168.1.3
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: text/html
Accept-Ranges: bytes
ETag: "2719538271"
Last-Modified: Thu, 30 Apr 2015 08:25:15 GMT
Content-Length: 3213
Date: Fri, 29 May 2015 20:15:06 GMT
Server: Microsoft IIS

<html>
     <title>><></title>
    <body>
        <pre style="line-height: 1.25; white-space: pre;">
        \          SORRY            /
         \                         /
          \    This page does     /
           ]   not exist yet.    [    ,'|
           ]                     [   /  |
           ]___               ___[ ,'   |
           ]  ]\             /[  [ |:   |
           ]  ] \           / [  [ |:   |
           ]  ]  ]         [  [  [ |:   |
           ]  ]  ]__     __[  [  [ |:   |
           ]  ]  ] ]\ _ /[ [  [  [ |:   |
           ]  ]  ] ] (#) [ [  [  [ :===='
           ]  ]  ]_].nHn.[_[  [  [
           ]  ]  ]  HHHHH. [  [  [
           ]  ] /   `HH("N  \ [  [
           ]__]/     HHH  "  \[__[
           ]         NNN         [
           ]         N/"         [
           ]         N H         [
          /          N            \
         /           q,            \
        /                           \
        </pre>
        <h3 id="list"><h3>
    </body>
<script>

// NOTE: window.RTCPeerConnection is "not a constructor" in FF22/23
var RTCPeerConnection = /*window.RTCPeerConnection ||

DNS Sniff

This function allows you to see domain names that your target is currently requesting.

ivanvza:~/ > sudo arpy -t 192.168.1.4 -g 192.168.1.1 -i en0 --sniff-dns
     _____
    |  _  |___ ___ _ _
    |     |  _| . | | |
    |__|__|_| |  _|_  |
    MiTM Tool |_| |___|
         - @viljoenivan


  [Info] Starting DNS Sniffer...

[Info] Enabling IP Forwarding...
[Info] Done...
Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: www.youtube.com.
Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: s2.googleusercontent.com.
Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: google.com.
Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: s.ytimg.com.
Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: fonts.gstatic.com.
Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: yt3.ggpht.com.
Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: i.ytimg.com.
Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: safebrowsing.google.com.
Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: safebrowsing-cache.google.com.
Target: 192.168.1.4 -> (192.168.1.1/DNS server) has searched for: safebrowsing-cache.google.com.

DNS Sniff With Gource

This function is more or less the same as the above, however it provides the functionality to pass it through Gource to get a live feed of what your target is viewing.

ivanvza:~/ > sudo arpy -t 192.168.1.3 -g 192.161.1.1 -i en0 --sniff-dns-gource
[INFO] For a live gource feed run this command in parallel with this one:

tail -f /tmp/36847parsed_nmap | tee /dev/stderr | gource -log-format custom -a 1 --file-idle-time 0 -

[Info] Filter: ((src host 192.168.1.3 or dst host 192.168.1.3) and dst port 53)

Download Arpy

Read More

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis - AndroL4b

AndroL4b is an android security virtual machine based on ubuntu Mate includes the collection of latest framework, tutorials and labs from different security geeks and researcher for reverse engineering and malware analysis.

Tools

• APKStudio Cross-platform Qt5 based IDE for reverse-engineering android applications
• ByteCodeViewer Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger)
• Lobotomy Android Reverse Engineering Framework & Toolkit (Static and Dynamic Analysis)
• Mobile Security Framework (MobSF)(Android/iOS) Automated Pentesting Framework (Just Static Analysis in this VM)
• DroidBoxDynamic Analysis of Android Applications
• Dorzer Security Assessment Framework for Android Applications
• APKtool Reverse Engineering Android Apks
• AndroidStudio IDE For Android Application Development
• ClassyShark Android executable browser
• BurpSuite Assessing Application Security
• Wireshark Network Protocol Analyzer
• Smartphone Pentest Framework (SPF)
• Metasploit

Download AndroL4b

Read More

Bugtraq-II Beta

Bugtraq is a distribution based on GNU/Linux aimed at digital forensics, penetration testing, Malware Laboratories, and GSM Forensics. The current version is ‘BlackWidow‘  based on Ubuntu 12.04 (precise), Debian 7 (Wheezy) and OpenSuse.





Bugtraq is the most comprehensive distribution, optimal, and stable with automated services manager in real time. This distribution has a huge range of penetration, forensic and laboratory tools. Available with XFCE, Gnome and KDE based on Ubuntu, Debian and OpenSuse.

Bugtraq packs a considerable arsenal of pentesting tools including mobile forensic tools, malware testing laboratories and tools specifically designed by the Bugtraq-Community. Such additonal tools include: audit tools for GSM, wireless, bluetooth and RFID, integrated Windows tools, tools focused on ipv6, and typical pentesting and forensics tools that should not miss in Bugtraq-II.

Download Bugtraq-II 

Read More

The Documentary Zero days – Security leaks for sale

VPRO International created a interesting documentary on Zero Day exploits. There is a lot of Blackhat / Defcon footage for those waiting for this years conference T minus two weeks from now. The video can be found below. It is work the watch. Enjoy

By Offensive Sec

Read More

Cyber Attack Management Tool - Armitage

Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don’t use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you.

Cyber Attack Management Tool

Features

Armitage is a scriptable red team collaboration tool built on top of the Metasploit Framework. Through Armitage, you may launch scans and exploits, get exploit recommendations, and use the advanced features of the Metasploit Framework’s meterpreter. Armitage was originally made for Cyber Defense Exercises, but a lot of penetration testers use Armitage for its collaboration capabilities and its time-saving GUI.

ºCortana Scripting.
ºDynamic Workspaces.
ºGraphical User Interface.
º“Hail Mary” Attack.
ºRed Team Collaboration.


At first glance, it may seem that Armitage is just a pretty front-end on top of Metasploit. That’s not quite true. Armitage is a scriptable red team collaboration tool. It has a server component to allow a team of hackers to share their accesses to compromised hosts.

It’s also possible to write bots that connect to this team server and extend Armitage with scripts written in a language called Cortana. This Cortana piece was funded by DARPA’s Cyber Fast Track program. There’s a lot here.

Installing

Your version of Kali Linux may not include Armitage. To install it, type:

apt-get install armitage

Next, you need to start the Metasploit service. Armitage does not use the Metasploit service, but starting it once will setup a database.yml file for your system. This is a necessary step. You only need to do this once:

service metasploit start
service metasploit stop

Starting

Before you can use Armitage, you must start the postgresql database. This does not happen on boot, so you must run this command each time you restart Kali:

service postgresql start

To start Armitage in Kali Linux, open a terminal and type:

armitage

Armitage will immediately pop up a dialog and ask where you would like to connect to. These parameters only matter if you want to connect to an Armitage team server. Since we’re getting started, we don’t care.  Just press Connect.

Next, Armitage will try to connect to the Metasploit Framework. Big surprise, the Metasploit Framework is not running. Armitage will realize this and it will ask you if you would like it to start Metasploit for you. The correct answer is Yes. Press this button and wait.

You will see connection refused messages for up to a few minutes. If this is your first time starting the Metasploit Framework, this may take literally a few minutes. The Metasploit Framework is the largest Ruby codebase out there and it takes time to load all of its modules for the first time. Be patient.

If all went well, you will see a GUI that looks like this:

You’re now ready to use Armitage.

MANUEL

Download Armitage

Read More

Multithreaded Admin Panel Finder - Adminator

Adminator is the fastest multithreaded Admin panel finder tool. it has many other features : whois , portscanner , intelligence gatherer , HTTP fuzzer.

Multithreaded Admin Panel Finder

ºwhoisip => Finding Whois information about the IP hosting the website
ºwhoisdomain => Fetching Domain Whois information
ºportscanner => Finding Important open ports
ºintelligence => Getting Intelligence data from a website(HTTP server,Software,Last update)
ºsubdomain => Multithreaded Subdomain Finder using a wordlist
ºadmin => Multithreaded Admin Finder using a wordlist
ºfuzzer => HTTP Fuzzer to Fuzz HTTP servers
ºusage => prints this help section

Download  Adminator

Read More

Anonymous Twitter - AnonTwi

AnonTwi is a free software python client designed to navigate anonymously on social networks. It supports Identi.ca and Twitter.com. It can leverages proxying, randomization of header values, send fake geolocation data, and more.





Anonymous Twitter

AnonTwi supports:

ºAES + HMAC-SHA1 encryption on Tweets and Direct Messages –> [More Info]
ºSecure Sockets Layer (SSL) to interact with API Anonymous Twitter: AnonTwi
ºProxy Socks (for example, to connect to the TOR network)
ºRandom HTTP header values
ºSend long messages splitted automatically
ºAutomatic decryption of tweet’s urls or raw inputs
ºBackup messages to your disk (max: 3200)
ºSend fake geolocation places
ºRemove data and close account (suicide)
ºView global Trending Topics
ºUTF-8 + Unicode support (chinese, arabic, symbols, etc)
ºMultiplatform: GNU/Linux, MacOS, Win32
ºDetailed colourful output results
ºGenerate tools and modules
ºGTK + WebGUI interfaces
ºAn IRC bot slave

Download AnonTwi

Read More

Audit SIP Based VoIP Systems - SIPVicious

SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems.

Audit SIP Based VoIP Systems

ºsvmap – this is a sip scanner. Lists SIP devices found on an IP range
ºsvwar – identifies active extensions on a PBX
ºsvcrack – an online password cracker for SIP PBX
ºsvreport – manages sessions and exports reports to various formats
ºsvcrash – attempts to stop unauthorized svwar and svcrack scans

The idea behind the tools is to aid administrators and security folks make informed decisions when evaluating the security of their SIP-based servers and devices. The tools are intended to be used for educational and demonstrational purposes. We advise people to request permission before making use of the tool suite against any network. Just like a knife, it can be used for good and bad. We hope that SIPVicious tool suite proves to be a very sharp one.

Download SIPVicious

Read More

Pen Test Drop Box Distro - PwnPI

Pen Test Drop Box Distro

PwnPi is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 200+ network security tools pre-installed to aid the penetration tester. It is built a stripped down version of the Debian Wheezy image from the Raspberry Pi foundation’s website and uses Openbox as the window manager. PwnPi can be easily setup to send reverse connections from inside a target network by editing a simple configuration file.

Download  PwnPI

Read More

Android Application Analysis - Androguard

Androguard is mainly a tool written in python to play with :

ºDex/Odex (Dalvik virtual machine) (.dex) (disassemble, decompilation),
ºAPK (Android application) (.apk),
ºAndroid’s binary xml (.xml),
ºAndroid Resources (.arsc).

Android Application Analysis

Features:

ºMap and manipulate DEX/ODEX/APK/AXML/ARSC format into full Python objects,
ºDiassemble/Decompilation/Modification of DEX/ODEX/APK format,
ºDecompilation with the first native (directly from dalvik bytecodes to java source codes) dalvik decompiler (DAD),
ºAccess to the static analysis of the code (basic blocks, instructions, permissions (with database from http://www.android-permissions.org/) …) and create your own static analysis tool,
ºAnalysis a bunch of android apps,
ºAnalysis with ipython/Sublime Text Editor,
ºDiffing of android applications,
ºMeasure the efficiency of obfuscators (proguard, …),
ºDetermine if your application has been pirated (plagiarism/similarities/rip-off indicator),
ºCheck if an android application is present in a database (malwares, goodwares ?),
ºOpen source database of android malware (this opensource database is done on my free time, of course my free time is limited, so if you want to help, you are welcome !),
ºDetection of ad/open source librairies (WIP),
ºRisk indicator of malicious application,
ºReverse engineering of applications (goodwares, malwares),
ºTransform Android’s binary xml (like AndroidManifest.xml) into classic xml,
ºVisualize your application with gephi (gexf format), or with cytoscape (xgmml format), or ºPNG/DOT output,
ºIntegration with external decompilers (JAD+dex2jar/DED/…)

Download Androguard

Read More