Recon-ng : Web Reconnaisance framework for Penetration testers

Recon-ng is a full-featured Web Reconnaissance framework written in Python. Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework.

Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.

If you want to exploit, use the Metasploit Framework. If you want to Social Engineer, us the Social Engineer Toolkit. If you want to conduct reconnaissance, use Recon-ng!

How to use ? Complete Guide is available here

Recon-ng repository

git clone https://LaNMaSteR53@bitbucket.org/LaNMaSteR53/recon-ng.git

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

ExploitShield Browser Edition - Forget about browser vulnerabilities

ExploitShield Browser Edition protects against all known and unknown 0-day day vulnerability exploits, protecting users where traditional antivirus and security products fail. It consists of an innovative patent-pending vulnerability-agnostic application shielding technology that prevents malicious vulnerability exploits from compromising computers.

Includes "shields" for all major browsers (IE, Firefox, Chrome, Opera) and browser all components such as Java, Adobe Reader, Flash, Shockwave. Blocks all exploit kits such as Blackhole, Sakura, Phoenix, Incognito without requiring any signature updates.

No need to train or configure, ExploitShield is 100% install-and-forget anti-exploit solution. Read more: ExploitShield Browser Edition. The ZeroVulnerabilityLabs website maintains a realtime list of detected threats and their VirusTotal results.

Download

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

BeEF 0.4.3.8 - Browser Exploitation Framework

The Browser Exploitation Framework (BeEF) is a powerful professional security tool. It is a penetration testing tool that focuses on the web browser. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. 

Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing.

BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors.

Download BeEF 0.4.3.8

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Grinder Version 0.3 released

Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes. Grinder Nodes provide an automated way to fuzz a browser, and generate useful crash information (such as call stacks with symbol information as well as logging information which can be used to generate reproducible test cases at a later stage).

A Grinder Server provides a central location to collate crashes and, through a web interface, allows multiple users to login and manage all the crashes being generated by all of the Grinder Nodes.

Changelog Version 0.3 2012

Server

• Added a Fuzzer tab to allow users to view statistics (bar charts) about the fuzzers that have been run in the system. You can also drill down in to individual fuzzers to view what targets they are generating crashes on. Added bar chart support via jqPlot.
• Added a Settings tab. Moved the user account management features from the System tab into this new Settings tab.

Node

• Add in initial work for automated testcase reduction via .\node\reduction.rb
• Added IE10 support (As seen in Windows 8 Consumer Preview) (grinder\node\browser\internetexplorer.rb).
• Added a --fuzzer parameter to grinder.rb. When bringing up a node you can now specify a single fuzzer to load instead of loading all the fuzzers in the nodes fuzzer directory. Usefull for testing a specific fuzzer (e.g. >ruby grinder.rb --fuzzer=DOMBlaster2000 FF)
• Added a --help and --version parameter to grinder.rb and testcase.rb.
• grinder_logger.dll is now thread safe and can handle log messages of an arbitrary size.
• Changed the server.rb 301 reditect to a 307 temporary redirect.
• Many small bug fixes!

Download Grinder Version 0.3

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

winAUTOPWN v3.2 Released

A new version of winAUTOPWN v3.2 announced. winAUTOPWN is a Interactive Frameworks which act as a frontend for quick systems vulnerability exploitation. It takes inputs like IP address, Hostname, CMS Path, etc. and does a smart multi-threaded port scan for TCP ports 1 to 65535. Exploits capable of giving Remote Shells, which are released publicly over the Internet by active contributors and exploit writers are constantly added to winAUTOPWN/bsdAUTOPWN.

WINAUTOPWN requires PERL,PHP,PYTHON,RUBY and its dependencies along with a few others too for smooth working of exploits included in it.

Download

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Rapid7 Tool Checks for MySQL Auth Bypass Vulnerability

Rapid7 has released a tool to scan an unlimited number of IP addresses for the MySQL Authentication Bypass vulnerability.  Tt's simple to use, completely free, and scans unlimited IPs for this vulnerability!

Recently, vulnerability listed as CVE-2012-2122. This vulnerability allows an attacker to bypass authentication in MySQL with a 1 in 256 chance of succeeding per login attempt.

Exploit for this vulnerability was released on Tools Yard before. Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23 are vulnerable to this bug.

According to HD Moore, “1.5 million allowed authentication, but a much smaller portion were found vulnerable to this flaw. Of the ~35k Ubuntu servers found, only about ~8000 were likely to be exploitable.”

The tool released today will allow IT teams a quick and easy check to determine if their MySQL deployments are vulnerable or not.

The ScanNow tool is free, and can be downloaded here.

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Social Engineer Toolkit 4.0 Released

Social Engineer Toolkit or SET updated to V4.0 . The latest version code named is “Balls of Steel.” The Social Engineering Toolkit (SET) is an open source, python-driven, social-engineering penetration testing framework of custom tools which solely focuses on attacking the human element of penetration testing.

It was designed in order to arm penetration testers and security researchers with the ability to effectively test heavily advanced social-engineering attacks armed with logical methods. The Social Engineer Toolkit leverages multiple attack vectors that take advantage of the human element of security in an effort to target attackers.

In New version the Java Applet attack has been completely rewritten and obfuscated with added evasion techniques. Additionally, all of the payloads have been heavily encrypted with a number of heavy anti-debugging tools.

The powershell attack vectors now support customized payload selection through the config/set_config. A new attack vector has been added called the Dell DRAC Attack Vector (default credential finder).

.

Download Social Engineer Toolkit 4.0:
svn co http://svn.trustedsec.com/social_engineering_toolkit set/

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

U3-Pwn : Sandisk Executable Injection Tool

U3-Pwn is a apparatus designed to automate injecting executables to Sandisk intelligent usb inclination with default U3 program install. This is achieved by stealing a strange iso record from a device and formulating a new iso with autorun features.

Requirements to Run U3-Pwn

1. Metasploit
2. U3-Tool
3. Python-2.6

DOWNLOAD U3-Pwn

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Zemra Botnet Download

Zemra first appeared on underground forums in May 2012. This crimeware pack is similar to other crime packs, such as Zeus and SpyEye, in that is has a command-and-control panel hosted on a remote server.

Zemra uses a simple panel with an overview of all statistics is needed.With the help of two graphs can be seen operating machinery and the region location.In addition, statistics on online and for more information. You have a chance to see everything online Socks5 and export them to the list.Traffic is encrypted and protected using the algorithm AES, each client communicates with a unique generated key.

A brief functional:
• Intuitive control panel
• DDos (HTTP / SYN Flood / UDP)
• Loader (Load and run).
• Cheat visits (visits to the page views).
• USB Spread (spread through flash drives)
• Socks5 (picks up socks proxy on the infected machine)
• Update (Updates the bot)
• [color = red] The process can not be completed because the He is critical.
• 256 Bit AES encryption of traffic from the bot to the server
• Anti-Debugger
• There is a choice of a particular country bots perform the job

Two types of DDoS attacks that have been implemented into this bot: HTTP flood and SYN flood.

Download ZEMRA BOTNET

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Metasploit payload Debian (.deb) package trojan Generator Script

This bash script is to generate a Debian (.deb) package trojan using Metasploit payload developed by Aaron Hine. Metasploit Payload is to send a request back to the BackTrack server running a Metasploit listener. This video demonstrates the script:

Download Script - 1

There is Another Script developed by Travis Phillips to create msfpayload & msfencode metasploit payload trojans. The following script coded to simplify the ease of use for using msfpayload and msfencode to create a windows based trojan and set up the listener.

The script will do the following:

• Determine your IP address automatically for the LHOST of the payload.
• Ask if you want a shell or meterpreter
• Ask if you want it reverse connection or Bind port TCP
• Request the Port number.
• at that point it will create two files
• trojan.exe - your virus payload
• msf_Trojan_Listener - a file with a one liner to create the metasploit listener that works with your payload.
• Next it will start msfcli to create a listener.

Download Script - 2

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

CVE-2012-2122 : Mysql Authentication Bypass Exploit

A serious security bug in MariaDB and MySQL Disclosed, According to Advisory All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable. This issue got assigned an id CVE-2012-2122. You can Read More Details Here.

Mysql_hashdump module from Metasploit uses a known username and password to access the master user table of a MySQL server and dump it into a locally-stored "loot" file. This can be easily cracked using a tool like John the Ripper, providing clear-text passwords that may provide further access.

Jonathan Cran (CTO of Pwnie Express and Metasploit contributor) committed a threaded brute-force module that abuses the authentication bypass flaw to automatically dump the password database. This ensures that even if the authentication bypass vulnerability is fixed, you should still be able to access the database using the cracked password hashes. A quick demonstration of this module is shown below using the latest Metasploit Framework GIT/SVN snapshot.

Download Exploit

Another Easy python script to gain root access to MySQL released by Dave (ReL1K) Kennedy's on his blog.

#!/usr/bin/python

import subprocess

while 1:

subprocess.Popen("mysql -u root mysql --password=blah", shell=True).wait()

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

SMB checker and Remote Code Execution Vulnerability Exploiter Script

The vulnerability 'MS08-067' is a flaw in the Windows Server Service that when a specially crafted RPC request was sent could allow remote code executions.This vulnerability affected Windows 2000, XP, Server 2003, Vista, and server 2008 and has been assigned CVE-2008-4250.

There is a Python Script developed by Ahmed shawky aka lnxg33k, which will automatically scan for SMB Port and Will also Exploit 'MS08-067' Flaw using Metasploit. The Script will Exploit the target for you. You can download the code :

Download Script

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Nessus 5.0.1 - Vulnerability scanner

The Nessus vulnerability scanner is the world-leader in active scanners, featuring high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus is the world’s most widely-deployed vulnerability and configuration assessment product

Official change log for Nessus 5.0.1:

• Resolved an issue whereas packet forgery was not working on some Windows setups
• Improved the Windows installer which would fail on some setups
• Fixed several thread synchronization issues leading to a crash in certain situations
• Imported v1 reports are more legible
• Nessus can now read a 64-bit database on a 32-bit system and vice-versa
• Identified and resolved a minor memory leak issue occurring on all platforms
• Scanning with a SSL certificate defined in the policy would sometimes cause a scanner crash
• Workaround for CVE-2011-3389
• Worked around a possible incompatibility with the Fedora 16 / Debian 6 memory allocator
• Restored the ability to log in via certificate authentication on port 1241 when “force_pubkey_auth = no“
• This version of Nessus now includes OpenSSL version 1.0.0h

Download Nessus 5.0.1

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Webapp-Exploit-Payloads v.1.0 Released

Webapp-Exploit-Payloads is a collection of payloads for common webapps. For example Joomla and WordPress. From the hundreds of different Web Application Vulnerabilities that can be found on any website, only a smallpercentage gives the intruder a direct way for executing operating system commands. And if we keepdigging into that group we‟ll identify only one or two that under normal circumstances might give the intruderelevated privileges.

The basic problem solved by any payload is pretty simple: "I have access,what now?". In memory corruption exploits it's pretty easy to perform arbitrary tasks because after successfulexploitation the attacker is able to control the remote CPU and memory, which allow for execution of arbitraryoperating system calls. With this power it‟s possible to create a new user, run arbitrary commands or uploadfiles.

Web Application Payloads are small pieces of code that are run in the intruder‟s box, and then translated bythe Web Application exploit to a combination of GET and POST requests to be sent to the remote Web server

Usage:

$ python bin/genpayload.py src/js/wordpress/newadmin/ -o out.js

Download Webapp-Exploit-Payloads v.1.0

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

winAUTOPWN v3.0 - System vulnerability exploitation Framework

The improved GUI extension - WINAUTOPWN ACTIVE SYSTEMS TRANSGRESSOR GUI [ C4 - WAST ] is a Systems and Network Exploitation Framework built on the famous winAUTOPWN as a backend. C4 - WAST gives users the freedom to select individual exploits and use them.

BSDAUTOPWN has been compiled, like always for various flavours and has been upgraded to version 1.8 alongwith all applicable exploits which have been added in this release. Included this time is the bsd_install.sh, which will set chmod on all applicable BSD compiled binaries.

WINAUTOPWN requires PERL,PHP,PYTHON,RUBY and its dependencies alongwith a few others' too for smooth working of exploits included in it.

winAUTOPWN bsdAUTOPWN are available to Download here

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email