The Social-Engineer Toolkit (SET) v4.7 released

The Social-Engineer Toolkit (SET) version 4.7 codename “Headshot” has been released. This version of SET introduces the ability to specify multi-powershell injection which allows you to specify as many ports as you want and SET will automatically inject PowerShell onto the system on all of the reverse ports outbound. What’s nice with this technique is it never touches disk and also uses already white listed processes. So it should never trigger anything like anti-virus or whitelisting/blacklisting tools. In addition to multi-powershell injector, there are a total of 30 new features and a large rewrite of how SET handles passing information within different modules.

Change log for version 4.7

• removed a prompt that would come up when using the powershell injection technique, port.options is now written in prep.py versus a second prompt with information that was already provided
• began an extremely large project of centralizing the SET config file by moving all of the options to the set.options file under src/program_junk
• moved all port.options to the central routine file set.options
• moved all ipaddr.file to the central routine file set.options
• changed spacing on when launching the SET web server
• changed the wording to reflect what operating systems this was tested on versus browsers
• removed an un-needed print option1 within smtp_web that was reflecting a message back to user
• added the updated java bean jmx exploit that was updated in Metasploit
• added ability to specify a username list for the SQL brute forcing, can either specify sa, other usernames, or a filename with usernames in it
• added new feature called multi-powershell-injection – configurable in the set config options, allows you to use powershell to do multiple injection points and ports. Useful in egress situations where you don’t know which port will be allowed outbound.
• enabled multi-pyinjection through java applet attack vector, it is configured through set config
• removed check for static powershell commands, will load regardless – if not installed user will not know regardless – better if path variables aren’t the same
• fixed a bug that would cause linux and osx payloads to be selected even when disabled
• fixed a bug that would cause the meta_config file to be empty if selecting powershell injection
• added automatic check for Kali Linux to detect the default moved Metasploit path
• removed a tail comma from the new multi injector which was causing it to error out
• added new core routine check_ports(filename, ports) which will do a compare to see if a file already contains a metasploit LPORT (removes duplicates)
• added new check to remove duplicates into multi powershell injection
• made the new powershell injection technique compliant with the multi pyinjector – both payloads work together now
• added encrypted and obfsucated jar files to SET, will automatically push new repos to git everyday.
• rewrote the java jar file to handle multiple powershell alphanumeric shellcode points injected into applet.
• added signed and unsigned jar files to the java applet attack vector
• removed create_payload.py from saving files in src/html and instead in the proper folders src/program_junk
• fixed a payload duplication issue in create_payload.py, will now check to see if port is there
• removed a pefile check unless backdoored executable is in use
• turned digital signature stealing from a pefile to off in the set_config file
• converted all src/html/msf.exe to src/program_junk/ and fixed an issue where the applet would not load properly

It can also be downloaded through github using the following command: 
git clone https://github.com/trustedsec/social-engineer-toolkit/ set/

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Biggest password cracking wordlist with millions of words

One of the biggest and very comprehensive collection of 1,493,677,782 word for Password cracking list released for download. The wordlists are intended primarily for use with password crackers such as hashcat, John the Ripper and with password recovery utilities.

Defuse Security have released the wordlist of 4.2 GiB (compressed) or 15 GiB (uncompressed) used by their Crackstation project.

Wordlist originally shared by 'Stun', Anonymous Hacktivist. You can also download it from Torrent.

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Phrozen Keylogger Lite v1.0 download

Phrozen Keylogger Lite is finally available, developed by Dark comet RAT developer. Phrozen Keylogger Lite is a powerful and user friendly keylogger especially created for Microsoft Windows systems. Phrozen Keylogger Lite is compatible with all currently supported versions of Windows, which effectively means Windows XP to the recently released Windows 8.

Phrozen Keylogger Lite has been especially created to capture all keystrokes from any type of keyboard (PS/2, USB and even Virtual Keyboards). The captured keystrokes are stored into a local database. There they are sorted by their process name and the active window into a log.

Phrozen Keylogger Lite is running silently in background. When the program is successfully installed on a computer, it will capture all keystrokes fully stealthily and the program will remain hidden from every user. It will not slow down the computer it is installed on.

If you want to consult the logs of the current day or previous days just press the so-called “Magic Shortcut” and enter your personal password and the logs will be made visible in a new window. You can easily manage, export, delete, mark as important, mail, etc. these logs.

Phrozen Keylogger Lite also gives you the possibility to manage black listed words. When such a word is entered via keystrokes you will immediately be sent a mail which contains the entire context in which that ‘black listed word’ appears. This is a very useful feature: suppose you have forbidden your son to go to a specific gambling site and he does go there against your wishes, you then immediately get a mail that warns you of this transgression.

Download Phrozen Keylogger Lite v1.0

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Pentoo 2013.0 RC1.1 Released

Pentoo is a security-focused live CD based on Gentoo It's basically a Gentoo install with lots of customized tools, customized kernel, and much more.

Pentoo 2013.0 RC1.1 features :

• Changes saving
• CUDA/OpenCL Enhanced cracking software
• John the ripper
• Hashcat Suite of tools
• Kernel 3.7.5 and all needed patches for injection
• XFCE 4.10
• All the latest tools and a responsive development team!

Here is a non-exhaustive list of the features currently included :

• Hardened Kernel with aufs patches
• Backported Wifi stack from latest stable kernel release
• Module loading support ala slax
• Changes saving on usb stick
• XFCE4 wm
• Cuda/OPENCL cracking support with development tools
• System updates if you got it finally installed

Download Pentoo 2013.0 RC1.1

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Recon-ng : Web Reconnaisance framework for Penetration testers

Recon-ng is a full-featured Web Reconnaissance framework written in Python. Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework.

Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.

If you want to exploit, use the Metasploit Framework. If you want to Social Engineer, us the Social Engineer Toolkit. If you want to conduct reconnaissance, use Recon-ng!

How to use ? Complete Guide is available here

Recon-ng repository

git clone https://LaNMaSteR53@bitbucket.org/LaNMaSteR53/recon-ng.git

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

WAppEx v2.0 : Web Application exploitation Tool

WAppEx is an integrated Web Application security assessment and exploitation platform designed with the whole spectrum of security professionals to web application hobbyists in mind. It suggests a security assessment model which revolves around an extensible exploit database. Further, it complements the power with various tools required to perform all stages of a web application attack.

Updates in 2.0

• Auto-detect feature deleted from exploits
• Browser tool deleted
• Exploits and payloads view changed
• Exploit Database with the following features added:
• New script syntax and structure
• Searching, selecting, and executing of exploits.
• Add/remove database entries (exploits or payloads)
• Add exploits or payloads to the database using either the Exploit Wizard or the script file
• Batch testing of multiple targets against multiple exploits
• Execute multiple instances of one or more payloads (for every running exploit) simultaneously.
• Following tools added:
• Manual Request
• Dork Finder
• Exploit Editor
• Hidden File Checker
• Neighbor Site Finder
• Local File Inclusion analyzer script updated
• 24 new payloads for LFI, RFI, and PHP Code Execution vulnerabilities added:
• Directory Explorer
• CodeExec Bind
• 3 connect-back shells
• Code Execution
• MySQL Dump
• ServerInfo
• 4 command execution payloads
• Bug-fixes:
• Find Login Page crashed on start
• Problem with software registration
• Stop button did not work when retrieving data from SQL server
• Problem with saving SQL results
• Crashed when closing Find Login Page
• Status icons were not displayed properly in exploit tabs

The full list features is as below:

• An exploit database covering a wide range of vulnerabilities.
• A set of tools useful for penetration testing:
• Manual Request
• Dork Finder
• Exploit Editor
• Hidden File Checker
• Neighbor Site Finder
• Find Login Page
• Online Hash Cracker
• Encoder/Decoder
• Execute multiple instances of one or more exploits simultaneously.
• Execute multiple instances of one or more payloads (for every running exploit) simultaneously.
• Test a list of target URL’s against a number of selected exploits.
• Allows you to create your own exploits and payloads and share them online.
• A number of featured exploits (6) and payloads (39) bundled within the software exploit database:
• Testing and exploiting of Local File Inclusion vulnerabilities
• Testing and exploiting of Local File Disclosure vulnerabilities
• Testing and exploiting of Remote File Inclusion vulnerabilities
• Testing and exploiting of SQL Injection vulnerabilities
• Testing and exploiting of Remote Command Execution Inclusion vulnerabilities
• Testing and exploiting of Server-side Code Injection vulnerabilities

Download WAppEX 2.0

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Password Cracker Tool Hashkill version 0.3.1 released

Hashkill is an opensource hash cracker for Linux that uses OpenSSL. Currently it supports 4 attack methods (dictionary, bruteforce, hybrid).

Hashkill has 35 plugins for different types of passwords (ranging from simple hashes like MD5 and SHA1 to passworded ZIP files and private SSL key passphrases).

Multi-hash support (you may load hashlists of length up to 1 million) and very fast GPU support on Nvidia (compute capability 2.1 cards also supported) and ATI (4xxx, 5xxx and 6xxx).

The latest update includes 9 new plugins: bfunix, drupal7, django256, sha256unix, mssql-2012, o5logon, msoffice-old, msoffice, luks. Of them msoffice-old is currently supported on CPU only, the rest are GPU-accelerated. Improved bitmaps handling in non-salted kernels addded, so that huge hashlists would be cracked at faster speeds. Now Thermal monitoring can now be disabled using -T 0 command-line argument.

Download Hashkill 0.3.1

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Weevely : Stealth PHP web shell with telnet style console

Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.

• More than 30 modules to automatize administration and post exploitation tasks:
• Execute commands and browse remote filesystem, even with PHP security restriction
• Audit common server misconfigurations
• Run SQL console pivoting on target machine
• Proxy your HTTP traffic through target
• Mount target filesystem to local mount point
• Simple file transfer from and to target
• Spawn reverse and direct TCP shells
• Bruteforce SQL accounts through target system
• Run port scans from target machine
• And so on..
• Backdoor communications are hidden in HTTP Cookies
• Communications are obfuscated to bypass NIDS signature detection
• Backdoor polymorphic PHP code is obfuscated to avoid HIDS AV detection

Download Weevely v1.0

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Automated HTTP Enumeration Tool

Null Security Team writing a python script for Automated HTTP Enumeration. currently only in the initial beta stage, but includes basic checking of files including the Apache server-status as well as well IIS WebDAV and Microsoft FrontPage Extensions, many more features will be added to this tool which will make lot of the enumeration process quick and simple.

Version 0.2 adds scanning of SSL / TLS as well as an option for probing delays and general bug fixes.

Download the Python Script

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

BlindElephant – Web Application Fingerprinting

During Black Hat USA 2010, Patrick Thomas presented a new web application fingerprinting tool called Blind Elephant.

The BlindElephant Web Application Finger-printer attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatically.

BlindElephant works via a new trendy technique of fetching static elements of the web app such as .js, .css, and other core files then running a check sum to compare sizes of those files from released versions.

BlindElephant is available via SVN here

svn co https://blindelephant.svn.sourceforge.net/svnroot/blindelephant/trunk blindelephant

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

PwnStar latest version with new Exploits released

A bash script to launch a Soft AP, configurable with a wide variety of attack options. Includes a number of index.html and server php scripts, for sniffing/phishing. Can act as multi-client captive portal using php and iptables.  Launches classic exploits such as evil-PDF. De-auth with aireplay, airdrop-ng or MDK3.

Changes and New Features

• “hotspot_3″ is a simple phishing web page, used with basic menu option 4.
• “portal_simple” is a captive portal which allows you to edit the index.html with the name of the portal eg “Joe’s CyberCafe”. It is used for sniffing.
• “portal_hotspot3″ phishes credentials, and then allows clients through the portal to the internet
• “portal_pdf” forces the client to download a malicious pdf in order to pass through the portal

Updated feature list:

• captive-portal with iptables and php
• more php scripts added
• exploits added
• mdk3 and airdrop deauth

General Features :

• manage interfaces and MACspoofing
• set up sniffing
• serve up phishing or malicious web pages
• launch karmetasploit
• grab WPA handshakes
• de-auth clients
• manage IPtables

Download Here

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

PwnPi v2.0 - A Pen Test Drop Box distro for the Raspberry Pi

PwnPi is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 114 network security tools pre-installed to aid the penetration tester. It is built on the debian squeeze image from the raspberry pi foundation’s website and uses Xfce as the window manager

Login username and password is root:root

Tools List:

Download Here

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

NetSleuth : Open source Network Forensics And Analysis Tools

NetSleuth identifies and fingerprints network devices by silent network monitoring or by processing data from PCAP files.

NetSleuth is an opensource network forensics and analysis tool, designed for triage in incident response situations. It can identify and fingerprint network hosts and devices from pcap files captured from Ethernet or WiFi data (from tools like Kismet).

It also includes a live mode, silently identifying hosts and devices without needing to send any packets or put the network adapters into promiscuous mode ("silent portscanning").

NetSleuth is a free network monitoring, cyber security and network forensics analysis (NFAT) tool that provides the following features:

• An easy realtime overview of what devices and what people are connected to any WiFi or Ethernet network.
• Free. The tool can be downloaded for free, and the source code is available under the GPL.
• Simple and cost effective. No requirement for hardware or reconfiguration of networks.
• “Silent portscanning” and undetectable network monitoring on WiFi and wired networks.
• Automatic identification of a vast array of device types, including smartphones, tablets, gaming consoles, printers, routers, desktops and more.
• Offline analysis of pcap files, from tools like Kismet or tcpdump, to aid in intrusion response and network forensics.

Download Here

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

TXDNS v 2.2.1 - Aggressive multithreaded DNS digger

TXDNS is a Win32 aggressive multithreaded DNS digger. Capable of placing, on the wire, thousands of DNS queries per minute. TXDNS main goal is to expose a domain namespace trough a number of techniques:

-- Typos: Mised, doouble and transposde keystrokes;

-- TLD/ccSLD rotation;

-- Dictionary attack;

-- Full Brute-force attack: alpha, numeric or alphanumeric charsets.

New features:

• Support AAAA(IPv6)record queries:
• -rr AAAA;
• Rewrite summarizing statistics using a thread-safe algorithm instead mutex.

Bug fixes:

• Fixed a problem when running under Windows XP;
• Fixed a problem when parsing a IPv6 address.
• November 9th, 2012 by Arley Silveira

Download Here

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

PySQLi - Python SQL injection framework

PySQLi is a python framework designed to exploit complex SQL injection vulnerabilities. It provides dedicated bricks that can be used to build advanced exploits or easily extended/improved to fit the case.

PySQLi is thought to be easily modified and extended through derivated classes and to be able to inject into various ways such as command line, custom network protocols and even in anti-CSRF HTTP forms. 

PySQLi is still in an early stage of development, whereas it has been developed since more than three years. Many features lack but the actual version but this will be improved in the next months/years.

Download PySQLi

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Joomscan updated - now can identify 673 joomla vulnerabilities

Security Team Web-Center just released an updated for Joomscan Security Scanner. The new database Have 673 joomla vulnerabilities

Joomla! is probably the most widely-used CMS out there due to its flexibility, user friendlinesss, extensibility to name a few.So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity.It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites.

Check for new updates with command: ./joomscan.pl or check ./joomscan.pl update 

Download Joomscan

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

BeEF 0.4.3.8 - Browser Exploitation Framework

The Browser Exploitation Framework (BeEF) is a powerful professional security tool. It is a penetration testing tool that focuses on the web browser. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. 

Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing.

BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors.

Download BeEF 0.4.3.8

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Spooftooph 0.5.2 - Automated spoofing or cloning Bluetooth device

Spooftooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will only list one of the devices if more than one device in range shares the same device information when the devices are in Discoverable Mode (specificaly the same Address).

Features

• Clone and log Bluetooth device information
• Generate a random new Bluetooth profile
• Change Bluetooth profile every X seconds
• Specify device information for Bluetooth interface
• Select device to clone from scan log

Usage : To modify the Bluetooth adapter, spooftooth must be run with root privileges. Spooftooph offers five modes of usage:

1) Specify NAME, CLASS and ADDR.
root@thnlab: spooftooph -i hci0 -n new_name -a 00:11:22:33:44:55 -c 0x1c010c

2) Randomly generate NAME, CLASS and ADDR.
root@thnlab: spooftooph -i hci0 -R

3) Scan for devices in range and select device to clone. Optionally dump the device information in a specified log file.
root@thnlab: spooftooph -i hci0 -s -w file.csv

4) Load in device info from log file and specify device info to clone.
root@thnlab: spooftooph -i hci0 -r file.csv

5) Clone a random devices info in range every X seconds.
root@thnlab: spooftooph -i hci0 -t 10

Download Spooftooph 0.5.2

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Wifi Honey - Creates fake APs using all encryption

This is a script, attack can use to creates fake APs using all encryption and monitors with Airodump. It automate the setup process, it creates five monitor mode interfaces, four are used as APs and the fifth is used for airdump-ng. To make things easier, rather than having five windows all this is done in a screen session which allows you to switch between screens to see what is going on. All sessions are labelled so you know which is which.

Installing wifi honey
chmod a+x wifi_honey.sh
./wifi_honey.sh fake_wpa_net
./wifi_honey.sh fake_wpa_net 1 waln1

Download Wifi Honey

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

JBoss Autopwn - JSP Hacking Tool For JBoss AS Server

This JBoss script deploys a JSP shell on the target JBoss AS server. Once deployed, the script uses its upload and command execution capability to provide an interactive session.

Features include:

- Multiplatform support - tested on Windows, Linux and Mac targets

- Support for bind and reverse bind shells

- Meterpreter shells and VNC support for Windows targets

Installation: Dependencies include

- Netcat

- Curl

- Metasploit v3, installed in the current path as "framework3"

Download JBoss Autopwn

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email