PwnStar latest version with new Exploits released

A bash script to launch a Soft AP, configurable with a wide variety of attack options. Includes a number of index.html and server php scripts, for sniffing/phishing. Can act as multi-client captive portal using php and iptables.  Launches classic exploits such as evil-PDF. De-auth with aireplay, airdrop-ng or MDK3.

Changes and New Features

• “hotspot_3″ is a simple phishing web page, used with basic menu option 4.
• “portal_simple” is a captive portal which allows you to edit the index.html with the name of the portal eg “Joe’s CyberCafe”. It is used for sniffing.
• “portal_hotspot3″ phishes credentials, and then allows clients through the portal to the internet
• “portal_pdf” forces the client to download a malicious pdf in order to pass through the portal

Updated feature list:

• captive-portal with iptables and php
• more php scripts added
• exploits added
• mdk3 and airdrop deauth

General Features :

• manage interfaces and MACspoofing
• set up sniffing
• serve up phishing or malicious web pages
• launch karmetasploit
• grab WPA handshakes
• de-auth clients
• manage IPtables

Download Here

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Spooftooph 0.5.2 - Automated spoofing or cloning Bluetooth device

Spooftooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will only list one of the devices if more than one device in range shares the same device information when the devices are in Discoverable Mode (specificaly the same Address).

Features

• Clone and log Bluetooth device information
• Generate a random new Bluetooth profile
• Change Bluetooth profile every X seconds
• Specify device information for Bluetooth interface
• Select device to clone from scan log

Usage : To modify the Bluetooth adapter, spooftooth must be run with root privileges. Spooftooph offers five modes of usage:

1) Specify NAME, CLASS and ADDR.
root@thnlab: spooftooph -i hci0 -n new_name -a 00:11:22:33:44:55 -c 0x1c010c

2) Randomly generate NAME, CLASS and ADDR.
root@thnlab: spooftooph -i hci0 -R

3) Scan for devices in range and select device to clone. Optionally dump the device information in a specified log file.
root@thnlab: spooftooph -i hci0 -s -w file.csv

4) Load in device info from log file and specify device info to clone.
root@thnlab: spooftooph -i hci0 -r file.csv

5) Clone a random devices info in range every X seconds.
root@thnlab: spooftooph -i hci0 -t 10

Download Spooftooph 0.5.2

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Wifi Honey - Creates fake APs using all encryption

This is a script, attack can use to creates fake APs using all encryption and monitors with Airodump. It automate the setup process, it creates five monitor mode interfaces, four are used as APs and the fifth is used for airdump-ng. To make things easier, rather than having five windows all this is done in a screen session which allows you to switch between screens to see what is going on. All sessions are labelled so you know which is which.

Installing wifi honey
chmod a+x wifi_honey.sh
./wifi_honey.sh fake_wpa_net
./wifi_honey.sh fake_wpa_net 1 waln1

Download Wifi Honey

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

WebSploit Framework 2.0.3 with Wifi Jammer

WebSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability.

WebSploit Is An Open Source Project For :
[>]Social Engineering Works
[>]Scan,Crawler & Analysis Web
[>]Automatic Exploiter
[>]Support Network Attacks
----
[+]Autopwn - Used From Metasploit For Scan and Exploit Target Service
[+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin
[+]format infector - inject reverse & bind payload into file format
[+]phpmyadmin Scanner
[+]LFI Bypasser
[+]Apache Users Scanner
[+]Dir Bruter
[+]admin finder
[+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks
[+]MITM - Man In The Middle Attack
[+]Java Applet Attack
[+]MFOD Attack Vector
[+]USB Infection Attack
[+]ARP Dos Attack
[+]Web Killer Attack
[+]Fake Update Attack
[+]Fake Access point Attack

Download WebSploit Framework 2.0.3

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

dSploit v1.0.23b -- Android network penetration suite

Have you ever wanted to dabble in network security testing? dSploit is an Android based network analysis & penetration suite. It is a comprehensive toolchain which can be used by anyone in order to perform a number of advanced network analysis and Pentests. dSploit contains a number of powerful functions for IT security experts/geeks, but is easy enough for just about any one to perform exploits.

dSploit allows you to analyze, capture, and manipulate network packets. You can scan networks for connected devices like other smartphones, laptops, & identify the operating system, running services and open ports on each device. Once open ports are known, you can go further by checking open ports for vulnerabilities. These features together make dSploit the most complete and advanced professional toolkit to perform network security assesments on any mobile device, ever.

Other than analysis, dSploit even allows man in the middle attacks for a number of network protocols i.e. you can monitor and inject packets into the network and spoof your identity. In simpler words, it allows you to intercept wireless network traffic and mess it with in the way you want. You can poison the DNS, for example, so that your family members go to Google+ everytime they try open facebook, or replace all the images with a custom PWNed/funny image. The ideas are what limit you, possibilities of fun are endless.

Available Modules in dSploit :

• RouterPWN
• Launch the http://routerpwn.com/ service to pwn your router.
• Port Scanner
• A syn port scanner to find quickly open ports on a single target.
• Inspector
• Performs target operating system and services deep detection, slower than syn port scanner but more accurate.
• Vulnerability Finder
• Search for known vulnerabilities for target running services upon National Vulnerability Database.
• Login Cracker
• A very fast network logon cracker which supports many different services.
• Packet Forger
• Craft and send a custom TCP or UDP packet to the target.
• MITM
• A set of man-in-the-middle tools to command&conquer the whole network .

The app is currently in beta, so there may be bugs present. However, a large number of users are reporting good feedback in the thread. You need to be running at least Android 2.3 Gingerbread, and the device must be rooted.

Download dSploit

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Social Engineer Toolkit version 4.1 released

The Social Engineering Toolkit (SET) updated to version 4.1 . It is an open source, python-driven, social-engineering penetration testing framework of custom tools which solely focuses on attacking the human element of penetration testing. It was designed in order to arm penetration testers and security researchers with the ability to effectively test heavily advanced social-engineering attacks armed with logical methods. The Social Engineer Toolkit leverages multiple attack vectors that take advantage of the human element of security in an effort to target attackers.

Toolkit change log

• Removed the Java Exploit from being built into the Java Applet. Being detected by to many AV vendors.
• Added core libraries to the scraper, needed for check_config and apache mode checks
• Added check for apache mode within harvester, will move new php customize script to apache directory and extract under different directory
• Rewrote new check mechanism in scraper for config checks and cleaned up code
• Fixed a bug that would cause the verified signature import to error out when selecting number 9 in the web attack menu
• Added a custom php script into harvester that allows you to check harvested credentials through apache
• Added compatibility with multiattack and apache mode for credential harvester and java applet combined
• Fixed the allports payload, really buggy at first with powershell injection, got it more stable
• Added better stability for the credential harvester to handle exceptions when being passed certain pieces of data including null connections
• Added better stability on the multiattack credential harvester php and applet attack
• Fixed a bug that would cause payload selection to not work correctly when using pyInjector
• Added so the peensy attack will prompt for an IP address and rewrite the pde file for the appropriate IP addresses
• Added datetime on teensy devices so they don’t overwrite the teensy.pde files anymore
• Added better encoding into the java applet attack vector
• Added better packing and encryption on the pyinjector attack, loads super fast now when executing applet
• Added better reliability in the Java Applet
• Even more improved load times for the Java Applet and executable execution
• Added anti debugger and encryption to the initial staged downloader which is used for fast loading of payloads

Download Social Engineer Toolkit 4.0:

svn co http://svn.trustedsec.com/social_engineering_toolkit set/

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Social Engineer Toolkit 4.0 Released

Social Engineer Toolkit or SET updated to V4.0 . The latest version code named is “Balls of Steel.” The Social Engineering Toolkit (SET) is an open source, python-driven, social-engineering penetration testing framework of custom tools which solely focuses on attacking the human element of penetration testing.

It was designed in order to arm penetration testers and security researchers with the ability to effectively test heavily advanced social-engineering attacks armed with logical methods. The Social Engineer Toolkit leverages multiple attack vectors that take advantage of the human element of security in an effort to target attackers.

In New version the Java Applet attack has been completely rewritten and obfuscated with added evasion techniques. Additionally, all of the payloads have been heavily encrypted with a number of heavy anti-debugging tools.

The powershell attack vectors now support customized payload selection through the config/set_config. A new attack vector has been added called the Dell DRAC Attack Vector (default credential finder).

.

Download Social Engineer Toolkit 4.0:
svn co http://svn.trustedsec.com/social_engineering_toolkit set/

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

WiFiKill v1.7 - Eject any WiFi device from network

If you want to disable any ip address which use same router to connect internet. Now you can used your android application, WifiKill use as can disable internet connection for a device on the same network. This is alternate version of NETCUT for Android. Simply allows you to scan your wifi network for devices, see their vendor and cut network connection for specified devices. This way you can get rid of network hoggers. It gives option to redirect HTTP traffic to specific IP, this feature can be used even to do phishing smartly.

Changelog:
- fixed the counter bug (I hope for the last time)
- added an option to redirect HTTP traffic to specific IP (caution! this may lead to significant CPU load)
- now successful kills are tagged by green icon on the left of IP (this is not 100% correct)

Download this application from LINK 1 or LINK 2

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

WiFite v2.0 r85 - WPS hacking support Added

WiFite is an automated wireless attack tool. It’s purpose is to attack multiple WEP and WPA encrypted networks at the same time. This tool is customizable to be automated with only a few arguments. It can be trusted to run without supervision. It was designed for use with pentesting distributions of Linux, such as Backtrack 5 R1, BlackBuntu, BackBox; any Linux distributions with wireless drivers patched for injection. The script appears to also operate with Ubuntu 11/10, Debian 6, and Fedora 16.

Changes made to WiFite:

• wifite v2, wps support, bug fixes, complete code re-write.
• Updated handshake capture line to accept pyrit’s new output.
• Changed WPA deauth from -h to -c as per fercerpav’s suggestion.
• Remove apostrophe before using in SQL statement
• Added single quotes back to SQL statements
• Remove apostrophe from sql statements
• Replace sql strings with triple-quote strings

Download WiFite v2.0 r85

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Chapcrack - Tool for Cracking MS-CHAPv2

Chapcrack is a tool for parsing and decrypting MS-CHAPv2 network handshakes. In order to use it, a packet with an MS-CHAPv2 network handshake must be obtained. The tool is used to parse relevant credentials from the handshake. In other words, Chapcrack parses the credential information out of MS-CHAPv2 handshakes, sends to Cloudcracker which in turn will return a packet that can be decrypted by Chapcrack to recover the password.

The resulting file (“token”) is then submitted to CloudCracker, an online password cracking service for penetration testers and network auditors, which returns the cracked MD4 hash in under a day. For each handshake, it outputs the username, known plaintext, two known ciphertexts, and will crack the third DES key. Whats interesting to know is that Cloudcracker forwards your handshake information to a Pico Computing’s DES cracking box, which is powered by a FPGA box that implemented DES as a real pipeline, with one DES operation for each clock cycle. With 40 cores at 450mhz, that’s 18 billion keys/second!

The hash is inserted into chapcrack, and the entire network capture is decrypted. Alternatively, it can be used to login to the user’s VPN service or WPA2 Enterprise radius server. All of this is possible only because of the weak protocol architecture that allows MD4 hash of the user’s password to be authenticated as them, as well as to decrypt any of their traffic.

How to use chapcrack?

• Obtain a packet capture with an MS-CHAPv2 network handshake in it (PPTP VPN or WPA2 Enterprise handshake, for instance).
• Use chapcrack to parse relevant credentials from the handshake (chapcrack parse -i path/to/capture.cap).
• Submit the CloudCracker token to www.cloudcracker.com
• Get your results, and decrypt the packet capture (chapcrack decrypt -i path/to/capture.cap -o output.cap -n )

Download chapcrack

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Fern Wifi Cracker 1.45 Released with Cookie Hijacker

Fern Cookie Hijacker is a new feature add in Fern Wifi Cracker 1.45 ,it is a wifi based session hijacking tool able to clone remote online web sessions by sniffing and capturing wireless cookie packets from remote hosts by intercepting reachable wireless signals. It is capable of decrypting WEP encrypted packets on the fly to process session cookies transmitted over the air.

Fern cookie Hijacker comes with smart intergrated code to detect and intercept cookie packets, unlike some cookie detection engines fern cookie hijacker does not wait to collect complete cookie acknowledgement during the initial authentication process, but pulls cookies and associate them with their hosts as they are transmitted over the wireless connection, its also forges to correctness values that are not captured e.g (exipry,isSecure).

Download Fern Wifi Cracker 1.45

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

T50 : Experimental Packet Injector Tool

Multi-protocol packet injector tool for *nix systems, actually supporting 15 protocols.

Features

- Flooding

- CIDR support

- TCP, UDP, ICMP, IGMPv2, IGMPv3, EGP, DCCP, RSVP, RIPv1, RIPv2, GRE, ESP, AH, EIGRP and OSPF support.

- TCP Options.

- High performance.

- Can hit about 1.000.000 packets per second.

Download T50

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Netsniff-ng v0.5.7 – The packet sniffing beast

netsniff-ng is a high performance Linux network sniffer for packet inspection. It is similar to analyzers like tcpdump, but without the need to perform system calls for fetching network packets. A memory-mapped area within kernelspace will be used for accessing packets, so there is no requirement for copying them to userspace (a ‘zero-copy’ mechanism). For this purpose, netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying, and performing offline analysis of pcap dumps. 

The project is focused on building a robust, clean, and secure analyzer and utilities that complete netsniff-ng as a support for penetration testing. netsniff-ng can be used for protocol analysis, reverse engineering, and network debugging.

Release Notes V0.5.7: This release fixes a number of bugs, cleans the code, and adds new features, including raw 802.11 support and a new packet configuration language for trafgen.

DOWNLOAD Netsniff-ng v0.5.7

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Bluelog v-1.0.4 Released

Bluelog is a Bluetooth site survey tool, designed to tell you how many discoverable devices there are in an area as quickly as possible. Bluelog differs from most Bluetooth scanners in that it prioritizes speed of reporting over anything else (i.e. it doesn’t spend time trying to pull detailed data from a device) and doesn’t require any user intervention to function.

As the name implies, its primary function is to log discovered devices to file rather than to be used interactively. Bluelog could run on a system unattended for long periods of time to collect data.

In addition to basic scanning, Bluelog also has a unique feature called “Bluelog Live”, which puts results in a constantly updating Web page which you can serve with your HTTP daemon of choice.

This large update features many internal improvements and a completely new Bluelog Live CGI module. Performance on OpenWRT and the Pwnie Express Pwn Plug was improved.

Download Bluelog v-1.0.4

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

THC-WarDrive - Tool for mapping your city for wavelan networks

THC-WarDrive is a tool for mapping your city for wavelan networks with a GPS device while you are driving a car or walking through the streets. THC-WarDrive is effective and flexible, a "must-download" for all wavelan nerds.

New Release:

• fixed a bug with the -W option, forgot to reset a variable. result: showed always the information of the first wvlan found.
• rewrote the GPS data gathering function. old way fucked up the exact location too often and generated a too-long backlog. nearly all GPS gathering tools have this bug btw. things learned: cut'n paste from tools isn't always the best new function rules. bah.
• some minor fixes and changes

Download THC-WarDrive

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

DroidSheep - Android tool for web session hijacking

DroidSheep is a simple Android tool for web session hijacking (sidejacking). It listens for HTTP packets sent via a wireless (802.11) network connection and extracts the session id from these packets in order to reuse them.

DroidSheep can capture sessions using the libpcap library and supports: OPEN Networks WEP encrypted networks WPA and WPA2 encrypted networks (PSK only)

How does that work this simple?

There are many users that do not known that air is the transmission medium when using WiFi. Therefore information is not only transfered to its receiver but also to any other party in the network within the range of the radio waves.

Usually nothing special happens because the WiFi users discard packets that are not destined to themselves. DroidSheep does not do this. It reads all the packets looking at their contents.Is a website sending a clear recognition feature within a message’s content, which can identify a user (“SessionID”), then DroidSheep is able to read it although it is not intended to external users. Moreover DroidSheep can use this token to use it as its own. The server can’t decide whether the authorized user or DroidSheep has sent the request.

Video demonstration

Download Droidsheep

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

katalina : A WiFi KARMA Automation Tool

Katalina is an automation tool for launching KARMA wireless assessments. It's an implementation of Karmetasploit that works both via Airbase-NG as well as a Jasager device. It's designed with BackTrack 5 in mind but should work an all Linux operating systems.

What does it do:

• Creates the right dhcpd.conf file if it doesn’t exit
• It creates the right karma.rc file for Metasploit to use
• Lists and enables monitor mode on the wireless interface of choice
• Kicks off Airbase-NG
• Allows to specify a rogue AP SSID (by default it emulates a FON)
• Verbose mode tails /var/log/messages in its own window allowing you to see any connections
• It can re-initialize the wireless driver if it didn’t work (some drivers require this under VMs)

Download katalina using following command:

svn checkout http://katalina.googlecode.com/svn/trunk/ katalina-read-only

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

WPSCRACKGUI V-1.1.8 - Graphical tool for cracking WPS Wireless Pin

Graphical interface to the network cracking WPS Reaver.

Features :

• Graphic User Interface (GUI) WPS encryption cracking.
• Advanced Attack with Generic Dictionary.
• Advanced Dictionary Attack with Enhanced.
• Updated Assisted Reaver-WPS.
• Database with PINs.
• Change MAC Address.
• Supported in Gt and Gtk.
• Scan networks.

DOWNLOAD WPSCRACKGUI V-1.1.8

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

PwnSTAR 0.7 - bash script to launch a Soft AP with various attacks

A bash script to launch a Soft AP, configurable with a wide variety of attack options. Includes a number of index.html and server php scripts. It Can act as multi-client captive portal using php and iptables. Launches classic exploits such as evil-PDF.

New Features in PwnSTAR V0.6:

• advanced menu (big plans for filling this over time)
• captive portal using iptables and php:
• accepts/denies based on MAC
• can track multiple clients (your hardware permitting!)
• writes sslstrip iptables rules per client/MAC

General Features :

• manage interfaces and MACspoofing
• set up sniffing
• serve up phishing or malicious web pages
• launch karmetasploit
• grab WPA handshakes
• de-auth clients
• manage IPtables

Download PwnSTAR 0.7

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Ghost-phisher - GUI suite for phishing and penetration attacks

Ghost Phisher is a computer security application that comes inbuilt with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database.

The program could be used as an honey pot,could be used to service DHCP request , DNS requests or phishing attacks.

To install simply run the following command in terminal after changing directory to the path were the downloaded package is:
       dpkg -i ghost-phisher_1.3_all.deb

To get the source code for this project from SVN, here's the checkout link:
      svn checkout http://ghost-phisher.googlecode.com/svn/Ghost-Phisher

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email