Archive for December, 2007

wsScanner - Web Services Footprinting, Discovery, Enumeration, Scanning and Fuzzing tool

Published at December 31, 2007 in Hacking Tools, Applications, Articles, Security and Vulnerabilities & Exploits. Comments

wsScanner is a toolkit for Web Services scanning and vulnerability detection.

This tool has the following functions:

Discovery tool

By leveraging search engine this tool helps in discovering Web Services running on any particular domain or with certain name pattern.

Vulnerability detection

It is possible to enumerate and profile Web Services using this tool and one can follow it up by auto auditing (.NET only). .NET proxy gets dynamically created for audit module. One can do vulnerability scan for data type, SQL injections, LDAP/Command injections, Buffer checks, Bruteforing SOAP etc. It is also possible to leverage regex patterns for SOAP analysis.

Fuzzing

This tool helps in fuzzing different Web 2.0 streams like SOAP, XML-RPC, REST, JSON etc. This module helps in assessing various different Web Services.

UDDI scan

It is possible to scan UDDI servers using this tool for footprinting and discovery of Web Services.

This tool is still in beta and they are planning to add some more features and support. Stay tuned for future releases as well.

You can download wsScanner here:

wsScanner.zip

Or read more here.

Technorati Tags: , , , , , , , , , , ,

Whitetrash - Dynamic Web White-listing for Squid

Published at December 27, 2007 in Applications, Articles and Security. Comments

This is a pretty neat tool for those using Squid Cache and looking for a pro-active tool for securing web acccess in their company (or house if you have a devious sibling).

The goal of Whitetrash is to provide a user-friendly and sysadmin-friendly proxy that makes it significantly harder for malware to use HTTP and SSL for:

  • initial compromise;
  • data exfiltration; and
  • command and control.

Whitetrash features:

  • * Provides whitelisting for HTTP and SSL that is good for both users and sysadmins, but defends against malware and browser exploits.
  • A HTML rendered whitelist report that can be viewed by all users. Can also be used to generate static whitelists for popular domains.
  • Fast: no noticeable impact on users browsing urls already in the whitelist, and adding a new URL is very quick.
  • Secure: As this is a security product, great care has been taken to sanitise input, flow control etc. so that the whitelist cannot be easily circumvented or exploited.
  • Users can delete their own whitelist entries (optional). Admins can delete any whitelist entry. A HTML report that lists all domains requested but not whitelisted - good for tracking down malware/adware and generating static blacklists.
  • Configurable authentication: any sort of authentication can be used. Squid provides plugins for NTLM, basic, and digest but has an extensible interface for other authentication schemes.
  • NEW: A CAPTCHA system has been implemented to prevent malware adding itself to the whitelist. CAPTCHA can be enabled for HTTP, SSL, or both. This is available in the source tree and will be included in the next release.

Whitetrash whitelists web traffic at the domain level, and is a powerful technique to eliminate (or at least make difficult) communications for a lot of malware.

You can download Whitetrash here:

whitetrash 0.2RC1

Or read more here.

Technorati Tags: , , , , , ,

Nikto 2 - Web Server Scanning Tool

Published at December 25, 2007 in Hacking Tools, Applications, Articles and Vulnerabilities & Exploits. Comments

Another one that has been a long time coming, but finally here it is! Nikto 2.

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

Nikto is not designed as an overly stealthy tool. It will test a web server in the shortest timespan possible, and it’s fairly obvious in log files. However, there is support for LibWhisker’s anti-IDS methods in case you want to give it a try (or test your IDS system).

Not every check is a security problem, though most are. There are some items that are “info only” type checks that look for items that may not have a security flaw, but the webmaster or security engineer may not know are present on the server. These items are usually marked appropriately in the information printed. There are also some checks for unknown items which have been seen scanned for in log files.

Version 2 adds a ton of enhancements, including:

  • Fingerprinting web servers via favicon.ico files
  • 404 error checking for each file type
  • Enhanced false positive reduction via multiple methods: headers, page content, and content hashing
  • Scan tuning to include or exclude entire classes of vulnerability checks
  • Uses LibWhisker 2, which has its own long list of enhancements
  • A “single” scan mode that allows you to craft an HTTP request manually
  • Basic template engine so that HTML reports can be easily customized
  • An experimental knowledge base for scans, which will allow regenerated reports and retests (future)
  • Optimizations, bug fixes and more…

You can download Nikto 2 here:

nikto-current.tar.gz

Or read more here.

Technorati Tags: , , , , , , ,

Inguma 0.0.6 - Free Pen-testing Framework

Published at December 19, 2007 in Penetration Testing, Applications, Articles and Security. Comments

Quite a few people seem to be interested in this tool, so here is the latest revision - Inguma 0.0.6.

For those that don’t know, Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler.

In this new version various things have been added like new modules and improvements in the existing ones. For example the Oracle modules. The Oracle payloads now uses the Cursor Injection method when possible so CREATE PROCEDURE system privilege is not needed to become DBA.

The support for InlineEgg, added in version 0.0.5.1, have been removed and a new completely free library have been added (PyShellCodeLib).

The static analysis framework OpenDis have been enhanced and now you can use the API exposed by OpenDis to write your own binary static analysis tools. As an example of the API, a tool to make binary diffs have been added. Take a look to the file $INGUMA_DIR/dis/asmdiff.py and to the README stored in the same directory.

New 5 exploits for Oracle Databases have been added and the module “sidguess” have been enhanced to retrieve the SID of the database instance from the Enterprise Manager/Database Control banner when possible.

The new modules added to the discover, gather and brute sections are the following:

  • brutehttp: A brute forcer for HTTP servers.
  • extip : A tool to known your external IP address. Very useful to check anonymous proxies.
  • nmbstat : A tool to gather NetBIOS information.
  • ipscan : A tool to make IP protocol scans. The tool check what IP protocols are enabled in the target.
  • arppoison: A tool to poison target’s ARP cache

You can download Inguma 0.0.6 here:

Inguma 0.0.6

Or read more here.

Technorati Tags: , , , , , , , ,

Pcapy - Python Interface to LibPcap

Published at December 19, 2007 in Network Hacking, Applications, Programming and Articles. Comments

Pcapy is a Python extension module that interfaces with the libpcap packet capture library. Pcapy enables python scripts to capture packets on the network. Pcapy is highly effective when used in conjunction with a packet-handling package such as Impacket, which is a collection of Python classes for constructing and dissecting network packets.

Advantages of Pcapy

Works with Python threads.
Functions in both UNIX with libpcap and Windows with WinPcap.
Provides a simpler Object Oriented API.

Requirements

A Python interpreter. Versions 2.1.3 and higher.
A C++ compiler. GCC G++ 2.95, as well as Microsoft Visual Studio 6.0 or MSVC 2003 depending on the Python version.
A Libpcap 0.9.3 or newer. Windows users should have installed WinPcap 4.0 or newer.

Download Pcapy here:

Source code

Latest stable release (0.10.5) - gzip’d tarball or zip file

Win32 binaries - Pick the appropriate Python or WinPcap version.

Latest release (0.10.5) - Windows installer – Python 2.5 and WinPcap 4.0.
0.10.4 - Windows installer – Python 2.4 and WinPcap 3.1.

Or read more here and the documentation is here.

Technorati Tags: , , , , , , , ,