Archive for the 'Penetration Testing' Category

WifiZoo v1.3 Released - Passive Info Gathering for Wifi

Published at April 22, 2008 in Penetration Testing, Hacking Tools, Wireless Hacking, Applications and Articles. Comments

WifiZoo is a tool to gather wifi information passively. It is created to be helpful in wifi pentesting and was inspired by ‘Ferret‘ from Errata Security.

The tool is intended to get all possible info from open wifi networks (and possibly encrypted also in the future, at least with WEP) without joining any network, and covering all wifi channels.

WifiZoo does the following:

  • gathers bssid->ssid information from beacons and probe responses
  • gathers list of unique SSIDS found on probe requests
  • gathers the list and graphs which SSIDS are being probed from what sources
  • gathers bssid->clients information and outputs it in a file that you can later use with graphviz and get a graph with “802.11 bssids->clients”.
  • gathers ‘useful’ information from unencrypted wifi traffic (ala Ferret,and dsniff, etc); like pop3 credentials, smtp traffic, http cookies/authinfo, msn messages,ftp credentials, telnet network traffic, nbt, etc.

You can download WifiZoo v1.3 here:

wifizoo_v1.3.tgz

Or read more here.

Technorati Tags: , , , , , ,

Inguma 0.0.7.2 Released for Download - Penetration Testing Toolkit

Published at March 19, 2008 in Penetration Testing, Applications, Articles and Security. Comments

For those that don’t know, Inguma is an open source penetration testing and vulnerability research toolkit written completely in Python. The environment is mainly oriented to attack Oracle related systems but, anyway, it can be used against any other kind of systems.

It’s becoming a mature and useful package! I’m glad to see continued developing and especially that they are concentrating on fixing bugs and improving the modules rather than adding loads of new features and just making it worse.

In this version there is new modules added, new exploits, many many bug fixes and the enhancing of existing modules, such as the Oracle related stuff.

PyShellcodelib has been enhanced as well and now supports Mac OS X. But, for the moment, just BSD syscalls. Mac syscalls implementation is on the way. You will also notice that it is now object oriented as opposed to the previous versions.

Among with the aforementioned changes, there are 5 new Oracle modules: 4 modules for bugs fixed in the Critical Patch Update of
January 2008 and one skr1pT k1|>i3 like module for the Oracle PL/SQL gateway flaw. Give to the module the target’s address and port and run “oragateway”. The module will automagically guess the correct DAD and bypass technique. After it an SQL terminal will be opened.

The new modules added to the framework are the following:

  • nikto: A plugin that uses Nikto based databases (Thanks you Sullo!).
  • archanix: As you may imagine, it gathers information from archaic Unix services.
  • brutesmtp: A brute forcer for SMTP servers.
  • anticrypt: A tool to guess the encryption algorithm of a password’s hash. It saves a lot of time when auditing passwords.

They are also getting the documentation together (this is the first release) on the Wiki here:

http://inguma.wiki.sourceforge.net

You can download Inguma 0.0.7.2 here:

Inguma 0.0.7.2

Or read more here.

Technorati Tags: , , , , , , , ,

Nessconnect 1.0.1 Released - GUI, CLI & API Client for Nessus

Published at February 26, 2008 in Penetration Testing, Applications, Articles and Security. Comments

Nessconnect is an open-source software package that can connect to a Nessus or Nessus compatible server and provides an advanced graphical user interface. It also provides a command line interface, and an application programming interface in Java. Users can create custom scan profiles, generate extensive reports, and perform differential scans and analysis. Nessconnect was previously known as Nessj and Reason.

Features

Nessconnect provides an alternative interface over the standard Nessus client. It allows the user to customize the scanning preferences and available plug-ins based on a wide range of criteria. In addition to an improved graphical user interface, Nessconnect provides customized session management with templates, allowing the user to create multiple templates for different testing scenarios.

Reports are generated in XML, and XSLT style sheets can be used to easily produce customized reports, including charts/graphs. Nessconnect also supports vulnerability trending, allowing you track hosts vulnerabilities across multiple scans over a certain period. And if you prefer not to use a GUI, all these features are available via the command line.

The old Nessus interface was pretty bad, especially the Windows one, the Linux GUI was so much better and the HTML reports generated were so much better. If you like this, you can use it on both because it’s in Java it’s cross-platform.

I’m glad someone finally put some effort into an updated GUI even though Nessus is not quite so ‘free’ now.

What’s new?

  • Promoted project from beta to stable.
  • Graphical user interface layout changes.
  • Changed command line interface arguments.
  • Added the beginnings of some documentation.
  • Fixed sorting of addresses and ports; thanks to Richard van den Berg.
  • Fixed shell scripts to better handle XULRunner embedding.
  • Fixed UNC path handling issue in URLs.
  • Increased default heap size to 1 GB.
  • Name change from Nessj to Nessconnect.
  • Ownership change from Intekras to Idealogica.
  • Updated libraries.

It is of course also free and open-source.

You can download Nessconnect here:

Nessconnect (current) 1.0.1

Or read more here.

Technorati Tags: , , , , , , ,

Russix - LiveCD Linux Distro for Wireless Penetration Testing & WEP Cracking

Published at February 20, 2008 in Penetration Testing, Linux Hacking, Wireless Hacking, Linux, Applications and Security. Comments

It looks like it might be time to update our very well received list of the 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) since we have Russix now and Backtrack new version is on the way out.

Russix is a Slax based Wireless Live Linux. It has been designed to be light (circa 230Mb) and dedicated purely to wireless auditing.

It is not a script kiddy phishing tool and as such, while it will allow you to break a WEP key in 6 key strokes and conduct an “Evil Tiny Twin” attack in less than 5, it will not let you become the latest version of Barclays Bank.

Russix evolved from an internal UK Military Wireless auditing tool (debian based) which russ had developed while working for them as a penetration tester.

Russix is a free download for auditing. It scripts together several WLAN attacks and will allow the user to break a WEP key in about 6 keystrokes! It will not be modified by us to make it into a phishing tool as that would be evil.

It comprises a number of tools including aircrack-ng, cowpatty, asleap, nmap, wireshark, hydra, as well as scripted attacks to aid cracking WEP and WPA networks. Currently, it only supports Atheros based chipsets and those of you lucky enough to own 2 atheros cards will be able to use the scripted Evil Twin attack.

Interested in hearing any feedback you may have or improvements you can make.

You can download it here:

Built on 9th Dec 2007: Download latest version

Or read more here.

Technorati Tags: , , , , , , , , , ,

Inguma 0.0.6 - Free Pen-testing Framework

Published at December 19, 2007 in Penetration Testing, Applications, Articles and Security. Comments

Quite a few people seem to be interested in this tool, so here is the latest revision - Inguma 0.0.6.

For those that don’t know, Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler.

In this new version various things have been added like new modules and improvements in the existing ones. For example the Oracle modules. The Oracle payloads now uses the Cursor Injection method when possible so CREATE PROCEDURE system privilege is not needed to become DBA.

The support for InlineEgg, added in version 0.0.5.1, have been removed and a new completely free library have been added (PyShellCodeLib).

The static analysis framework OpenDis have been enhanced and now you can use the API exposed by OpenDis to write your own binary static analysis tools. As an example of the API, a tool to make binary diffs have been added. Take a look to the file $INGUMA_DIR/dis/asmdiff.py and to the README stored in the same directory.

New 5 exploits for Oracle Databases have been added and the module “sidguess” have been enhanced to retrieve the SID of the database instance from the Enterprise Manager/Database Control banner when possible.

The new modules added to the discover, gather and brute sections are the following:

  • brutehttp: A brute forcer for HTTP servers.
  • extip : A tool to known your external IP address. Very useful to check anonymous proxies.
  • nmbstat : A tool to gather NetBIOS information.
  • ipscan : A tool to make IP protocol scans. The tool check what IP protocols are enabled in the target.
  • arppoison: A tool to poison target’s ARP cache

You can download Inguma 0.0.6 here:

Inguma 0.0.6

Or read more here.

Technorati Tags: , , , , , , , ,