The proxy analyzes problems such as cross-site script inclusion threats, insufficient cross-site request forgery defenses, caching issues, potentially unsafe cross-domain code inclusion schemes and information leakage scenarios, and much more.

Why Ratproxy?

There are numerous alternative proxy tools meant to aid security auditors - most notably WebScarab, Paros, Burp, ProxMon, and Pantera. Stick with whatever suits your needs, as long as you get the data you need in the format you like.

That said, ratproxy is there for a reason. It is designed specifically to deliver concise reports that focus on prioritized issues of clear relevance to contemporary web 2.0 applications, and to do so in a hands-off, repeatable manner. It should not overwhelm you with raw HTTP traffic dumps, and it goes far beyond simply providing a framework to tamper with the application by hand.

You can download Ratproxy here:

ratproxy-1.51.tar.gz

Or read more here.

The tool should run on Linux, *BSD, MacOS X, and Windows (Cygwin). Since it is in beta, there might be some kinks to be ironed out, and not all web technologies might be properly accounted for.

Technorati Tags: cross-site-scripting, hacking, Hacking Tools, hacking-web-applications, ratproxy, Web Hacking, web security assessment, web-application-security, XSS

PAW / PAWS is a wardialing software in python. It is designed to scan for ISDN (PAWS only) and “modern” analog modems (running at 9.6kbit/s or higher). Wardialing tools are - despite their martialic naming - used to find nonauthorized modems so one can disable those and as result make access to the internal network harder.

For PAW list all numbers you want to be dialed into the (text) file “dial.lst”, one in each line - numbers only, no spaces, plus signs, dashes or slashes please.

For PAWS the numbers are accompanied by the ISDN modes to be tested in the (text) file “dial.lst” in the exact format you find in the example file (you can delete individual ISDN types, though), one in each line - numbers only, no spaces, plus signs, dashes or slashes please. A syntax check of any kind is effectively non-existant, so be careful.

Make sure the device your modem is attached to is set correctly in paw.py in the variable “tty” at the top of the file.

Then simply call “./paw.py” or “./paws.py” and watch - a verbatim full log will be written into paw_dialing.log where CR, LF and TAB will be translated into readable equivalents. For PAW an additional summary will be written as CSV file in paw_dialing.csv

You can download PAW/PAWS here:

paw.tar.gz (analog wardialer only)

paws.tar.gz (ISDN & analog wardialing)

Or read more here.

Technorati Tags: hacking pbx, hacking-phones, hacking-software, paw, python advanced wardialing system, war dialing, wardialer, wardialing, wardialing software

The original tool (bsqlbfv1.2-th.pl) was intended to exploit blind sql injection against a mysql backend database, this new version supports blind sql injection against the following databases:

• MS-SQL
• MY-SQL
• PostgreSQL
• Oracle

It supports injection in string and integer fields. The feature which separates this tool from all other sql injection tools is that it supports custom SQL queries to be supplied with the -sql switch.

It supports 2 modes of attack:

1. Type 0: Blind SQL Injection based on True And Flase response
2. Type 1: Blind SQL Injection based on True And Error Response(details)

You can download Bsqlbf V2 here:

bsqlbf-v2.1.zip

Or read more here.

Technorati Tags: blind-sql-injection, bsqlbf, hacking mysql, hacking sql, Hacking Tools, hacking-web-applications, ms-sql, mysql blind sql injection, Oracle, perl, perl script, postgres, sql-brute-force, sql-injection, sql-injection-tool

New Stuff

SAINT
SAINT has provided BackTrack users with a functional version of SAINT, pending a free request for an IP range license through the SAINT website, valid for 1 year.

Maltego
The guys over at Paterva have created a special version of Maltego v2.0 with a community license especially for BackTrack users. We would like to thank Paterva for co-operating with us and allowing us to feature this amazing tool in BackTrack.

Nessus
Tenable would not allow for redistribution of Nessus on BackTrack 3.

Kernel
2.6.21.5. Yes, yes, stop whining….We had serious deliberations concerning the BT3 kernel. We decided not to upgrade to a newer kernel as wireless injection patches were not fully tested and verified. We did not want to jeopardize the awesome wireless capabilities of BT3 for the sake of sexiness or slightly increased hardware compatibilities. All relevant security patches have been applied.

Tools
As usual, updated, sharpened, SVN’ed and armed to the teeth. This release we have some special features such as spoonwep, fastrack and other cool additions.

Availability

For the first time we distribute three different version of Backtrack 3:

• CD version
• USB version
• VMWare version

You can download BackTrack 3 Final here:

http://remote-exploit.org/backtrack_download.html

Or read more here.

Technorati Tags: auditor, backtrack, backtrack 3, backtrack hacking livecd, backtrack live hacking cd, hacking, Hacking Tools, hacking-livecd, live security cd, live-hacking-cd, livecd, maltego, metasploit, penetration-testing, saint, top hacking cds, whax

Features

• Support for Windows Vista SP1 and Windows Server 2008 added.
• Allows you to remove all registry entries corresponding to Network Adapter that is no longer physically installed on the system.
• Allows you to configure Internet Explorer HTTP proxy settings through configuration presets or command line.
• Issues with installer program resolved. (Thanks to all your feedbacks)
• Identifies the preset applied to currently selected Network Interface Card (NIC) automatically making it easy to identify settings.
• Most known issues with Windows Vista removed. (Thanks to all your feedbacks)
• Changes MAC address of Network Interface Card (NIC) including Wireless LAN Cards, irrespective of its manufacturer or its drivers.
• Has latest list of all known manufacturers (with corporate addresses) to choose from. You can also enter any MAC address and know which manufacturer it belongs to.
• Allows you to select random MAC address from the list of manufacturers by just clicking a button.
• Restarts your NIC automatically to apply MAC address changes instantaneously.
• Allows you to create Configuration Presets, which saves all your NIC settings and makes it very simple to switch between many settings in just a click and hence saves lot of time.
• Allows you to Import or Export Configuration Presets to or from another file, which saves lot of time spent in reconfiguration.
• Allows you to load any Configuration Presets when TMAC starts by just double clicking on any Configuration Preset File. (*.cpf file extension)
• Has command line interface which allows you to perform all the tasks from the command prompt or you can even create a DOS batch program to carry out regular tasks. (see help for command line parameter details)
• Allows you to export a detailed text report for all the network connections.
• Displays all information you would ever need to know about your NIC in one view like Device Name, Configuration ID, Hardware ID, Connection Status, Link Speed, DHCP details, TCP/IP details etc.

You can download Technitium v5 here:

Technitium-MAC-Address-Changer

Or read more here.

Technorati Tags: change mac address, change mac address windows, free-software, freeware mac changer, mac address changer, mac-changer, network-security, Security Software, technitium, technitium mac adress changer, tmac

Keep in mind other common tools fighting ARP poisoning usually limit their activity only to point out the problem instead of blocking it, ArpON does it using SARPI and DARPI policies.

Finally you can use ArpON to pentest some switched/hubbed LAN with/without DHCP protocol, in fact you can disable the daemon in order to use the tools to poison the ARP Cache.

However ArpON is also a good tool to a clever sysadmin aware of security related topics. It is a tool born to make ARP secure in order to avoid ARP Spoofing/Poisoning etc.

Static ARP Inspection

When SARPI starts, it saves statically all the ARP entries it finds in the ARP cache in a static cache called SARPI Cache. Note that you can also manage the ARP cache before starting SARPI, through the “ARP CACHE MANAGER” feature of ArpON.

Dynamic ARP Inspection

DARPI startup phase consists in cleaning up the ARP cache, deleting all of its entries. This is due because ARP cache may have poisoned entries from the beginning. DARPI handles the so called DARPI cache, applying different policies to different kinds of packets.

You can download ArpON here:

ArpON-1.10.tar.gz

Or read more here.

Technorati Tags: arp, arp handler, arp inspection, arp poisoning detection, arp protection, arp spoofing detection, arpon, Countermeasures, Network Hacking

• svmap - this is a sip scanner. Lists SIP devices found on an IP range
• svwar - identifies active extensions on a PBX
• svcrack - an online password cracker for SIP PBX
• svreport - manages sessions and exports reports to various formats

svmap
This is a sip scanner. When launched against ranges of ip address space, it will identify any SIP servers which it finds on the way. Also has the option to scan hosts on ranges of ports. For usage instructions check out SvmapUsage.

svwar
Traditionally a war dialer used to call up numbers on the phone network to identify ones that are interesting from ones that are not. With SIP, you can do something similar to identify active users.

svcrack
This is a password cracker making use of digest authentication. It is able to crack passwords on both registrar servers and proxy servers. It can make use of ranges of numbers or a dictionary file full of possible passwords.

svreport
Able to manage sessions created by the rest of the tools and export to pdf, xml, csv and plain text.

You can download SIPVicious v0.2.3 here:

sipvicious-0.2.3.tar.gz

Or read more here.

Technorati Tags: Hacking Tools, hacking voip, Network Hacking, Python, SIP, sip hacking, sipvicious, srv, svcrack, svmap, svreport, svwar, voip

This toolkit is a contribution to the wireless security/auditing community and, as the “Assistant” moniker implies, and is designed for the following groups of people:

• IT-security auditors and professionals who need to execute technical wireless security testing against wireless infrastructure and clients;
• IT professionals who have responsibility for ensuring the secure operation and administration of their organization’s wireless networks;
•  SME (Small & Medium Enterprise) and SOHO (SmallOffice-HomeOffice) businesses who do not have either the technical expertise or the resources to employ such expertise to audit their wireless networks;
• Non-technical-users who run wireless networks at home and who would like to audit the security of their wireless home networks and laptops but don’t know how.

You can download OSWA Assistant here:

oswa-assistant.iso

Or read more here.

Technorati Tags: Hacking Tools, hacking wifi, hacking-livecd, hacking-wireless, livecd, Network Hacking, owsa, owsa assistant, security-livecd, wifi, wifi-hacking, wifi-security, wireless auditing, Wireless Hacking, wireless hacking livecd, wireless-security

Metasploit is an advanced open-source exploit development platform used by most pen-testers. A tool we often mention here on Darknet.

On Monday the site was redirected to a page announcing the site was “hacked by sunwear ! just for fun“, as recorded by Sunbelt Software.

Unidentified miscreants used an ARP poisoning attack aimed at the network of Metasploit’s hosting provider in order to pull off the hack. The Metasploit project was quickly restored. H D Moore, the creator of the project, explained what happened in response to online reports of the hack.

“Another customer on the same ISP was compromised and used to ARP poison all servers in that subnet. I corrected the problem by setting a static ARP entry and notifying the ISP. To make it very clear - the metasploit.com servers were not compromised, nor have been to this date,” he said

So don’t worry, the Metasploit packages are safe as the server was NOT compromised it was a network level attack and a redirect rather than an actual intrusion.

Source: The Register

Technorati Tags: arp poisoning, arp-hijacking, defacement, domain hijacking, hd-moore, metaspoit, Web Hacking, web hijacking

It can scan IP addresses in any range as well as any their ports. It is cross-platform and lightweight. Not requiring any installations, it can be freely copied and used anywhere.

Angry IP scanner simply pings each IP address to check if it’s alive, then optionally it is resolving its hostname, determines the MAC address, scans ports, etc. The amount of gathered data about each host can be extended with plugins.

It also has additional features, like NetBIOS information (computer name, workgroup name, and currently logged in Windows user), favorite IP address ranges, web server detection, customizable openers, etc.

Scanning results can be saved to CSV, TXT, XML or IP-Port list files. With help of plugins, Angry IP Scanner can gather any information about scanned IPs. Anybody who can write Java code is able to write plugins and extend functionality of Angry IP Scanner.

In order to increase scanning speed, it uses multithreaded approach: a separate scanning thread is created for each scanned IP address. It is also cross platform running on Windows, Linux & Mac.

You can download Angry IP Scanner version 3.0-beta3 below:

Executable for Windows 2000/XP/Vista
Executable JAR for any distribution of Linux (32-bit)

Or read more here.

Technorati Tags: angry ip scanner, angry scanner, cross platform, fast port scanner, Hacking Tools, ip scanner, penetration-testing, port-scanner