Hiển thị các bài đăng có nhãn Hacking Tools. Hiển thị tất cả bài đăng
Hiển thị các bài đăng có nhãn Hacking Tools. Hiển thị tất cả bài đăng

[Tool Security] Windows Tools For Penetration Testing

Most penetration testers are using either a Mac or a Linux-based platform in order to perform their penetration testing activities.However it is always a good practice to have and a Windows virtual machine with some tools ready to be used for the engagement.The reason for this is that although Windows cannot be used as a main platform for penetration testing some of the utilities and tools can still help us to extract information from our windows targets.So in this post we will see some of the tools that we can use in our windows system.
HashCheck Shell Extension
The HashCheck Shell Extension makes it easy for anyone to calculate and verify checksums and hashes from Windows Explorer. In addition to integrating file checksumming functionality into Windows, HashCheck can also create and verify SFV files (and other forms of checksum files, such as .md5 files).
Netcat is often referred to as a “Swiss-army knife for TCP/IP”. Its list of features includes port scanning, transferring files, and port listening, and it can be used as a backdoor.
Metasploit Framework
The Metasploit Project is a computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
RealVNC Viewer

Remote access software for desktop and mobile platforms.
SNMP tool that allows you to collect information about SNMP devices.
Cain & Abel
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development.
PuTTY is an SSH and telnet client for the Windows platform.
Pass The Hash Toolkit
The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes.
Recovering Windows Password Cache Entries.
Identify unknown open ports and their associated applications.
This is a command-line tool that scans for open NETBIOS nameservers on a local or remote TCP/IP network, and this is a first step in finding of open shares.
Burp Suite
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

Winfo uses null sessions to remotely try to retrieve lists of and information about user accounts, workstation/interdomain/server trust accounts, shares (also hidden), sessions, logged in users, and password/lockout policy, from Windows NT/2000/XP. It also identifies the built-in Administrator and Guest accounts, even if their names have been changed.
ClearLogs clears the event log (Security, System or Application) that you specify. You run it from the Command Prompt, and it can also clear logs on a remote computer.
SQLdict is a dictionary attack tool for SQL Server.
PMDump is a tool that lets you dump the memory contents of a process to a file without stopping the process.
GrabItAll performs traffic redirection by sending spoofed ARP replies. It can redirect traffic from one computer to the attackers computer, or redirect traffic between two other computers through the attackers computer. In the last case you need to enable IP Forwarding which can be done with GrabItAll too.
DumpUsers is able to dump account names and information even though RestrictAnonymous has been set to 1.
BrowseList retrieves the browse list. The output list contains computer names, and the roles they play in the network. For example you can see which are PDC, BDC, stand-alone servers and workstations. You can also see the system comments (which can be very interesting reading).
Remoxec executes a program using RPC (Task Scheduler) or DCOM (Windows Management Instrumentation).
Brute-force tool for Windows Management Instrumentation (WMI).
Venom is a tool to run dictionary password attacks against Windows accounts by using the Windows Management Instrumentation (WMI) service. This can be useful in those cases where the server service has been disabled.
The SMB Auditing Tool is a password auditing tool for the Windows-and the SMB-platform. It makes it possible to exploit the timeout architecture bug in Windows 2000/XP, making it extremly fast to guess passwords on these platforms.
RPCScan v2.03 is a Windows based detection and analysis utility that can quickly and accurately identify Microsoft operating systems that are vulnerable to the multiple buffer overflow vulnerabilities released in the MS03-026 and MS03-039 bulletins.
LSASecretsDump is a small console application that extract the LSA secrets from the Registry, decrypt them, and dump them into the console window.
SQL Ping is a nice little command line enumerator that specifically looks for SQL servers and requires no authentication whatsoever.
The Oracle Auditing Tools is a toolkit that could be used to audit security within Oracle database servers.
Extract password hashes from local user accounts.
The PsTools package provides a set of command line utilities that allow you to manage local and remote systems.
Incognito is a tool for manipulating windows access tokens and is intended for use by penetration testers, security consultants and system administrators.
DumpSec is a security auditing program for Microsoft Windows® NT/XP/200x. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable format, so that holes in system security are readily apparent. DumpSec also dumps user, group and replication information.
X-Deep/32 is an X Window Server for Windows NT/2000/9X/ME/XP that can be used to connect to host systems running UNIX, LINUX, IBM AIX etc.
Windows password cracker.
Ophcrack is a free Windows password cracker based on rainbow tables.
SiVus is the first publicly available vulnerability scanner for VoIP networks that use the SIP protocol. It provides powerful features to assess the security and robustness of VoIP implementations.

Nguồn Blog

Xem Thêm


CodeXploiter 1.0 - Tìm kiếm các lỗ hổng trong các file PHP

CodeXploiter is a White-Box scanner used for finding vulnerabilities in PHP files. It scans PHP source code files automatically based on selected rules and configurations.
CodeXploiter helps security professionals to highlight possible vulnerabilities in a timely manner by automating the process of source code analysis. As a result this will let security professionals focus more on vulnerability research and exploit development.
CodeXploiter has a user-friendly interface that suits the needs of security professionals and average users who are interested in the field of vulnerability research and exploit development.

  • Detects common vulnerabilities such as:
    • SQL Injection
    • Cross Site Scripting (XSS)
    • Remote/Local File Inclusion
    • PHP Code Execution
    • Command Execution
    • File Access
    • File Upload
  • Searches for vulnerabilities in user-defined functions
  • Customizable scan options
  • Vulnerabilities are grouped based on file names and vulnerability type
  • Scan single or multiple files
  • Fast scanner
  • Easy to use and user-friendly Graphical User Interface (GUI)

Download Details:
  • Version: 1.0
  • Size: 3.71 MB
  • System Requirements: Microsoft Windows 8, Microsoft Windows 7, Windows Vista, or Windows XP

Xem Thêm


Perl Attack Tools

Giới thiệu về tính năng các lựa chọn trong menu mình sẽ giới thiệu sau. Đây là demo của em nó!
[Hình: talent.PNG]
***mình hi vọng tool được ủng hộ và phát triển ở Việt Nam. Mọi sự sao chép mong các bạn tôn trọng bản quyền của tác giả
Thanks to -->Persia Security Group<--
links: http://www.mediafire.com/?nq8o41fyfqtisah
pass: talentkong@ceh.vn

Xem Thêm


Xenotix XSS Exploit Framework v.2 Released

Xenotix XSS Exploit Framework is a penetration testing tool to detect and exploit XSS vulnerabilities in Web Applications. This tool can inject codes into a webpage which are vulnerable to XSS.
test report.


Built in XSS Payloads
XSS Key logger
XSS Executable Drive-by downloader
Automatic XSS Testing
XSS Encoder
 XSS Reverse Shell (new)

Download: https://www.owasp.org/index.php/File:Xenotix_XSS_Exploit_Framework_2013_v2.zip

Xem Thêm


CodeXploiter 1.0 - Tìm kiếm các lỗ hổng trong các file PHP

CodeXploiter is a White-Box scanner used for finding vulnerabilities in PHP files. It scans PHP source code files automatically based on selected rules and configurations.
CodeXploiter helps security professionals to highlight possible vulnerabilities in a timely manner by automating the process of source code analysis. As a result this will let security professionals focus more on vulnerability research and exploit development.
CodeXploiter has a user-friendly interface that suits the needs of security professionals and average users who are interested in the field of vulnerability research and exploit development.

 CodeXploiter 1.0 - Tìm kiếm các lỗ hổng trong các file PHP | Juno_okyo's Blog | http://junookyo.blogspot.com/ 
  • Detects common vulnerabilities such as:
    • SQL Injection
    • Cross Site Scripting (XSS)
    • Remote/Local File Inclusion
    • PHP Code Execution
    • Command Execution
    • File Access
    • File Upload
  • Searches for vulnerabilities in user-defined functions
  • Customizable scan options
  • Vulnerabilities are grouped based on file names and vulnerability type
  • Scan single or multiple files
  • Fast scanner
  • Easy to use and user-friendly Graphical User Interface (GUI)

Download Details:
  • Version: 1.0
  • Size: 3.71 MB
  • System Requirements: Microsoft Windows 8, Microsoft Windows 7, Windows Vista, or Windows XP

Xem Thêm


CK Hash Cracker

CK Hash Cracker | Juno_okyo's Blog

CK_HASH_CRACKER VERSION 3.0 Download Link: Click Here

__Change Log__
Hash Identifier Modified
Online Database Checker Bug Fixed And Works Faster
Offline Database Search Engine Modified
Rainbow Table Algorithm Added

How To Add Additional Database Release?

After Installation with the Default Settings, A Folder Named CK_Hash_Cracker Verion 3.0 will be Created in Root Directory/Program Files, which is mostly C: Drive, So that path will Be C:\Program Files\CK_Hash_Cracker-Version 3.0; under This Folder There Are Two Folders Named "Brute" And "DatabaseConnector"

Files Under "Brute" Folder Is Used For BruteForcing, Make Sure If You Place Additional WordList, You Do Not Have Duplicate Words, Otherwise It will just increase the Time. You Can Place Files With Any Name Under This Folder, It Will Work Fine, until the Files Are in Readable Format

Files Under "DatabaseConnector" Are The Offline Database, So For Any Database Releases, After Downloading Databases, Put The Files Under "DatabaseConnector" Folder And Thats It, The Tool Will Automatically Upgrade The Database.

Its Has A Self-Installer, So To Install, Just Run The Setup file. To Uninstall, You Can Remove It From Control Panel Or From The Self Uninstaller.

If You Get Error At Run-Time, Probably You Do Not Have The Microsoft Visual C++ 2008 Installed, The Application doesn't need Python To Run, But It Needs The Run-Time Components. You Get The Download Packages From Here:

For Windows 32 bit: Click Here

For Windows 64 bit: Click Here

And Then Try Running The Application.
CK_Hash_Cracker (Version 3.0) Download Link: Click Here

Xem Thêm


Exidous CMD Shell

Connect to shell
Exidous CMD Shell | Juno_okyo's Blog

Exidous CMD Shell | Juno_okyo's Blog

XSA Tool
Exidous CMD Shell | Juno_okyo's Blog

Getting Username
Exidous CMD Shell | Juno_okyo's Blog

Going to that directory
Exidous CMD Shell | Juno_okyo's Blog

Dir Listing
Exidous CMD Shell | Juno_okyo's Blog
Just For Fun (/etc/passwd)


Xem Thêm


Smart Hunter v.1.4.3 Public Version

Smart Hunter v.1.4.3 Public Version | Juno_okyo's Blog 
Smart Hunter v.1.4.3 Public Version | Juno_okyo's Blog

Download : http://adf.ly/FRrSF

Xem Thêm


[OPEN SOURCE] vnLoader - HTTP Bot - DL/Exec, Update, Visit - [UDP | HTTP Flood] [VB6]

[Image: logoxx.png]

Hey guys!
I'm presenting my HTTP Bot called 'vnLoader' i was coding it about 1 year ago for a couple of months. I don't use it anymore so I gonna share this with you.
It only lays around on my computer. So why not giving something to the community.

About the Bot:
  • Coded in VB6
  • Startup (of course)
  • Mutex (of course)
  • Copy & Paste UAC Bypass
  • Commands:
    • Download & Execute
    • Update
    • Remove
    • Visit Website (visible/hidden)
    • UDP Flood
      > attacks random ports
    • HTTP Flood
      > if server is vulnerable to Slowloris -> Slowloris attack
      > else -> HTTP Get Flood
  • Uses Sockets to connect!
About the Webpanel:
  • Coded in PHP ( + a bit Javascript )
  • High customizable taskcreation
  • Statistics, Botlist, Tasklist, etc.
  • Account system (take a look at the picture below)

Screenshots of the Webpanel:
How to install the Webpanel:
  • 1. Create a mysql database (won't explain how that works)
  • 2. After downloading the source browse to your php files.
  • 3. Open "sql.inc.php" and configure it to your mysql server/database
    PHP Code:
  • 4. Upload everything to your webserver
  • 5. Browse in your Internet Browser to http://yourserver.com/yourwebpanel/install.php
  • 6. Enter a username and a password for your webpanel and click "Install". Wait until the script is done.

How to compile the bot:
  • 1. Open the project in your Visual Basic 6.0 IDE
  • 2. Search for "Form_Load" in Form1
  • 3. Configure it like this.
    'FOR EXAMPLE OUR WEBPANEL IS HERE: http://someserver.com/vnloader/

    Server = "someserver.com"  'Your Domain (without: "http://" or "www.")
    Prefix = "/vnLoader/"  'Path to the folder of the webpanel
    Password = "updateandremovepassword"    'Password for the update command
    Mutex = "Something Random Here"  'Mutex
    StartUp = "Startupkey"    'Startupkey
  • 4. Compile
  • 5. ???
  • 6. Profit

Enjoy anyone (:
If you have questions ask here in thread, do not PM me since PM limit is 50, wich is reached fastly.
Also search in the thread if you have problems. Maybe someone already solved them :b

Ahhh, by the way what i almost missed.
I'm not responsible for what you do with this :P

Xem Thêm


DaRKDDoSeR 5.6c Cracked


Xem Thêm


Pangolin Professinal Edition

Pangolin Professinal Edition
Pangolin is a penetration testing, SQL Injection test tool on database security. It finds SQL Injection vulnerabilities.Its goal is to detect and take advantage of SQL Injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user"s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.

Database support:

Access,DB2,Informix,Microsoft SQL Server 2000,Microsoft SQL Server 2005,Microsoft SQL Server 2008,MySQL,Oracle,PostgreSQL,Sqlite3,Sybase.


Xem Thêm


JSky 3.5.1

New Feature and improvement
1. Add tens of new vulnerabilities definition.
2. Enhanced SQL Injection ability.
3. Add ability to process a special HTTP 404 redirection page.
4. Add a new parameter to control scanning process when HTTP connection failed.
5. Add new function report template editor.
6. Enhanced HTML report.
7. Support vulnerabilities sorting by URL type.

Bug fixed:
1. Fixed bug failed to display HTML info after scan a default page.
2. Fixed bug when export report to Chinese directory.
3. Fixed issue Max scan links.
4. Fixed some other Bugs. 

Download: http://www.box.com/s/t54go352u6o3qu2sln2s

Xem Thêm


Hướng tẫn tạo 1 con bot đơn giản

Download: http://www.mediafire.com/?dtdxmydmrht
Password: sinhvienit.net

Xem Thêm


IMMonitor Yahoo Messenger Spy v2.2.9.(Full)

IMMonitor Yahoo Messenger Spy cho phép bạn theo dõi, khoá lại hoặc ghi lại các đoạn đối thoại chat trên Yahoo Messenger từ xa. Nếu con cái bạn (hay vợ, chồng bạn!) đang dành quá nhiều thời gian để chat trên Yahoo Messenger? hay bạn nghi ngờ họ dính líu tới những cuộc thoại nguy hiểm, Nếu vậy thì IMMonitor Yahoo Messenger Spy là lựa chọn tốt nhất cho bất kì ai cần thông tin về chuyện này, thật nhanh chóng và bí mật. Nó dễ sử dụng và không cần phải cài đặt trên máy đích cần theo dõi. Sẽ không ai biết rằng các cuộc đối thoại trên Yahoo Messenger của họ đang bị khoá hay ghi lại và nó sẽ không bao giờ ngừng hoạt động trừ phi bạn đóng nó lại.

Các tính năng:

  • Ghi lại và lưu giữ các cuộc đối thoại qua Yahoo Messenger trên ở bất cứ máy tính nào trong mạng lưới.
  • Ghi lại hoặc khoá các cuộc đối thoại trên qua Yahoo Messenger.
  • Xuất các tin nhắn bị chặn ra file HTML.
  • Tự động gửi báo cáo về cuộc chat qua email để xem từ xa.
  • Bảo vệ bằng mật khẩu và phím nóng.
  • Hoạt động ở chế độ lén lút.
  • Bắt đầu ghi lại ngay từ khi mới khởi động chương trình.
  • Sử dụng an toàn, dễ dàng và mạnh mẽ

LINK DOWNLOAD: http://www.mediafire.com/?qnbq246tbbq40a7

Giải nén, chạy file yahoochecker cài đặt bình thường. cài xong copy file patch vào thư mục cài đặt và chạy nó


Khởi động lại máy là xong.

Xem Thêm


Một số công cụ xem Password

Vận dụng tính năng lưu lại các password của các phần mềm, các công cụ sau sẽ giúp ta lấy lại các mật khẩu này:

IE Passview
- Hỗ trợ IE7
- Recovery password lưu trữ trên IE gồm: AutoComplete, HTTP Authentication, FTP

Mail PassView
Xem và Export Password account Outlook Express, MS Outlook, Windows Mail,…

Password Outlook .PST file


Xem password Dialup/RAS/VPN

Công cụ hiển thị các password trực tiếp trên các textbox (dấu *)
Trả lời với trích dẫn

Xem Thêm


Một số công cụ "hack" miễn phí

Một số công cụ "hack" miễn phí

Nếu bạn là người ưa thích tìm hiểu, khám phá về phần mềm và những lĩnh vực có liên quan, chắc chắn sẽ phải cần đến bộ tổ hợp công cụ dùng để hack. Trong bài viết dưới đây, chúng tôi sẽ giới thiệu với các bạn một số chương trình hỗ trợ trực tuyến khá phổ biến và được nhiều người sử dụng.

1. Date Cracker 2000:

Date Cracker 2000 là 1 chương trình hỗ trợ có thể giúp người dùng xóa bỏ chế độ bảo vệ chương trình có liên quan đến thời gian sử dụng. Cách thức này rất có ích với những phần mềm có thời hạn dùng thử, cụ thể khi tiến hành áp dụng bằng Data Cracker 2000 thì trên chương trình đó của bạn sẽ hiển thị thông tin như There are 90 days remaining in your trial period. Nhưng đối với những ứng dụng được áp dụng kỹ thuật bảo vệ quá kỹ càng thì cách này không thực hiện được.

2. Advanced Port Scanner:

Đây là 1 tiện ích nhỏ gọn, với dung lượng vô cùng bé, tốc độ hoạt động nhanh chóng với chức năng chính là quét các cổng đang hoạt động trên hệ thống. Tất cả những gì bạn cần làm là điền địa chỉ IP của máy tính cần kiểm tra, chương trình sẽ lập tức liệt kê và hiển thị cụ thể những thông tin trên từng cổng:


3. Ophcrack:

Ứng dụng đầy “sức mạnh” này có thể dễ dàng bẻ khóa hoặc khôi phục bất cứ mật khẩu nào đối với người sử dụng hệ điều hành Windows.

4. RAR Password Cracker:

Đây chắc chắn là công cụ không thể thiếu đối với bất kỳ người sử dụng nào, với khả năng có thể tìm và bẻ khóa bất kỳ mật khẩu bảo vệ nào của file RAR.

5. PC Activity Monitor:

Với cơ chế hoạt động vô cùng nhẹ nhàng nhưng cũng rất hiệu quả, PC Activity Monitor gần như không gây ra bất kỳ ảnh hưởng nào đến hệ điều hành, do vậy rất phù hợp với những mô hình hệ thống với số lượng máy tính bất kỳ. Chức năng chính của PC Activity Monitor là giám sát và thu thập toàn bộ thông tin của người dùng trên máy tính, và tất cả những thông tin dữ liệu này đều được mã hóa thành file log duy nhất, sau đó sẽ được gửi đến địa chỉ email bí mật của người điều khiển đã thiết lập trước đó.

6. Cain & Abel:

Nếu muốn khôi phục mật khẩu của các tài khoản sử dụng trong hệ điều hành của Microsoft, các bạn hãy dùng Cain & Abel. Dễ dàng bắt các gói dữ liệu được truyền tải qua hệ thống mạng, bẻ khóa mật khẩu dựa vào phương pháp Dictionary, Brute – Force và Cryptanalysis, ghi lại các đoạn hội thoại VoIP...


7. SpyRemover Pro 3.05:

Với khả năng nhận dạng và tiêu diệt tới hơn 140.000 loại chương trình độc hại khác nhau, bao gồm: virus, spyware, adware, trojan... đây chắc chắn là công cụ bảo mật hỗ trợ không thể thiếu dành cho bất kỳ người sử dụng Windows nào.


[LEFT]8. Nikto:

Đây là 1 hệ thống web server mã nguồn mở - Open Source (GPL) có khả năng thực hiện các cuộc kiểm tra toàn diện đối với nhiều thành phần hỗ trợ khác nhau, bao gồm hơn 3500 file dữ liệu với mức độ nguy hiểm khác nhau, tương thích với hơn 900 phiên bản server...

9. SuperScan:


10. Yersinia:

Là 1 công cụ phục vụ trong các hệ thống mạng, nền tảng kỹ thuật vững chắc để kiểm tra, đánh giá và phân tích những hệ thống mạng ảo, qua đó dễ dàng xây dựng và đánh giá những thành phần cần thiết khi đưa vào áp dụng thực tế.


11. PuTTY:

PuTTY là trong cổng SSH client để kết nối tới chuẩn Nokia 9200 Communicator, phiên bản hiện tại của ứng dụng bao gồm một số dịch vụ hỗ trợ giao thức SSH, bộ giả lập câu lệnh Terminal và giao diện dòng lệnh quen thuộc với người sử dụng.


12. Nessus:

Với chức năng chính là rà soát để phát hiện các lỗ hổng an ninh trong các hệ thống và ứng dụng, tự động kiểm tra cấu hình, phát hiện và khôi phục dữ liệu, phân tích và báo cáo cụ thể về tình hình bảo mật hiện thời. Hiện tại, Nessus được phân phối tùy theo yêu cầu của khách hàng và quy mô cụ thể của từng hệ thống.


13. Hping:

Đây là 1 công cụ phân tích gói dữ liệu TCP/IP dựa trên giao diện dòng lệnh, được chia theo 8 chức năng cụ thể khác nhau, không chỉ hỗ trợ việc gửi thông tin ICMP tới cho các thành phần yêu cầu trong hệ thống, Hping còn hỗ trợ các giao thức khác như TCP, UDP, ICMP và RAW-IP.

14. coWPAtty:

Chức năng chính của coWPAtty khi hoạt động trong bất kỳ hệ thống nào là kiểm tra và đảm bảo độ bảo mật, an toàn của những thành phần được chia sẻ đối với hệ thống WiFi Protected Access (WPA).


15. DumpAutoComplete v0.7:
Ứng dụng này có khả năng tìm kiếm phần profile mặc định trong Firefox của tài khoản người dùng đã từng sử dụng công cụ và có tác động đến bộ phận cache AutoComplete của định dạng XML. Bên cạnh đó, những file AutoComplete có thể được gửi tới một số chương trình để phân tích. Điểm mạnh của công cụ này là hiểu được hầu hết cách thức hoạt động của hệ thống dựa trên các file autocomplete (với Firefox 1.x) cũng như dữ liệu lưu trữ dựa vào SQLite (Firefox 2.x).

Chúc các bạn thành công!

Xem Thêm


[Tool] Joomscan Security Scanner - Update 611 lỗ hổng của Joomla

Hi All,

Nhóm Web-center Security Team của Slovenia vừa update phiên bản mới cho công cụ quét lỗ hổng mang tên Joomscan.

Joomscan là công cụ nhỏ gọn viết bằng ngôn ngữ PERL,dùng scan ứng dụng Joomla.

Ở lần update này,database lỗ hổng đã tăng lên 611 vuls so với 550 vuls vào tháng 11 năm ngoái.

Có thể update thông qua command-line (terminal) bằng lệnh :

./joomscan.pl update

Cú pháp sử dụng khá đơn giản :

- Để scan website uns.vn ta sử dụng : ./joomscan.pl -u uns.vn
- Chi tiết các options : ./joomscan.pl

- Windows : http://web-center.si...an/joomscan.rar
- Linux : http://web-center.si...joomscan.tar.gz

Các bạn có thể download source về để optimize và bỏ vào toolbox.

Xem Thêm


Fierce Domain Scan

Written by RSnake with input from id, Vacuum and Robert E Lee. A special thanks to IceShaman to porting it to use multi-threading.
Fierce domain scan was born out of personal frustration after performing a web application security audit. It is traditionally very difficult to discover large swaths of a corporate network that is non-contiguous. It's terribly easy to run a scanner against an IP range, but if the IP ranges are nowhere near one another you can miss huge chunks of networks.

First what Fierce is not. Fierce is not an IP scanner, it is not a DDoS tool, it is not designed to scan the whole internet or perform any un-targeted attacks. It is meant specifically to locate likely targets both inside and outside a corporate network. Only those targets are listed (unless the -nopattern switch is used). No exploitation is performed (unless you do something intentionally malicious with the -connect switch). Fierce is a reconnaissance tool. Fierce is a PERL script that quickly scans domains (usually in just a few minutes, assuming no network lag) using several tactics.
First it queries your DNS for the DNS servers of the target. It then switches to using the target's DNS server (you can use a different one if you want using the -dnsserver switch but this can cause problems if the server you use won't tell you information about other people's sites and of course you won't find much relevant internal address space). Fierce then attempts to dump the SOA records for the domain in the very slim hope that the DNS server that your target uses may be misconfigured. Once that fails (because it almost always will) it attempts to "guess" names that are common amongst a lot of different companies. Don't ask me where I got the list, it's just a list of names that id and I have seen all over the place. I thought about adding a dictionary to this, but I think that would take a lot longer, and given that very few of the words are dictionary words I don't think this would add a lot of value.
Next, if it finds anything on any IP address it will scan up and down a set amount (default 5 but you can expand it with -traverse or increase it to the entire subnet with -wide) looking for anything else with the same domain name in it using reverse lookups. If it finds anything on any of those it will recursively scan until it doesn't find any more. In this way it ends up looping a lot, and the bigger the domain is the more you get back. The reason Fierce automatically switches to using the target's DNS server is so that it can probe the Intranet (RFC1918) of the target, assuming the target uses a single DNS server for both their Intranet and external sites.
I also added a random call to something that should fail to test for wildcard DNS. If it's found, the wildcard is discarded to reduce erroneous results. That doesn't speed up the scan because it still needs to check to see if the test resolves back to IP address that the wildcard is pointing to. However it does reduce false positives.
Also, I've added a "search" option that allows you to find other non-related domain names. For example, let's say my target's domain is widget.com but I know they have email addresses like soandso@widgetcompany.com and own another company called nutsandbolts.com I can add search queries. This won't scan for those domains, but if those names pop up, it won't ignore them. Fierce will report on anything inside the search pattern as long as it matches. If you want everything I guess you could put a,b,c,...,x,y,z but I'll probably make something in the future to allow for scanning/reporting the entire C block once anything is found in it that matches the DNS string. Here's the syntax:
perl fierce.pl -dns widget.com -search widgetcompany,nutsandbolts
I also realized it can be a little bad about finding everything in a class C if the target used non-contiguous blocks within the class C. To deal with that I built in a function to allow a scan (of only C blocks). This is also really useful for scanning intranets if the DNS is poorly configured. I might expand on this later.
perl fierce.pl -range -dnsserver ns1.example.com
As an alternative, you can use the -wide switch which does a wide path of reverse lookups after finding any C names that match your query in the C block. This provides a lot more information but is a lot more noisy.
perl fierce.pl -dns example.com -wide -file output.txt
Finally, for the web application security folks I added a command to connect to any http servers on port 80 and perform whatever action you put into a configuration file. This is really noisy and really slow (especially on large networks), so I wouldn't recommend trying it unless you have a few hours with nothing better to do, unless you know there are only a handful of machines or have already ran this without the connect scan turned on.
perl fierce.pl -dns example.com -connect headers.txt -fulloutput -file output.txt
Here's what a sample header file might look like. The sample file below is attempting to exploit the Expect cross site scripting vulnerability:

Fierce also has wordlist support so that you can supply your own dictionary using the -wordlist keyword. Since the brute force does rely on matching at least a few internal targets, this could be helpful if you know that the naming convention has to do with a certain non-obvious naming convention or uses another language, etc.
perl fierce.pl -dns example.com -wordlist dictionary.txt -file output.txt
Not convinced? Prior to running the scan I had never been to either mail.ru or rambler.ru (a few of the top Alexa sites in Russia). Since I don't read Russian, performing an audit against them is far more difficult. Here's some sample output from the two. In the first example you can see that mail.ru has a non-contiguous address for it's mobile.mail.ru than it does for the rest of the site. That would have been very difficult to locate with any other scanner. In the rambler.ru example you can see the RFC1918 space 10.* pop up:

  • mail.ru - 418 entries and 303 hostnames found.
  • rambler.ru - 472 entries and 458 hostnames found.
Trust me, we've found far more interesting sites than these two in our tests, but I don't want to disparage any companies for their mistakes. I'm sure you can think of a few companies to test this against. The results can be pretty amazing. If you don't get many results, that could be one of three things, 1) you aren't scanning their corporate domain, you are only scanning their external domain which they only have one or two machines on 2) it's a very small company or 3) you typo'd the domain name (I haven't built any checks to make sure the domain you entered is valid).
Requirements: This is a PERL program requiring the PERL interpreter with the modules Net::DNS and Net::hostent. You can install modules using CPAN:
perl -MCPAN -e 'install Net::DNS'
perl -MCPAN -e 'install Net::hostent'
Windows users: You can use Fierce under Windows if you use Cygwin with PERL and the above two modules installed. I have not tested this using ActivePerl in Windows, so I would recommend Cygwin until ActivePerl can be thoroughly tested. I am/was working on a win32 version of Fierce, but have put the project on hold. If anyone is interested in picking up where I left off, drop me a line.
Version: Fierce is currently at version 0.9.9 - Beta 03/24/2007
Download: fierce.pl
Download: hosts.txt
(Thanks to Robert E Lee for the help with this and to Michael Thumann's DNSDigger wordlist).
Getting started: perl fierce.pl -help
This may some bugs in it. Also this can be a noisy scanner, but in the tests I've performed it's exceptionally effective at finding non-contiguous IP blocks and new attack points. This should be considered a pre-cursor to nmap, unicornscan or nessus as it gives you enough information to begin a much more thorough scan with one of those other tools. Also, it can point out DNS entries for hosts that are no longer up or have not yet been put into production. Please use Fierce with care and at your own risk.

Xem Thêm


Phemail.py: Phishing EMail Social Engineering Tool

Social Engineering is defined as the process of inducing people into giving away access or confidential information. From a security consultant point of view this topic is not new and there are many tools which can be used against the target.
phemail.py - Phishing EMAIL. The main purpose of this tool is to prove who clicked on the phishing email without attempting to exploit the web browser but collecting as much information as possible. For this reason it will be 100% undetectable by any antivirus and it will obtain sufficient data to have an initial proof of concept for the client.
Steps to use Phemail.py:
  1. Find corporate email addresses: Phemail has an option for harvesting corporate email addresses and save them to a file. Phemail.py leverages Google to search for LinkedIn specific corporate e-mail targets.
  2. Create a phishing email template: You get to create your own custom phishing templates. Do not forget to add the string “{0}” in each URL as the script will replace this string with the correct URL automatically.
  3. Host/upload a single PHP file: This file contains JavaScript code which attempts to collect web browser information and save it in a log file in /tmp directory.
  4. Run the php file as shown in the following example: # phemail.py -e test-emails.txt -f "Tax report " -r "Tax Report " -s "Important information about your tax" -b body.txt -w http://YOUR-WEBSITE.com

Xem Thêm


Copyright © Dương-UG Blog's - Nguyễn Bình Dương