Category Archives: (D) Advanced Hacking

WebDAV security scanner – Discover hidden files and folders

DAVScan is a quick and lightweight WebDAV security scanner designed to discover hidden files and folders on DAV enabled web servers. The scanner works by taking advantage of overly privileged/misconfigured WebDAV servers or servers vulnerable to various disclosure or authentication bypass vulnerabilities.

DAVScan - WebDAV Security Scanner

The scanner attempts to fingerprint the target server and then spider the server based on the results of a root PROPFIND request.

 

Features

  • Server header fingerprinting – If the webserver returns a server header, davscan can search for public exploits based on the response.
  • Basic DAV scanning with PROPFIND – Quick scan to find anything that might be visible from DAV.
  • Unicode Auth Bypass – Works using GET haven’t added PROPFIND yet. Not fully tested so double check the work.
  • Exclusion of DoS exploit results – You can exclude denial of service exploits from the searchsploit results.
  • Exclusion of MSF modules from exploit results – Custom searchsploit is included in the repo for this. Either overwrite existing searchsploit or backup and replace. This feature may or may not end up in the real searchsploit script.

Usage

You can download DAVScan here:

davscan-master.zip

dnsteal – DNS Exfiltration Tool

dnsteal is a DNS exfiltration tool, essentially a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.

dnsteal - DNS Exfiltration Tool

dnsteal is coded in Python and is available on Github.

Features

dnsteal currently has:

  • Support for multiple files
  • Gzip compression supported
  • Supports the customisation of subdomains
  • Customise bytes per subdomain and the length of filename

 

Usage

You can download dnsteal here:

dnsteal.py

OWASP OWTF – Offensive Web Testing Framework

OWASP Offensive Web Testing Framework is a project focused on penetration testing efficiency and alignment of security tests to security standards like: The OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST.

OWASP OWTF - Offensive Web Testing Framework

The purpose of this tool is to automate the manual and uncreative parts of pen testing. For example, Figuring out how to call “tool X” then parsing results of “tool X” manually to feed “tool Y” and so on is time consuming.

By reducing this burden we hope pen testers will have more time to:

  • See the big picture and think out of the box,
  • Find, verify and combine vulnerabilities efficiently,
  • Have time to Investigate complex vulnerabilities like business logic, architectural flaws, virtual hosting sessions, etc.
  • Perform more tactical/targeted fuzzing on seemingly risky areas
  • Demonstrate true impact despite the short time-frames we are typically given to test.

 

This tool is however not a silver bullet and will only be as good as the person using it. Understanding and experience will be required to correctly interpret the tool output and decide what to investigate further in order to demonstrate the impact.

Features

  • Web UI. Now configure and monitor OWTF via a responsive and powerful interface accessible via your browser.
  • Exposes RESTful APIs to all core OWTF capabilties.
  • Instead of implementing yet another spider (a hard job), OWTF will scrub the output of all tools/plugins run to gather as many URLs as possible.
  • Scan by various aggression levels: OWTF supports scans which are based on the aggressiveness of the plugins/tools invoked.
  • Extensible OWTF manages tools through ‘plugins’ making it trivial to add new tools.
  • OWTF has been developed keeping Kali Linux in mind, but it also supports other pentesting distros such as Samurai-WTF, etc.
  • Tool paths and configuration can be easily modified in the web interface.
  • Fastest Python MiTM proxy yet!
  • Crash reporting directly to Github issue tracker
  • Comprehensive interactive report at end of each scan
  • Easy plugin-based system; currently 100+ plugins!
  • CLI and web interface

You can download OWASP OWTF here:

Hacker Tools Top 10 – 2016 Update

Nmap (Network Mapper) | Free

Used to Scan Ports and Map Networks – and a whole bunch more!

Nmap is an abbreviation of ‘Network Mapper’, and it’s very well known free open source hackers tool. Nmap is mainly used for network discovery and security auditing. Literally, thousands of system admins all around the world will use nmap for network inventory, check for open ports, manage service upgrade schedules, and monitor host or service uptime. Nmap, as a tool uses raw IP packets in creative ways to determine what hosts are available on the network, what services (application name and version) those hosts are providing information about, what operating systems (fingerprinting) and what type and version of packet filters/ firewalls are being used by the target. There are dozens of benefits of using nmap, one of which is that fact that the admin user is able to determine whether the network (and associated nodes) need patching. Nmap’s been featured in literally every hacker movie out there, not least the recent Mr. Robot series. It’s also worth mentioning that there’s a GUI version of Nmap called ‘Zenmap’. We’d advise you to learn using Nmap (i.e. the ‘command line’) then rotate into Zenmap when you are feeling all confident.


Metasploit Penetration Testing Software | Free & Paid

Vulnerability Exploitation Tool

The Metasploit Project is a hugely popular pentesting or hacking framework. If you are new to Metasploit think of it as a ‘collection of hacking tools and frameworks’ that can be used to execute various tasks. Widely used by cybersecurity professionals and ethical hackers this is a tool that you have to learn. Metasploit is essentially a computer security project (framework) that provides the user with vital information regarding known security vulnerabilities and helps to formulate penetration testing and IDS testing plans, strategies and methodologies for exploitation. There’s a ton of incredibly useful Metasploit information out there and we hope that the books that we’ve chosen go someway to help you on your journey, not least if you are a beginner just starting out and looking for beginners tutorials in how to use Metasploit.


John The Ripper | Free

Password Cracking Tool

John the Ripper (often you’ll see abbreviated as ‘JTR’) wins the award for having the coolest name. John the Ripper, mostly just referred to as simply, ‘John’ is a popular password cracking pentesting tool that is most commonly used to perform dictionary attacks. John the Ripper takes text string samples (from a text file, referred to as a ‘wordlist’, containing popular and complex words found in a dictionary or real passwords cracked before), encrypting it in the same way as the password being cracked (including both the encryption algorithm and key), and comparing the output to the encrypted string. This tool can also be used to perform a variety of alterations to dictionary attacks. If you are somewhat confused between John the Ripper and THC Hydra then think of John the Ripper as an ‘offline’ password cracker whilst THC Hydra is an “online” cracker.


THC Hydra | Free

Password Cracking Tool

We’ve purposely placed THC Hydra underneath John The Ripper because they often go ‘hand-in’hand’. THC Hydra (we’ve abbreviated to simply ‘Hydra’ throughout our site) is a hugely popular password cracker and has a very active and experienced development team. Essentially THC Hydra is a fast and stable Network Login Hacking Tool that will use dictionary or brute-force attacks to try various password and login combinations against an log in page. This hacking tool supports a wide set of protocols including Mail (POP3, IMAP, etc.), Databases, LDAP, SMB, VNC, and SSH. Take a look at John the Ripper as well.


OWASP Zed | Free

Web Vulnerability Scanner

The Zed Attack Proxy (ZAP) is now one of the most popular OWASP projects. The fact that you’ve reached this page means that you are likely already a relatively seasoned cybersecurity professional so it’s highly likely that you are very familiar with OWASP, not least the OWASP Top Ten Threats listing which is considered as being the ‘guide-book’ of web application security. This hacking and pentesting tool is a very efficient as well as being an ‘easy to use’ program that finds vulnerabilities in web applications. ZAP is a popular tool because it does have a lot of support and the OWASP community is really an excellent resource for those that work within Cyber Security. ZAP provides automated scanners as well as various tools that allow you the cyber pro to discover security vulnerabilities manually. Understanding and being able to master this tool would also be advantageous to your career as a penetration tester. If you are a developer then you have it’s obviously highly recommended that you learn how to become very proficient with this ‘hacker tool!’


Wireshark | Free

Web Vulnerability Scanners

Wireshark is a very popular pentesting tool and for over a year it was not included on our list, however, by popular demand we added it in late June 2016. Wireshark essentially captures data packets in a network in real time and then displays the data in human-readable format (verbose). The tool (platform) has been highly developed and it includes filters, color-coding and other features that lets the user dig deep into network traffic and inspect individual packets. If you’d like to become a penetration tester or work as a Cyber Security practioner, then learning how to use Wireshark is a must. There are a ton of resources out there to learn Wireshark, and, of particular interest, there’s also a Wireshark Certification which you can achieve and place on your LinkedIn profile.


Aircrack-ng | Free

Password Cracking Tool

The Aircrack suite of Wifi (Wireless) hacking tools are legendary because they are very effectively when used in the right hands. For those new to this wireless-specific hacking program, Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking hacking tool that can recover keys when sufficient data packets have been captured (in monitor mode). For those tasked with penetrating and auditing wireless networks Aircrack-ng will become your best friend. It’s useful to know that Aircrack-ng implements standard FMS attacks along with some optimizations like KoreK attacks, as well as the PTW attacks to make their attacks more potent. If you are a mediocre hacker then youll be able to crack WEP in a few minutes and you ought to be pretty proficient at being able to crack WPA/ WPA2. For those interested in Wireless Hacking we’d also highly recommend taking a look at the very awesome Reaver, another very popular hacking tool that alas we couldn’t add to our list.


Maltego | Free & Paid

Digital Forensics

Maltego is different in that it works within a digital forensics sphere. Maltego is a platform that was designed to deliver an overall cyber threat picture to the enterprise or local environment in which an organization operates. One of the awesome things about Maltego which likely makes it so popular (and included in the Kali Linux Top Ten) is its’s unique perspective in offering both network and resource based entities is the aggregation of information sourced throughout the web – whether it’s the current configuration of a vulnerable router within a network or the current whereabouts of your staff members on their international visits, Maltego can locate, aggregate and visualize this data! For those interested in learning how to use Maltego we’d also recommend learning about OSINT cybersecurity data procurement.


Cain and Abel Hacking Tool | Free

Password Cracker/ Password Hacking

Cain and Abel (often simply abbreviated to Cain) is a hugely popular hacking tool and one that is very often mentioned online in a variety of ‘hacking tutorials’. At its’ heart, Cain and Abel is a password recovery tool for Microsoft Windows but it can be used off-label in a variety of uses, for example, white and black hat hackers use Cain to recover (i.e. ‘crack’) many types of passwords using methods such as network packet sniffing and by using the tool to crack password hashes. Cain, for example, when used to crack password hashes would use methods such as dictionary attacks, brute force, rainbow table attacks and cryptanalysis attacks.


Nikto Website Vulnerability Scanner | Free

Website Vulnerability Scanner Hacking Tool

Nikto is another classic ‘Hacking Tool’ that a lot of pentesters like to use. Worth mentioning that Nickto is sponsored by Netsparker (which is yet another Hacking Tool that we have also listed in our directory). Nikto is an Open Source (GPL) web server scanner which is able to scan and detect web servers for vulnerabilities. The system searches against a database of over 6800 potentially dangerous files/ programs when scanning software stacks. Nikto, like other scanners out there, also scans for outdated (unpatched) versions of over 1300 servers, and version specific problems on over 275 servers. Interestingly, Nikto can also check server configuration items such as the presence of multiple index files, HTTP server options, and the platform will also try to identify installed web servers and web applications. Nikto will get picked up by any semi-decent IDS tool so its’ really useful when conducting a white-hat/ white-box pentest. Certainly a great tool to learn your skills on when attacking an open box for training.

How to decode WPA/WEP keys using Penetrate Pro

The App Penetrate Pro is developed by Biogo Ferreria. It is an excellent App for decoding WEP/WPA WiFi Keys.

The Latest Build of the penetrate pro supports the following features.

  • Routers based on Thomson: Thomson, Infinitum, BBox, DMax, Orange, SpeedTouch, BigPond, O2Wireless, Otenet.
  • DLink
  • Eircom
  • Pirelli Discus
  • Verizon FiOS (only some routers)
  • Fastweb (Pirelli & Telsey)
  • Jazztel_XXXX and WLAN_XXXX
  • Tecom
  • Infostrada
  • SkyV1

Disclaimer – Our tutorials are designed to aid aspiring pen testers/security enthusiasts in learning new skills, we only recommend that you test this tutorial on a system that belongs to YOU. We do not accept responsibility for anyone who thinks it’s a good idea to try to use this to attempt to hack systems that do not belong to you.

Requirements

Minimum of Android 2.4

How to use it

  1. Download the Penetrate Pro form this LINK
  2. Install it in your android device (Your Android Device must be rooted)
  3. When you open it you will see a window

penetrate pro

If it says “Reversible: 0 found”, you have to change the target.
Reversing the Thomson routers requires a dictionary file or you can use 3G for it.

Once you got a reversible router, you can tap on it to get the WiFi Keys (Don’t forget to enable “Get keys from the web” by going to the settings):
Penetrate Pro how to
You can copy the keys just by simply tapping on them.
Penetrate pro also has a “Manual Search” option that allows users to find keys for a particular router which is not in the main list.

How To Use Manual Search Option

 
1. First, select the “Manual search” option from the menu.
manual search
2. Select the router:
manual search 1
3. Enter the numbers at the end of the network name. Then tap on “search”.
manual search 2
4. It will display the key(s):
manual search 3
Of course, Penetrate Pro is not a sophisticated tool like Aircrack android, but it is clearly a useful tool for penetration testers.

PunkSPIDER – A Web Vulnerability Search Engine

PunkSPIDER is a global-reaching web vulnerability search engine aimed at web applications. The goal is to allow the user to determine vulnerabilities in websites across the Internet quickly, easily, and intuitively. Please use PunkSPIDER responsibly.

PunkSPIDER -  A Web Vulnerability Search Engine

In simple terms, that means the authors have created a security scanner and the required architecture that can execute a large number of web application vulnerability scans: all at the same time. The tool, or rather arsenal, works off an Apache Hadoop cluster and can handle tens of thousands of scans.

How Can I See if a Website I Use is Vulnerable?

Searching for a specific website is easy! If you know the URL of your site you can simply type the URL in the search box (without http or https) and find your website. Once there you will be presented with the number of vulnerabilities present on the site.

 

Let’s try an example together, let’s say you’re looking to check if our the New York Times website http://www.nytimes.com is vulnerable. You could type in www.nytimes.com in the search bar, and you should receive a result back that looks like the following:

The first line gives you the domain of the result. The timestamp field on line 2 is the time that the site was added to our system. Below that is the interesting part, the total number of vulnerabilities found on the website. If you’re non-technical, you can ignore almost every part of that and just look at the Overall Risk field – this will tell you the risk of visiting a website.

As a rule of thumb anything with an Overall Risk of 1 should make you very wary, anything with an Overall Risk of greater than 1 you should stay away from entirely.

What Types of Vulnerabilities does PunkSPIDER Map?

Check it out here:

https://www.punkspider.org/

Wifi Hacking Tools List for Hacking Wifi 2016

Hacking is easy if you have right tools and the right knowledge, isn’t it? As for wifi hacking, You need to have the right wifi hacking tools. As per say we really don’t know what kind of hacking tools you need because we don’t know that what kind of Wifi hacking you are doing. Because the topic “wifi hacking” is really huge you know. And we have decided to give you the list of wifi hacking tools as categorizing them with their use in their specific type of wifi hacking.

For that reason first we have to mention the wifi hacking types and then put wifi hacking tools within them, we will describe  the wifi hacking tools with the short description of their use in a tutorial.Don’t worry! when this tutorial will end you will have your list of wifi hacking tools in a way that you could understand easily.

All Wifi Hacking Tools In One List

  • Aircrack-ng
  • Asleap
  • Bluelog
  • BlueMaho
  • Bluepot
  • BlueRanger
  • Bluesnarfer
  • Bully
  • coWPAtty
  • crackle
  • eapmd5pass
  • Fern Wifi Cracker
  • Ghost Phisher
  • GISKismet
  • Gqrx
  • gr-scan
  • kalibrate-rtl
  • KillerBee
  • Kismet

DET – Data Exfiltration Toolkit

DET is a proof of concept Data Exfiltration Toolkit using either single or multiple channel(s) at the same time.

DET - Data Exfiltration Toolkit

The idea behind DET was to create a generic tool-kit to plug any kind of protocol/service to test implemented Network Monitoring and Data Leakage Prevention (DLP) solutions configurations, against different data exfiltration techniques.

Features

DET already supports encryption and compression and also multiple protocols, listed here:

  • HTTP(S)
  • ICMP
  • DNS
  • SMTP/IMAP (eg. Gmail)
  • Raw TCP
  • PowerShell implementation (HTTP, DNS, ICMP, SMTP (used with Gmail))

And other “services”:

  • Google Docs (Unauthenticated)
  • Twitter (Direct Messages)

 

The following modules are “experimental”:

  • Skype (95% done)
  • Tor (80% done)
  • Github (30/40% done)

Usage

Installation

Clone the repo:

Then:

In the future the author hopes to add proper data obfuscation and other modules (FTP, Flickr using Steganography and YouTube).

Create your own Virus using V-Maker

 
Every one wants to create a virus but virus creation is not a child’s play. It needs a good skill in programming and knowledge about system resources. Today i am going to post about a virus creating tool. This tool is Virus Matic 2010 or in short V-Maker. You don’t need to know any thing. Only select the option you want and it will create a virus for you.
 
Main Feature of V-Maker

 

You can create your own prank files/viruses with ease by V-Maker.
  1. Disable Mouse and Keyboard
  2. Disable Regedit
  3. Delete System32
  4. Block Site
  5. Disable Task Manager
  6. Take Screen Shot Of Victim  PC
  7. Message Box (When User Click on Virus)
  8. Automatically Download Start (When User click on virus download start automatic)
  9. USB Spread

 

 

Download Here

DBPwAudit – Database Password Auditing Tool

DBPwAudit is a Java database password auditing tool that allows you to perform online audits of password quality for several database engines. The application design allows for easy adding of additional database drivers by simply copying new JDBC drivers to the jdbc directory.

DBPwAudit - Database Password Auditing Tool

Configuration is performed in two files, the aliases.conf file is used to map drivers to aliases and the rules.conf tells the application how to handle error messages from the scan.

Compatibility

The tool has been tested and known to work with:

– Microsoft SQL Server 2000/2005
– Oracle 8/9/10/11
– IBM DB2 Universal Database
– MySQL

Requirements

The tool is pre-configured for these drivers but does not ship with them, due to licensing issues. The links below can be used to find some of the drivers. They should all be copied to the jdbc directory.

 

Links to JDBC Drivers:

MySQL
Microsoft SQL Server 2005
Microsoft SQL Server 2000
Oracle

Usage

Scan the SQL server (-s 192.168.1.130), using the specified database (-d testdb) and driver (-D MySQL) using the root username (-U root) and password dictionary (-P /usr/share/wordlists/nmap.lst):

You can download DBPwAudit here:

dbpwaudit_0_8.zip