Category Archives: (J) Security Focus

How to Track Facebook Profile Visitors 2018 ?

Track Facebook Profile Visitors – Here We Have something Amazing that Now  You are Able to Track Facebook Profile Visitors without any software Easily by a Simple Facebook Trick. There is not a Facebook Feature and Offered by Facebook. You can Get and all the List of the Facebook Profiles who visit on your Facebook profile. On Facebook, Every User wants to See that Who is Secretly view their Profile. So, That why we share this Crazy Facebook Tricks to Track Profile Visitor.

On the Internet, People are also searching for “fb profile visitor app” or “facebook visitor tracker free download” terms like that but according to me there is no such facebook profile tracker app for android so searching on google about this is just a waste of time. You can track facebook profile visitor or check who is viewed your facebook profile by the following trick. this is for people who search on google about “facebook track who views your profile” so that’s why I am compiling here some great tips and tricks on facebook. People who search for track facebook profile ip you can check this link out and know how you do you know that from which IP your facebook profile is used.

How to Track Facebook Profile Visitors ?
How to Track Facebook Profile Visitors?

Now, Today We are Going to show a Facebook Trick to Track Facebook Profile Visitors. This is not Officially Permitted by Facebook but many of Geeks or Computer Worms find a Way to Track your Profile Visitors in Facebook Page View Source. Facebook has not Added this Cool Feature because they do not want to Reveal Information about Profile Visitors. Now on the Internet, this is the very Popular trick to Track your Facebook Profile Visitor. People want to Know who is Open Their Profiles and See their Pictures and Status. It is very Cool Trick that You can Now find who is Visit on your Facebook Profile.

 

How to Track Facebook Profile Visitors?

  1. Log in your Facebook Account.
  2. By Default you are on Facebook Home Page But If you are not Go to Facebook Home.
  3. Press CTRL+U and a New Window Open Where you see the Source Code of Facebook Page or You can also Do it By Right Click >> Open Source Code.
  4. Now Press CTRL+F and Search for this InitialChatFriendsList and You will see that Many Profile ID’s starting with 1000 is the Facebook Profile ids. You can Pick up any ID to see who is visit your Profile. In Below Picture You see that there are many People who View Facebook Profiles Secretly.These are the Facebook Profile IDs that Visit on your Profile
  5. Use These Profile ID’s like www.facebook.com/ID and Paste in Browser URL and See People who Watching you.
  6. These all are Facebook Profile IDs who is Visiting your Facebook Profile.
  7. Now you need to Pick Each of Profile Code and use this Process Again and Again. This is Little Complicated but 100% Working Trick.

This is Very Easy Trick to Track Facebook Profile Visitor and See Who is Watching you in Their Free Time and It may be your Lover, Hater, Relative or a Friend. Hackers are also View your Facebook Profile first before to perform an attack on your Facebook Account. They Target Facebook to get all User Information about Hobbies, Friends, and Relatives, Date of Birth. In Other Word, they use Brute Force to get Access your Facebook Account.

 

So Beware Before Updating Your Info On Facebook. If You have any questions you can comment below

Some Thoughts on Malicious Software Prevention and Protection

Today I got a message from a business associate of mine apologizing for a delay in the work, because he’d been hit by malicious software (malware). As it turned out, I replied, computer security is what passes for a day job for me. So I came up with some instructions for him to help improve his security. These should be fairly easy for a non-technical person to use, though a moderately technical person may need to set things up.

Preventing malware infection

  1. Make your account a “Limited User” instead of “Administrator”. This prevents the malware from running on your system without you first entering your password.
  2. If you are running Windows, make sure you are on 7 or higher. Windows 7 provides lots more security controls that balance protection with usability. One key feature is AppLocker which prevents unknown software from running without entering your password. The downloadable tool EMET enhances protections and Windows Defender is excellent, free anti-virus software.
  3. Keep all your software updated. Windows does a nice job of updating itself, but other software isn’t always as good. I don’t generally like to recommend specific software, but in this case it’s hard to find if I don’t: Secunia PSI is free for personal use and keeps you updated about…well updates.
  4. Be skeptical before opening email attachments or links. This takes some practice, but it’s as easy as stopping and asking whether something makes sense or not. Many of the email scams today look real, unless you apply some skepticism. Why would a) this person/company be b) sending me this information c) through email and d) how can I see if it’s legit?

Reducing fallout from malware

  1. Work with your financial institution to increase account security. Many people erroneously assume that banks reimburse for financial loss from malware, but that’s only for personal accounts. Banks differ in what they offer and can help you figure out what works best for you.
  2. Use online backup storage. You can store your documents on the Internet securely, so if something happens to your computer you can still get your documents back. Several companies offer a small amount of storage for personal use for free. Also store software licenses so you can rebuild.
  3. Use password safe technology. This is software that will track your passwords and store them protected on your computer and the Internet, as well as generate strong passwords. This means you can have a strong, unique password for each website which reduces the likelihood of having multiple accounts compromised at once.

Cleaning up after malware infection

  1. Notify financial institutions immediately. They will put more scrutiny on your transactions and can work with you to add security measures to your account.
  2. Even the best cleaning may leave malware behind. It’s best to wipe everything and start over. Download applications from their legitimate website. Stored copies and third-party sites could have malware embedded in the legitimate software.
  3. Change passwords from a known-clean system. Start first with the websites that could cause the most damage, such as financial institutions or where you could have fraudulent charges against accounts (for example, iTunes and Skype).

Busting some common misconceptions about malware

Anti-virus and a firewall are NOT very effective. 
Your firewall is designed prevent random computers on the Internet from starting to talk to yours. But most malware is spread through the web and email, which means you start to talk with the computer with the malware. That means your firewall is largely useless.

Anti-virus software works by trying to know all of the malware out there and blocking it. The problem is that malware is generated faster than anti-virus can keep up, using techniques that ensure anti-virus companies don’t see the exact malware you’ve downloaded. Anti-virus fails more often than it succeeds at blocking malware in real-world testing.

Malicious software is NOT just spread through sketchy sites.
Most malware today is actually spread through legitimate websites. Malicious attackers break into and store their malware legitimate sites, infecting visitors. It’s also common for ads to contain malware  so even large and well-protected websites present some risk.

One web browser is NOT inherently more secure than another.
This was true at one time, but it’s not anymore. Some malware still spreads by attacking the web browser, but much more will attack supporting applications like Adobe Reader or Sun Java – two technologies that are independent of your web browser.

Ransomware: New free decryption key can save files locked with Cryakl

Victims of Cryakl ransomware are now able to get their files back without paying a ransom to cybercriminals, after the decryption key was released for free as part of the No More Ransom initiative.

Launched by Europol in 2016, the scheme brings law enforcement and private industry together in the fight against cybercrime and has helped thousands of ransomware victimsretrieve their encrypted files without lining the pockets of crooks.

Cryakl has been active since September 2015 and, like other forms of ransomware, it searches an infected system for files, encrypts them, then demands payment for providing the key needed to retrieve the files. It also threatens to delete the encrypted files if payment isn’t received within a week.

Unlike more recent forms of ransomware which ask for payments to be made into a cryptocurrency wallet, victims of Cryakl are asked to contact the attackers by email.

The ransomware is most prolific in Russia, but Cryakl has claimed victims across Europe. Kaspersky Lab told ZDNet there has been over 2,000 infections in Italy, over 2,000 in Germany, over 1,000 in Spain and hundreds across the UK, Belgium, France, Poland, and Austria.

Decryption tools for Cryakl ransomware have been added to the No More Ransom portalfollowing work by the Belgian National Police and Kaspersky Lab as part of an ongoing investigation.

 

“Free decryption keys for Cryakl ransomware can be considered as proof of this policy, and yet another reminder that there is always a chance of winning in the fight with criminals.”

The addition of keys for Cryakl brings the total number of ransomware decryption tools available on the No More Ransom portal to 52. They can be used to decrypt 84 forms of ransomware including MarsJoke, Teslacrypt, LamdaLocker, Wildfire, and CryptXXX.

According to Europol, over 35,000 people have used No More Ransom to decrypt their files for free, preventing cyber criminals from obtaining ransoms worth over €10m.

Initially launched by Europol, the Dutch National Police, McAfee, and Kaspersky Lab, the number of partners working on No More Ransom has now risen to over 120, including 75 cybersecurity companies.

The Belgium National Police’s role in helping to decrypt Cryakl has seen it promoted to become an associate partner in the scheme — the second law enforcement body to do so after founding member the Dutch National Police.

Europol has also announced new partners for No More Ransom: the Cypriot and Estonian police are the most recent law enforcements agencies to join, while KPN, Telenor, and the College of Professionals in Information and Computing (CPIC) have joined as new private sector partners.

Learn how to bypass MAC filtering on wireless networks

In this tutorial we will be looking at how to bypass MAC filtering on a wireless network. MAC filtering, or MAC white- or blacklisting, is often used as a security measure to prevent non-whitelisted or blacklisted MAC addresses from connecting to the wireless network.

MAC Address stands for media access control address and is a unique identifier assigned to your network interface. With MAC filtering you can specify MAC addresses which are allowed or not allowed to connect to the network. For many occasions MAC filtering can be sufficient as a security measure but in others it is certainly not.

MAC filtering is totally useless to protect company networks and data or to prevent networks from being hacked over WiFi because is it so easy to bypass. When MAC filtering is in place you can easily determine whitelisted MAC addresses by scanning for connected clients using a tool like airodump-ng.

In this case we can assume that every connected MAC address is part of the whitelist or not on the black list.

In this tutorial we will be bypass MAC filtering on a TP link WR-841N router by spoofing the MAC address of a connected client. The connected client’s MAC address is whitelisted, otherwise it would not have been able to connect to the wireless network. We will put our wifi adapter in monitoring mode and retrieve the MAC address of connected clients with Airodump-NG on Kali Linux.

Then we will be using the Macchanger tool to spoof our MAC address, bypass MAC filtering and connect to the wireless network. Hacking the WiFi network password is outside the scope of this tutorial. You can have a look at the following WiFi hacking tutorials and tools to learn how to retrieve the password (and prevent this from happening):

MAC filtering settings

First we will be configuring the MAC filtering functionality in the router settings. We will be adding one client to the whitelist which will be our connected client:

Bypass MAC Filtering on wireless network - MAC Filtering on TP-link router

We’ve added one MAC address to the whitelist.

Let’s try to connect from another client in Kali Linux 2.0:

Bypass MAC Filtering on wireless network-2

Unable to connect from a non whitelisted MAC Address

Even if we use the right password is does not allow us to connect to the wireless network. We end up in an endless loop without authentication. This tells us the MAC filtering is active and working like a charm.

Bypass MAC Filtering

First we will have to put our WiFi adapter in monitoring mode using Airmon-ng and kill all the processes Kali Linux is complaining about:

airmon-ng start wlan0

kill [pid]

Then we launch Airodump-ng to locate the wireless network and the connected client(s) using the following command:

airodump-ng –c [channel]–bssid [target router MAC Address]–i wlan0mon

Airodump-ng now shows us a list of all connected clients at the bottom of the terminal. The second column lists the MAC Addresses of the connected client which we will be spoofing in order to authenticate with the wireless network.

Bypass MAC Filtering on wireless network-3

One connected client with a whitelisted MAC Address.

Spoofing the MAC Address with Macchanger

Now that we know a MAC address that is whitelisted in the TP Link router settings we can use it to spoof our own MAC address in order to authenticate with the network. Let’s spoof the MAC address of your wireless adapter but first we take need to take down the monitoring interface wlan0mon and the wlan0 interface in order to change the MAC address. We can do this by using the following command:

airmon-ng stop wlan0mon

Now we take down the wireless interface who’s MAC address we want to spoof with the following command:

ifconfig wlan0 down

Now we can use Macchanger to change the MAC address:

macchanger -m [New MAC Address] wlan0

And bring it up again:

ifconfig wlan0 up

Now that we have changed the MAC address of our wireless adapter to a whitelisted MAC address in the router we can try to authenticate with the network and see if we’re able to connect:

Bypass MAC Filtering on wireless network-4

Connected!

As you can see we have managed to connect to the wireless network using a spoofed MAC address of a connected client. This tutorial shows us that it was extremely easy to bypass MAC filtering on a wireless network and that MAC filtering is generally useless to protect your network from hackers.

Want more privacy online? SuperVpn brings its free VPN to Android

SuperVpn

 

People use VPNs to get around geo-blocking and take cover from online tracking, but in some cases, the VPN service tracks the users themselves and sells that data to third parties.

The Android version of ProtonVPN can be downloaded for free from Google Play and is free to use, but like ProtonMail and ProtonVPN for the desktop, the service has a number of paid tiers with more features and higher speeds.

10 of the Most Significant Ransomware Attacks of 2017

Here are 10 of the most significant ransomware attacks from the past year.

  1. Unknown

On 26 July 2017, Arkansas Oral & Facial Surgery Center suffered an attack at the hands of an unknown ransomware. The incident didn’t affect its patient database. However, it did affect imaging files like X-rays along with other documents such as email attachments. It also rendered patient data pertaining to appointments that occurred three weeks prior to the attack inaccessible.

At the time of discovery in September 2017, Arkansas Oral & Facial Surgery could not determine whether the ransomware attackers accessed any patients’ personal or medical data. It therefore decided to notify 128,000 customers of the attack and set them up with a year of free credit-monitoring services.

  1. Reyptson

Emsisoft security researcher xXToffeeXx detected a new ransomware threat called Reyptson back in July 2017. Upon successful infection, Reyptson checks to see if Mozilla’s Thunderbird email client is installed on the computer. If it is, the ransomware attempts to read the victim’s email credentials and contact list.

The threat isn’t interested in viewing this data to compromise the victim’s privacy. Instead it leverages those contacts to conduct a spam distribution campaign from the victim’s computer. Each of those spam messages comes with a fake invoice document that contains an executable responsible for loading up the ransomware.

  1. LeakerLocker

McAfee’s research team detected “Android/Ransom.LeakerLocker.A!Pkg,” also known as LeakerLocker, back in July 2017. They found it hiding inside of two Android applications: Booster & Cleaner Pro, an app which had 5,000 installs at the time of discovery, and Wallpapers Blur HD, a program with 10,000 installs.

LeakerLocker doesn’t encrypt an infected device’s files. Unlike other Android-based ransomware, it locks the home screen and claims to access the device’s email addresses, contacts, Chrome history, text messages and calls, pictures, and device information. The threat then displays this information in a WebView and demands $50 in payment if the victim doesn’t want their data shared with all of their phone contacts.

  1. WYSIWYE

In April 2017, Panda Security’s researchers discovered a new type of ransomware that they nicknamed “What You See Is What You Encrypt,” or “WYSIWYE.” The digital threat comes with an interface that an attacker can use to configure their preferences, including the email address that will appear in the ransom note that is sent to the victim. From that interface, they can also go after certain network computers, target specific files, and enter stealth mode.

The threat attacks a computer via a Remote Desktop Protocol (RDP) brute force attack. This type of intrusion oftentimes involves scanning the web for open RDP servers. If they find one, attackers use a tool to try hundreds of thousands of password combinations to steal the RDP credentials. They then deploy WYSIWYE onto the targeted network computer.

  1. Osiris

On 12 December 2016, the Cockrell Hill Police Department in Dallas, Texas learned of a security incident in which a computer virus affected one of its servers. The infection, which the police department contained to a single server, occurred when an employee received spam mail from an email address imitating a department-issued email address.

The Cockrell Hill Police Department traced the infection to a virus known as “Osiris,” which could be in reference to one variant of Locky ransomware. Osiris encrypted Microsoft Office and Excel documents as well as all body camera video, some in-car video, some in-house surveillance video, and some photographs dating back to 2009. It then demanded 4,000 USD in Bitcoin. Cockrell Hill’s police recovered the documents off CDs and DVDs, but without comprehensive data backups, they lost access to the affected video and photographs.

  1. Cerber

Cerber is one of the heavy-hitters in the ransomware sphere. It’s also one of the most prolific crypto-malware threats. Indeed, Microsoft detected more enterprise PCs infected with Cerber than any other ransomware family over the 2016-17 holiday season.

Bad actors have outfitted Cerber with new tactics and techniques since then. Malwarebytes observed one such modification in August 2017 with respect to a campaign that begins with Magnitude Exploit Kit. Upon successful exploitation of a hard-coded vulnerability, Magnitude loads a variant of Cerber that uses binary padding to artificially increase its size and thereby skirt scanning restrictions imposed by most security software.

  1. Locky

Since its discovery in February 2016, Locky and its ever–multiplying variants have relied on spam botnets like Necurs for distribution. The crypto-ransomware went dark in early 2017. However, it resurfaced in August with one of its largest campaigns yet: 23 million spam messages sent out over a 24-hour period.

Detected by AppRiver, the operation sent out emails containing subject lines like “pictures” and “documents” that bore a request to “download it here.” The emails come with a ZIP attachment that contains a Visual Basic Script (VBS) file. This file, in turn, pulls down Locky.

  1. BadRabbit

A week before Halloween, Kaspersky Lab revealed it had received “notifications of mass alerts” of a new ransomware targeting Ukrainian and Russian organizations. Some of the victims included Russian news media outlets Fontanka.ru and Interfax as well as Kiev’s metro system and an airport in  Odessa. ESET researchers believe the ransomware also hit targets in Poland, South Korea, and the United States.

Kaspersky’s researchers ultimately identified the threat as BadRabbit. Unlike WannaCry and NotPetya, BadRabbit did not exploit a Microsoft vulnerability for distribution. Instead it used drive-by attacks to deliver the ransomware dropper, a smaller-scale operation which demanded 0.5 Bitcoins in ransom from only hundreds (not hundreds of thousands) of victims.

  1. NotPetya

News of NotPetya first broke on 27 June when power distributors in Ukraine and the Netherlands confirmed hacking attacks that affected their systems. Not long afterwards, Ukraine’s government, the offices of multinationals in Spain, and the British advertising group WPP confirmed similar incidents. Researchers quickly traced the attacks to Petya, a form of ransomware which encrypts the Master Boot Record. They also observed how those newer variants were abusing the same EternalBlue vulnerability as exploited by WannaCry for distribution.

A closer look by Kaspersky Lab, however, revealed that Petya wasn’t actually involved in the worldwide campaign. The responsible malware borrowed large chunks of code from Petya, but it behaved as a wiper in that it offered no way for users to recover their affected data. For that reason, Kaspersky named the threat “NotPetya.”

  1. WannaCry

On 12 May 2017, an updated version of WCry/WannaCry ransomware called “WanaCrypt0r 2.0” struck hospitals belonging to the United Kingdom’s National Health Service (NHS), internet service provider Telefonica, and other high-profile targets around the world. Each victim subsequently received a note demanding $300 in Bitcoin as ransom. As with other variants, however, meeting the WannaCry attackers’ demand didn’t guarantee that a victim would receive a decryption key for their affected files.

Researchers later determined that WannaCry made its rounds by exploiting EternalBlue, a vulnerability which Microsoft patched in a security bulletin in March 2017. It’s believed bad actors incorporated EternalBlue into WannaCry’s delivery and distribution mechanism after a band of criminals known as the Shadow Brokers leaked EternalBlue and other exploit code stolen from the Equation Group hacker collective onto the public web. In total, WannaCry affected more than 300,000 organizations worldwide.

10 Best Security Live CD Distros Pen-Test Forensics & Recovery

1. BackTrack

The newest contender on the block of course is BackTrack. An innovative merge between WHax and Auditor (WHax formely WHoppix).

BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions Whax and Auditor, combining the best features from both distributions, and paying special attention to small details, this is probably the best version of either distributions to ever come out.

Based on SLAX (Slackware), BackTrack provides user modularity. This means the distribution can be easily customised by the user to include personal scripts, additional tools, customised kernels, etc.

Get BackTrack Here.

2. Operator

Operator is a very fully featured LiveCD totally oriented around network security (with open source tools of course).

Operator is a complete Linux (Debian) distribution that runs from a single bootable CD and runs entirely in RAM. The Operator contains an extensive set of Open Source network security tools that can be used for monitoring and discovering networks. This virtually can turn any PC into a network security pen-testing device without having to install any software. Operator also contains a set of computer forensic and data recovery tools that can be used to assist you in data retrieval on the local system.

Get Operator Here

3. PHLAK

PHLAK or [P]rofessional [H]acker’s [L]inux [A]ssault [K]it is a modular live security Linux distribution (a.k.a LiveCD). PHLAK comes with two light gui’s (fluxbox and XFCE4), many security tools, and a spiral notebook full of security documentation. PHLAK is a derivative of Morphix, created by Alex de Landgraaf.

Mainly based around Penetration Testing, PHLAK is a must have for any pro hacker/pen-tester.

Get PHLAK Here (You can find a PHLAK Mirror Here as the page often seems be down).

4. Auditor

Auditor although now underway merging with WHax is still an excellent choice.

The Auditor security collection is a Live-System based on KNOPPIX. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes. Independent of the hardware in use, the Auditor security collection offers a standardised working environment, so that the build-up of know-how and remote support is made easier.

Get Auditor Here

5. L.A.S Linux

L.A.S Linux or Local Area Security has been around quite some time aswell, although development has been a bit slow lately it’s still a useful CD to have. It has always aimed to fit on a MiniCD (180MB).

Local Area Security Linux is a ‘Live CD’ distribution with a strong emphasis on security tools and small footprint. We currently have 2 different versions of L.A.S. to fit two specific needs – MAIN and SECSERV. This project is released under the terms of GPL.

Get L.A.S Linux Here

6. Knoppix-STD

Horrible name I know! But it’s not a sexually trasmitted disease, trust me.

STD is a Linux-based Security Tool. Actually, it is a collection of hundreds if not thousands of open source security tools. It’s a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer. Its sole purpose in life is to put as many security tools at your disposal with as slick an interface as it can.

Get Knoppix-STD Here

 

7. Helix

Helix is more on the forensics and incident response side than the networking or pen-testing side. Still a very useful tool to carry.

Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics.

Get Helix Here

8. F.I.R.E

A little out of date, but still considered the strongest bootable forensics solution (of the open-source kind). Also has a few pen-testing tools on it.

FIRE is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment.

Get F.I.R.E Here

9. nUbuntu

nUbuntu or Network Ubuntu is fairly much a newcomer in the LiveCD arena as Ubuntu, on which it is based, is pretty new itself.

The main goal of nUbuntu is to create a distribution which is derived from the Ubuntu distribution, and add packages related to security testing, and remove unneeded packages, such as Gnome, Openoffice.org, and Evolution. nUbuntu is the result of an idea two people had to create a new distribution for the learning experience.

Get nUbuntu Here

10. INSERT Rescue Security Toolkit

A strong all around contender with no particular focus on any area (has network analysis, disaster recovery, antivirus, forensics and so-on).

INSERT is a complete, bootable linux system. It comes with a graphical user interface running the fluxbox window manager while still being sufficiently small to fit on a credit card-sized CD-ROM.

The current version is based on Linux kernel 2.6.12.5 and Knoppix 4.0.2

Get INSERT Here

Extra – Knoppix

Remember this is the innovator and pretty much the basis of all these other distros, so check it out and keep a copy on you at all times!

Not strictly a security distro, but definately the most streamlined and smooth LiveCD distribution. The new version (soon to be released – Knoppix 5) has seamless NTFS writing enabled with libntfs+fuse.

KNOPPIX is a bootable CD or DVD with a collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a productive Linux desktop, educational CD, rescue system, or adapted and used as a platform for commercial software product demos. It is not necessary to install anything on a hard disk.

Get Knoppix Here

reversemap – Analyse SQL injection attempts in web server logs

The program can either be run in batch mode or interactive mode. In batch mode the program will accept Apache web server logs and will deobfuscate requested URLs from the logs. In interactive mode the program will prompt for user input and will print the deobfuscated results.

The program can deobfuscate the following obfuscation techniques:

  • SQL CHAR encoding
  • SQL CAST encoding
  • Case encoding of SQL keywords
  • Substring(Experimental – Disabled by default as it will fail with nested queries)

 

Download From HERE

Bluto – DNS Recon, Zone Transfer & Brute Forcer

BLUTO

DNS Recon | Brute Forcer | DNS Zone Transfer | DNS Wild Card Checks | DNS Wild Card Brute Forcer | Email Enumeration | Staff Enumeration | Compromised Account Enumeration | MetaData Harvesting

 

Bluto has gone through a large code base change and various feature additions have been added since its first day on the job. Now that RandomStorm has been consumed and no longer exists, I felt it time to move the repo to a new location. So from this git push onwards Bluto will live here. I hope you enjoy the new Bluto.

 

Bluto is a Python-based tool for DNS recon, DNS zone transfer testing, DNS wild card checks, DNS brute forcing, e-mail enumeration and more.

 

he target domain is queried for MX and NS records. Sub-domains are passively gathered via NetCraft. The target domain NS records are each queried for potential Zone Transfers. If none of them gives up their spinach, Bluto will attempt to identify if SubDomain Wild Cards are being used. If they are not Bluto will brute force subdomains using parallel sub processing on the top 20000 of the ‘The Alexa Top 1 Million subdomains’ If Wild Cards are in place, Bluto will still Brute Force SubDomains but using a different technique which takes roughly 4 x longer. NetCraft results are then presented individually and are then compared to the brute force results, any duplications are removed and particularly interesting results are highlighted.

Bluto now does email address enumeration based on the target domain, currently using Bing and Google search engines plus gathering data from the Email Hunter service and LinkedIn. https://haveibeenpwned.com/ is then used to identify if any email addresses have been compromised. Previously Bluto produced a ‘Evidence Report’ on the screen, this has now been moved off screen and into an HTML report.

Search engine queries are configured in such a way to use a random User Agent: on each request and does a country look up to select the fastest Google server in relation to your egress address. Each request closes the connection in an attempt to further avoid captchas, however exsesive lookups will result in captchas (Bluto will warn you if any are identified).

Bluto requires various other dependencies. So to make things as easy as possible, pip is used for the installation. This does mean you will need to have pip installed prior to attempting the Bluto install.

 

Usage

You can download Bluto here:

Bluto-2.01.zip

maltrail – Malicious Traffic Detection System

Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user-defined lists, where trail can be anything from domain name (e.g. anydomainname.com for Banjori malware), URL (e.g. http://109.xxx.xx.xxx/xxx.exe for known malicious executable), IP address (e.g. 185.130.5.231 for known attacker) or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool).

maltrail - Malicious Traffic Detection System

Also, it uses (optional) advanced heuristic mechanisms that can help in the discovery of unknown threats (e.g. new malware).

 

Features

  • Uses multiple public blacklists (alientvault, autoshun, badips, sblam etc)
  • Has extensive static trails for identification (domain names, URLs, IP addresses or User-Agent values)
  • Optional heuristic mechanisms for detection of unknown threats
  • Based on Traffic -> Sensor <-> Server <-> Client Architecture
  • Web reporting interface

Installation

You can download maltrail here:

maltrail-master.zip

Or read more here.