Category Archives: (U) Tools

Nipe script to make Tor Network your default gateway

Imagem

[+] AUTOR: Heitor Gouvêa
[+] SITE: http://heitorgouvea.me
[+] EMAIL: hi@heitorgouvea.me
[+] GITHUB: https://github.com/GouveaHeitor
[+] TWITTER: https://twitter.com/GouveaHeitor
[+] FACEBOOK: https://fb.com/GouveaHeitor
[+] TELEGRAM: @GouveaHeitor

Tor enables users to surf the Internet, chat and send instant messages
anonymously, and is used by a wide variety of people for both Licit and
Illicit purposes. Tor has, for example, been used by criminals enterprises,
Hacktivism groups, and law enforcement agencies at cross purposes, sometimes
simultaneously.

Nipe is a Script to make Tor Network your Default Gateway.

This Perl Script enables you to directly route all your traffic from your
computer to the Tor Network through which you can surf the Internet Anonymously
without having to worry about being tracked or traced back.

See the tutorial on how to use the Nipe

Download and install:

git clone https://github.com/GouveaHeitor/nipe
cd nipe
cpan install Switch JSON LWP::UserAgent

Commands:

 

 

COMMAND FUNCTION

install Install dependencies

start Start routing

stop Stop routing

status See status

 

 

Examples:

perl nipe.pl install

perl nipe.pl start

perl nipe.pl stop

perl nipe.pl status

 

pemcracker – Tool For Cracking PEM Files

pemcracker is a tool for cracking PEM files that are encrypted and have a password. The purpose is to attempt to recover the password for encrypted PEM files while utilising all the CPU cores.

pemcracker - Tool For Cracking PEM Files

Inspired by Robert Graham’s pemcrack, it still uses high-level OpenSSL calls in order to guess the password. As an optimisation, instead of continually checking against the PEM on disk, it is loaded into memory in each thread.

 

Usage

Example:

If you are looking for the fastest possible method of brute forcing PEM files, you may wish to try out John the Ripper. Its little known ssh2john allows for converting PEM files to a format that can be fed into ./john.

You can download pemcracker here:

pemcracker-master.zip

NetCraft Tool – Way Of Examining a Site – Before Attacking Website

Learn more about your target by finding out what they are running, additional IP information, server data, and DNS information.1. In your web browser, open the website www.netcraft.com.

2. In the box labeled What’s That Site Running? enter the name of a website.

3. On the results page, note the list of sites that appear. The results may include a list of subdomains for the domain you entered. Not every site will have subdomains, so if you don’t see any don’t be alarmed. In some cases if there is only a single result for a domain name, you may in fact go directly to a page with details about the domain.

4. On the results page, click the Site Report icon next to a domain name to go to the Site Report page for that domain.

5. On the Site Report page, note the information provided. This includes data such as email addresses, physical addresses, OS and web server information, and IP information.

Question / Comment > Below

crackle – Crack Bluetooth Smart Encryption (BLE)

crackle can guess or very quickly brute force the TK (temporary key) used in the pairing modes supported by most devices (Just Works and 6-digit PIN). With this TK, crackle can derive all further keys used during the encrypted session that immediately follows pairing.

The LTK (long-term key) is typically exchanged in this encrypted session, and it is the key used to encrypt all future communications between the master and slave. The net result: a passive eavesdropper can decrypt everything. Bluetooth Smart encryption is worthless.

Modes of Operation

Crack TK

This is the default mode used when providing crackle with an input file using -i.

In Crack TK mode, crackle brute forces the TK used during a BLE pairing event. crackle exploits the fact that the TK in Just Works(tm) and 6-digit PIN is a value in the range [0,999999] padded to 128 bits.

 

Decrypt with LTK

In Decrypt with LTK mode, crackle uses a user-supplied LTK to decrypt communications between a master and slave. This mode is identical to the decryption portion of Crack TK mode.

Usage

You can download crackle here:

crackle-0.1.zip

BetterCap: A New MITM Framework Tool


Bettercap is a complete, modular, portable and easily extensible MITM tool and framework with every kind of diagnostic and offensive feature you could need in order to perform a man in the middle attack.

How to install ?

Stable Release ( GEM )

gem install bettercap

From Source

git clone https://github.com/evilsocket/bettercap
cd bettercap
gem build bettercap.gemspec
sudo gem install bettercap*.gem

DEPENDS

All dependencies will be automatically installed through the GEM system, in some case you might need to install some system dependency in order to make everything work:

sudo apt-get install ruby-dev libpcap-dev

Minion – Mozilla Security Testing Framework

Minion is a security testing framework built by Mozilla to bridge the gap between developers and security testers. To do so, it enables developers to scan with a wide variety of security tools, using a simple HTML-based interface.

Minion - Mozilla Security Testing Framework

It consists of three umbrella projects:

 

  • Minion Frontend, a Python, angular.js, and Bootstrap-based website that provides a HTML interface to authenticate and authorize users, manage sites, initiate scans, and report issues
  • Minion Backend, a Python, Flask, and Twisted-based backend that provides an API for the Minion Frontend, and acts as a middleman between the frontend and external security tools
  • Minion VM, a repository of recipes to allow quick installations of Minion either via Vagrant or Docker

Functionality

Minion has limited scanning functionality built into itself. Instead, it relies on the large variety of pre-existing open source and commercial scanning tools. These plugins include:

  • Minion ZAP, which utilizes the OWASP Zed Attack Proxy
  • Minion Nmap, utilizing the Nmap network scanner
  • Minion Skipfish, utilizing the Skipfish reconnaissance tool
  • Minion SSLyze, utilizing the SSLyze TLS scanner
  • Minion SSL, which uses the sslscan TLS scanner

You can download Minion here:

Back-end: minion-backendv0.3.zip
Front-end: minion-frontend-v0.4.zip

KGB Keylogger from Refog Software

KGB Keylogger is a multi-functional keyboard tracking software that is widely used by both regular users and IT security specialists for tracking the key strokes typed on a given machine.

KGB Keylogger

KGB Keylogger Features at a Glance

  • Stealth mode and visible mode of work;
  • Logs keyboard input, including language-specific characters;
  • Logs Clipboard entries;
  • Monitors and logs network activities;
  • Custom list of monitored applications;
  • Detailed information for each log entry, including the time stamp, application name and window caption;
  • Screenshots at custom frequency (regular intervals or on mouse clicks);
  • Export of logs into HTML;

The software works as described and is pretty fully featured for a Keylogger including a screen capture feature, not just the normal text/keyboard capturing facility.

The interface is nice and it’s fairly easy to use.

It has good ratings at places like Softpedia (5/5).

You can download the trial version here (Valid for 7 days):

KGB Keylogger – Trial

NetworkMiner – Passive Sniffer & Packet Analysis Tool for Windows

NetworkMiner is a passive network sniffer/packet capturing tool for Windows with an easy to use interface. It can detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis.

NetworkMiner makes use of OS fingerprinting databases from both p0f (by Michal Zalewski) and Ettercap (by Alberto Ornaghi and Marco Valleri) in order to do as correct passive OS fingerprinting as possible. NetworkMiner also uses the MAC-vendor list from Nmap (Fyodor).

The purpose of NetworkMiner is to collect data about hosts on the network rather than to collect data regarding the traffic on the network. The main view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames).

NetworkMiner can extract files transferred over the network by parsing a PCAP file or by sniffing traffic directly from the network. This is a neat function that can be used to extract and save media files (such as audio or video files) which are streamed across a network.

 

Another very useful feature is that the user can search sniffed or stored data for keywords. NetworkMiner allows the user to insert arbitrary string or byte-patterns that shall be searched for with the keyword search functionality.

A feature the author wants to include in future versions of NetworkMiner is to use statistical methods to do protocol identification (protocol fingerprinting) of a TCP session or UDP data. This means that instead of looking at the port number to guess which protocol is used on top of the TCP/UDP packet NetworkMiner will identify the correct protocol based on the TCP/UDP packet content. In this way NetworkMiner will be able to identify protocols even if the service is run on a non-standard port.

You can download NetworkMiner here:

NetworkMiner-0.82

Brutus Password Cracker – Download brutus-aet2.zip AET2

If you don’t know, Brutus is one of the fastest, most flexible remote password crackers you can get your hands on – it’s also free. It is available for Windows 9x, NT and 2000, there is no UN*X version available although it is a possibility at some point in the future. Brutus was first made publicly available in October 1998 and since that time there have been at least 70,000 downloads and over 175,000 visitors to this page. Development continues so new releases will be available in the near future.

Download brutus-aet2.zip

Brutus was written originally to help me check routers etc. for default and common passwords.

Features

Brutus version AET2 is the current release and includes the following authentication types :

  • HTTP (Basic Authentication)
  • HTTP (HTML Form/CGI)
  • POP3
  • FTP
  • SMB
  • Telnet

Other types such as IMAP, NNTP, NetBus etc are freely downloadable from this site and simply imported into your copy of Brutus. You can create your own types or use other peoples.

 

The current release includes the following functionality :

  • Multi-stage authentication engine
  • 60 simultaneous target connections
  • No username, single username and multiple username modes
  • Password list, combo (user/password) list and configurable brute force modes
  • Highly customisable authentication sequences
  • Load and resume position
  • Import and Export custom authentication types as BAD files seamlessly
  • SOCKS proxy support for all authentication types
  • User and password list generation and manipulation functionality
  • HTML Form interpretation for HTML Form/CGI authentication types
  • Error handling and recovery capability inc. resume after crash/failure.

 

Netdiscover – Network Address Discovery Tool

Netdiscover is a network address discovery tool that was developed mainly for those wireless networks without DHCP servers, though it also works on wired networks. It sends ARP requests and sniffs for replies.

Netdiscover - Network Address Discovery Tool

Built on top of libnet and libpcap, it can passively detect on-line hosts, or search for them, by actively sending ARP requests, it can also be used to inspect your network ARP traffic, or find network addresses using auto scan mode, which will scan for common local networks

Requirements

  • libpcap
  • libnet > 1.1.2

Tested to work on Linux, Solaris MacOS X and OpenBSD, other *nix variants may work.

Usage: ./netdiscover [-i device] [-r range | -p] [-s time] [-n node] [-c count] [-f] [-S]
 
  -i device
    The network device to sniff at and inject packets. If no device was
    specified, first available will be used.
 
  -r range
    Scan a given range instead of auto scan. Valid range values are:
    192.168.0.0/24, 192.168.0.0/16 or 192.168.0.0/8
 
  -p
    Enable passive mode do not send anything, only sniff
 
  -s time
    It will sleep given time in milliseconds between each arp request
    injection. (default 1)
 
  -c count
    Number of times to send each arp reques. Usefull for networks with
    packet loss, so it will scan given times for each host.
 
  -n node
    Last ip octet used for scanning as source host, you can change it
    if the default host is already used (from 2 to 253) (default 66)
 
  -S
    Enable sleep time supression betwen each request. I will sleep each 255
    scanned hosts instead of do it by each one, this mode was used on 0.3 beta4
    and older releases. Avoid this option on networks with packet lossing,
    or in wireless networks with low signal level. (also called hardcore mode)
 
  -f
    Enable fastmode scan, it will only scan for hosts .1, .100, .254 on each
    network, usefull when searching for addresses being used, after find one
    you can make a specific range scan to see online boxes.
    Scanned hosts can be easily modified at fast_ips[] array on main.c source.
 
If -p or -r options are not used, netdiscover will automatically scan for common
lan addresses. Those address lists can be modified at common_net[] on main.c

 

Build

$ sh update-oui-database.sh (optional)
$ ./configure
$ make
# make install

 

You can download Netdiscover here:

netdiscover-master.zip