Category: Security Tools

Jan 06 2015

Wifiphisher – Fast Automated Phishing Attack Tool for WiFi Networks

wifiphisherWifiphisher is a security tool that mounts fast automated phishing attacks against WPA networks in order to obtain the secret passphrase. It is a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining WPA credentials.

From the victim’s perspective, the attack makes use in three phases:

1] Victim is being deauthenticated from her access point: Wifiphisher continuously jams all of the target access point’s wifi devices within range by sending deauth packets to the client from the access point, to the access point from the client, and to the broadcast address as well.

2] Victim joins a rogue access point: Wifiphisher sniffs the area and copies the target access point’s settings. It then creates a rogue wireless access point that is modeled on the target. It also sets up a NAT/DHCP server and forwards the right ports. Consequently, because of the jamming, clients will start connecting to the rogue access point. After this phase, the victim is MiTMed.

MiTM Attack

3] Victim is being served a realistic router config-looking page: Wifiphisher employs a minimal web server that responds to HTTP & HTTPS requests. As soon as the victim requests a page from the Internet, wifiphisher will respond with a realistic fake page that asks for WPA password confirmation due to a router firmware upgrade.

Requirements:
― Kali Linux
― Two wireless network interfaces, one capable of injection.

Wifiphisher works on Kali Linux and is licensed under the MIT license.

More Info: sophron/wifiphisher – GitHub

Feb 28 2014

Tor to Release Instant Messaging Bundle (TIMB)

Tor Instant Messaging BundleThe TOR project is about to join the world of secure instant messaging, laying out a roadmap that would see its first code for a new project delivered by the end of March 2014.

The first aim of the Tor Instant Messaging Bundle will be to get experimental builds happening with Instantbird providing the messaging interface.

As explained, Instantbird was considered to be the best of the three messaging platforms considered by the TOR people. Pidgin/libpurple and xmpp-client were also looked at but didn’t make the cut.

The developers’ “mild preference” for Instantbird is tempered by a couple of open questions. One is what attack profile it presents to the outside world; the other, its OTR support, is being addressed by the TOR developers. Libpurple, which is currenly an Instantbird dependency, is being removed.

As this document notes, the group also plans to have the Tor Instant Messaging Bundle audited so “people in countries where communication for the purpose of activism is met with intimidation, violence, and prosecution will be able to avoid the scrutiny of criminal cartels, corrupt officials, and authoritarian governments.”

With Facebook’s recent US$16bn takeover of the messaging service that has more than 450m monthly users, some of the more worried corners of the online communities have questioned the move and whether this will mean their messages will become more susceptible to being monitored, something Facebook has been accused of in the past.

That is why Tor has timed its announcement perfectly!

Nov 30 2012

HoneyDrive – Honeypots In A Box

Honeydrive HoneypotHoneyDrive is a virtual appliance (OVA) with Xubuntu Desktop 12.04 32-bit edition installed. It contains various honeypot software packages such as Kippo SSH honeypot, Dionaea malware honeypot, Honeyd low-interaction honeypot and more. Additionally it includes useful pre-configured scripts and utilities to analyze, visualize and process the data it can capture, such as Kippo-Graph, Honeyd-Viz, and much more. Lastly, many other helpful security, forensics and malware related tools are also present in the distribution.

Features:

  • Virtual appliance based on Xubuntu 12.04 Desktop
  • Distributed as a single OVA file, ready to be imported
  • Full LAMP stack installed (Apache 2, MySQL 5), plus tools such as phpMyAdmin
  • Kippo SSH Honeypot, plus Kippo-Graph, Kippo2MySQL and other helpful scripts
  • Dionaea malware honeypot, plus phpLiteAdmin and other helpful scripts
  • Honeyd low-interaction honeypot, plus Honeyd2MySQL, Honeyd-Viz and other helpful scripts
  • LaBrea sticky honeypot, Tiny Honeypot, IIS Emulator, INetSim and SimH
  • A full suite of security, forensics and anti-malware tools for network monitoring, malicious shellcode and PDF analysis, such as ntop, p0f, EtherApe, nmap, DFF, Wireshark, ClamAV, ettercap, Automater, UPX, pdftk, Flasm, pdf-parser, Pyew, dex2jar and more
  • Firefox plugins pre-installed, plus extra helpful software such as GParted, Terminator, VYM, Xpdf and more

Download: Honeydrive_0.1_Santa_edition.ova

Installation: After downloading the file, you simply have to import the virtual appliance to your virtual machine manager/hypervisor (suggested software: Oracle VM VirtualBox).

More Info: HoneyDrive – BruteForce Lab’s Blog

May 22 2012

Nmap 6 Released

Most popular open source network discovery and security auditing tool Nmap has reached version 6.0.

Nmap 6

The new code hit the Net last Monday, complete with a message from coder Gordon Lyon, aka Fyodor, that the new version represents “almost three years of work, 3,924 code commits, and more than a dozen point releases since the big Nmap 5 release in July 2009.”

Fyodor recommends all users upgrade to the new version, so they can get their hands on 289 new scripts and a host of new features.

Top Improvements:

  • Enhanced Nmap Scripting Engine (NSE)
  • Better Web Scanning
  • Full IPv6 Support
  • New Nping Tool
  • Better Zenmap GUI and Results Viewer
  • Faster Scans

Download:
Linux: nmap-6.00.tar.bz2
Windows: nmap-6.00-win32.zip

Feb 06 2012

Joomscan – Joomla Security Scanner Updated to 611 Vulnerabilities Database

JoomscanJoomscan, Joomla Security Scanner is now updated to 611 vulnerabilities database.

In Joomscan you can check for new updates with command: ./joomscan.pl check or ./joomscan.pl update

Overview:
Joomla! is probably the most widely-used CMS out there due to its flexibility, user-friendlinesss, extensibility to name a few. So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity. It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites. No web security scanner is dedicated only one CMS.

Features:

  • Exact version Probing
  • Common Joomla! based web application firewall detection
  • Searching known vulnerabilities of Joomla! and its components
  • Reporting to Text & HTML output
  • Immediate update capability via scanner or svn

Requirement:
Perl 5.6 or up

Download: joomscan-latest.zip