Category: Security Tools

Feb 05 2012

Wifi Protector – Protect Your Android From Wi-Fi Sniffing Attacks

Android Wifi ProtectorDetects and protects from all kinds of ARP (Address Resolution Protocol) related attacks in Wi-Fi networks, like DOS (Denial Of Service) or MITM (Man In The Middle) Attack.

Protects your phone from tools like FaceNiff, Cain & Abel, ANTI, ettercap, DroidSheep, NetCut, and all others that try to hijack your session via MITM through ARP spoofing / ARP poisoning.

Features:
– Uses very few resources
– Uses no resources if Wi-Fi is disabled
– Nearly zero battery consumption
– Requires very few permissions. Requests only absolutely necessary permissions
– No configuration required, works off the shelf for novices
– Experts can change many settings to adapt the app to their needs
– Undetectable by the bad guy
– 100% silent and passive inside the network. Generates no noise
– Highly customizable notifications
– Plays ringtone on attack (optional)
– Vibrates in a given pattern on attack (optional)
– Easy to use one-click-interface as well as detailed network view for experts
– “Immunity” protects you without disabling Wi-Fi (root required)
– Can also disable Wi-Fi if you don’t have root access to your phone
– Logging of all spoofing attempts with details about the network and the attacker
– Works in complex wireless LANs, like vWLAN and WDS (please see FAQ)
– Detects networks already under attack
– Automatic countermeasures


Download:
https://market.android.com/details?id=com.gurkedev.wifiprotector

Jan 27 2012

theHarvester – Information Gathering Tool

The HarvestertheHarvester is a tool for gathering e-mail accounts, user names and hostnames/subdomains from different public sources like search engines and PGP key servers.

This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective.

The sources supported are:
– Google – emails,subdomains/hostnames
– Google profiles – Employee names
– Bing search – emails, subdomains/hostnames,virtual hosts
– Pgp servers – emails, subdomains/hostnames
– Linkedin – Employee names
– Exalead – emails,subdomain/hostnames

New features:
– Time delays between requests
– XML and HTML results export
– Search a domain in all sources
– Virtual host verifier
– Shodan computer database integration
– Active enumeration (DNS enumeration,DNS reverse lookups, DNS TLD expansion)
– Basic graph with stats

Some Examples:
Searching emails accounts for the domain microsoft.com, it will work with the first 500 google results:

./theharvester.py -d microsoft.com -l 500 -b google

Searching emails accounts for the domain microsoft.com in a PGP server, here it’s not necessary to specify the limit.

./theharvester.py -d microsoft.com -b pgp

Searching for user names that works in the company microsoft, we use google as search engine, so we need to specify the limit of results we want to use:

./theharvester.py -d microsoft.com -l 200 -b linkedin

Searching in all sources at the same time, with a limit of 200 results:

./theHarvester.py -d microsoft.com -l 200 -b all

Download: https://code.google.com/p/theharvester

Jan 23 2012

Tor – Multiple Vulnerabilities

Tor LogoMultiple vulnerabilities have been found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code.

Multiple vulnerabilities have been discovered in Tor:

  • When configured as client or bridge, Tor uses the same TLS certificate chain for all outgoing connections (CVE-2011-2768).
  • When configured as a bridge, Tor relays can distinguish incoming bridge connections from client connections (CVE-2011-2769).
  • An error in or/buffers.c could result in a heap-based buffer overflow (CVE-2011-2778).

Impact:
A remote attacker could possibly execute arbitrary code or cause a Denial of Service. Furthermore, a remote relay the user is directly connected to may be able to disclose anonymous information about that user or enumerate bridges in the user’s connection.

Vulnerable Versions:
< 0.2.2.35

Workaround:
There is no known workaround at this time.

Resolution:
All Tor users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot –verbose “>=net-misc/tor-0.2.2.35″

References:
CVE-2011-2768
CVE-2011-2769
CVE-2011-2778

Nov 09 2011

PwnPhone – Pentesting Suite for Nokia N900

Nokia Pentesting Suite

The Pwnie Express’ PwnPhone is a full Pentesting suite for the Nokia N900.

It Includes Aircrack, Metasploit, Kismet, GrimWEPa, SET, Fasttrack, Ettercap, Nmap, and more…

Custom pentesting screen with shortcuts to macchanger, injection on/off, etc.

Built-in wireless card supports packet injection, monitor mode, and promiscuous mode.

Download:
pwnphone_image-7.6.2011.tar.gz
pwnphonemanual.pdf

Jul 13 2011

First Ever iPhone Malware Scanner

VirusBarrierA French security company known for its Mac OS X antivirus software today released the first malware-scanning app for the iPhone and iPad and iPod Touch.

Intego’s VirusBarrier for iOS has been approved by Apple, and debuted on the App Store Tuesday for $2.99.

Because iOS prevents the program from accessing the file system or conducting automatic or scheduled scans — as do virtually all Mac and Windows antivirus software — VirusBarrier must be manually engaged, and then scans only file attachments and files on remote servers, said Peter James, a spokesman for Intego.

VirusBarrier for iOS can scan email attachments in a variety of formats, including Microsoft’s Word, Excel and PowerPoint; PDF documents; JavaScript files; and Windows executables, those files tagged with the .exe extension. It can also scan files in a Dropbox folder, those stored on MobileMe’s iDisk, or files downloaded via the iOS version of Safari.

The scanning engine and signatures — the digital “fingerprints” used to detect malware — in VirusBarrier for iOS are identical to those used by Intego’s Mac OS X product line.

VirusBarrier for iOS lets iPhone and iPad users run on-demand scans of email attachments before those files are opened or forwarded.

When an email attachment is received by the iPhone, iPad or iPod Touch, the user can intercede by calling on VirusBarrier, which then scans the file for possible infection before the file is opened or forwarded to others.

VirusBarrier for iOS can be downloaded to an iPhone, iPad or iPod Touch from Apple’s App Store. It requires iOS 4.0 or later.