Months ago, I published a post about Flare VM, a project by Fireeye/Mandiant researcher focused on the creation of a Windows-based security distribution for malware analysis.
Recently, Fireeye released a similar project: another windows-based distribution, but this time dedicated to penetration testing and red teaming, named Command VM.
Continue…Offensive Security has released an official version of Kali Linux for Raspberry Pi 4, the last (and most powerful) version of the compact computer board, released just two weeks ago with a 1.5 GHz 64-bit quad-core ARM Cortex-A72 processor and 4GB of RAM.
Continue…During the first phase of a penetration test, especially when the test is performed in blackbox mode, is really important to gather correct informations from company websites and employees social accounts.
SQLiv is a Python-based scanning tool that uses Google, Bing or Yahoo for targetted scanning, focused on reveal pages with SQL Injection vulnerabilities.
It uses known dorks in order to find vulnerable URLs.
pip install bs4 termcolor google
git clone https://github.com/Hadesy2k/sqliv.gitsudo python2 setup.py -ipython sqliv.py --help
usage: sqliv.py [-h] [-d D] [-e E] [-p P] [-t T] [-r]
optional arguments:
-h, --help show this help message and exit
-d D SQL injection dork
-e E search engine [Google only for now]
-p P number of websites to look for in search engine
-t T scan target website
-r reverse domain
1. Multiple domain scanning with SQLi dork
python sqliv.py -d <SQLI DORK> -e <SEARCH ENGINE>
python sqliv.py -d "inurl:index.php?id=" -e google
2. Targetted scanning
python sqliv.py -t <URL>
python sqliv.py -t www.example.com
python sqliv.py -t www.example.com/index.php?id=1
3. Reverse domain and scanning
python sqliv.py -t <URL> -r
WPSeku is a Black-box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues.
Black-box security testing refers to a method of software security testing in which the security controls, defences and design of an application are tested from the outside-in, with little or no prior knowledge of the application’s internal workings.
Essentially, black-box testing takes an approach similar to that of a real attacker.
(from Acunetix.com)
WPSeku is developed and mantained by m4ll0k, that have also developed other interesting security tools, like Infoga and Spaghetti.
The last available version is the 0.2.1 and can be downloaded from GitHub.
First, install requests:
# pip install requests
After, clone the git repository:
# git clone https://github.com/m4ll0k/WPSeku.git
Finally, start the tool:
# python wpseku.py
Usage: ./wpseku.py [--target|-t] http://localhost
-t --target Target URL (eg: http://localhost)
-x --xss Testing XSS vulns
-s --sql Testing SQL vulns
-l --lfi Testing LFI vulns
-q --query Testable parameters (eg: "id=1&test=1")
-b --brute Bruteforce login via xmlrpc
-u --user Set username, default=admin
-p --proxy Set proxy, (host:port)
-m --method Set method (GET/POST)
-c --cookie Set cookies
-w --wordlist Set wordlist
-a --agent Set user-agent
-r --redirect Redirect target url, default=True
-h --help Show this help and exit
Examples:
wpseku.py --target http://localhost
wpseku.py -t http://localhost/wp-admin/post.php -m GET -q "post=49&action=edit" [-x,-s,-l]
wpseku.py --target http://localhost --brute --wordlist dict.txt
wpseku.py --target http://localhost --brute --user test --wordlist dict.txt
Do you know Wifite?
It’s a great wifi auditing tool, designed for use with pentesting distributions of Linux, such as Kali Linux, Pentoo, BackBox and any Linux distributions with wireless drivers patched for injection (so the script appears to also operate with Ubuntu 11/10, Debian 6, and Fedora 16).
The developer, Derv82, has recently released a new version of the tool, Wifite 2, designed entirely for the latest version of Kali Rolling release, with the support for the latest versions of Aircrack-ng suite, wash, reaver, tshark and cowpatty.
The new tool maintains the same interface and command line argument of the previous, but introduces a lot of changes:
So, the updated feature list is:
--pixie)--reaver)--no-reaver)pyrit, tshark, cowpatty, and aircrack-ng
-5 option)--crackedcommand).-c <channel> option)--crack command)As usual, installation is very simple:
git clone https://github.com/derv82/wifite2.git
cd wifite2
./Wifite.pyhttps://github.com/derv82/wifite2
https://github.com/derv82/wifite2
https://github.com/derv82/wifite2
https://github.com/derv82/wifite2
https://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf
Raven is a tool developed by 0x09AL to gather information about an organization employees using Linkedin.
It’s developed using python, Selenium e geckodriver
Simply run setup.sh as root.
The script resolves some python dependencies and installs geckodriver and xvfb:
pip install beautifulsoup4
pip install requests
pip install selenium
pip install tabulate
pip install pyvirtualdisplay
apt-get install xvfb
tar xvf bin/geckodriver-v0.18.0-linux64.tar.gz
mv geckodriver /usr/bin/geckodriver
The tool requires at least three parameters: company name , country initials and domain name.
raven.py [-h] -c COMPANY -s STATE -d DOMAIN [-p PAGES] [-lu LUSERNAME] [-lp LPASSWORD]
For example , if the company that you want to search is Evil Corp and the state is Albania the parameters would be:
python raven.py -c 'Evil Corp' -s al -d evilcorp.al
Spaghetti is a web application security scanner built on python2.7, designed to find various default and insecure files, configurations and misconfigurations.
It’s developed and mantained by Momo Outaadi(m4ll0k), that have also developed Infoga, an information gathering tool.
Really fast, simply clone the git repository and install the dependencies:
$ git clone https://github.com/m4ll0k/Spaghetti.git
$ cd Spaghetti
$ pip install -r doc/requirements.txt
$ python spaghetti.py -h