Wednesday, February 27, 2013

Xss-scanner - Scanning site for xss vulnerability


simple tools that try to detect an xss vulnerability feel free to develop and submit bug or add extra features
### this tool for educational propose ###

Requirement: you have to install selenium module Here : http://seleniumhq.org/

Usage: xss_scanner.py http://www.site.com/file.php?var=

the target should be started with http:// or https://
the target should ended with empty GET variable so that the scanner could try several xss strings
Download -
xss_scanner.py

 Source-
https://code.google.com/p/xss-scanner/



at No comments:

nmapsi4 v0.4.1: nmap Graphical User Interface

NmapSi4 is a complete Qt4-based Gui with the design goals to provide a complete nmap interface for users, in order to manage all option of this power security net scanner and search services vulnerability.
  • Traceroute support with nmap.
  • Host Lookup with internal implementation or dig.
  • Search services vulnerabilities with webkit dedicated browser.
  • Full nmap nse support.
  • Search network ips with "Network Discover" tool.
  • Full support for CIDR notation for discover tool. (>= 0.4)
  • Save and reload discovered ip. (>= 0.4)
  • Support for create scan user profile. (>= 0.4 -- new profiler)
  • Host scan with nmap. (new nmap options in profiler for >= 0.4)
nmapsi4 0.4.1 released
Wed, 01/30/2013 - 21:27 — brand

This release contains some bug fixes and increases the general stability.
Please, if you have problems, use the bug tracker.
Download
github changelog

 Downplaod older versions from here

Source-
at No comments:

Python-nmap 0.2.7 - A python library which helps in using nmap port scanner

python-nmap is a python library which helps in using nmap port scanner. It allows to easilly manipulate nmap scan results and will be a perfect tool for systems administrators who want to automatize scanning task and reports. It also supports nmap script outputs.

It can even be used asynchronously. Results are returned one host at a time to a callback function defined by the user.

Download latest

Warning : this version is intended to work with Python 3.x. For Python 2.x, please use python-nmap-0.1.4.tar.gz
Download development version
svn checkout http://python-nmap.googlecode.com/svn/trunk/ python-nmap-read-only

Installation

From the shell, uncompress python-nmap-0.2.6.tar.gz and then run make :
tar xvzf python-nmap-0.2.6.tar.gz
cd python-nmap-0.2.6
python setup.py install
Now you may invoke nmap from python
$ python
Python 2.6.4 (r264:75706, Dec  7 2009, 18:45:15) 
[GCC 4.4.1] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import nmap

Usage

From python :
>>> import nmap
>>> nm = nmap.PortScanner()
>>> nm.scan('127.0.0.1', '22-443')
>>> nm.command_line()
'nmap -oX - -p 22-443 -sV 127.0.0.1'
>>> nm.scaninfo()
{'tcp': {'services': '22-443', 'method': 'connect'}}
>>> nm.all_hosts()
['127.0.0.1']
>>> nm['127.0.0.1'].hostname()
'localhost'
>>> nm['127.0.0.1'].state()
'up'
>>> nm['127.0.0.1'].all_protocols()
['tcp']
>>> nm['127.0.0.1']['tcp'].keys()
[80, 25, 443, 22, 111]
>>> nm['127.0.0.1'].has_tcp(22)
True
>>> nm['127.0.0.1'].has_tcp(23)
False
>>> nm['127.0.0.1']['tcp'][22]
{'state': 'open', 'reason': 'syn-ack', 'name': 'ssh'}
>>> nm['127.0.0.1'].tcp(22)
{'state': 'open', 'reason': 'syn-ack', 'name': 'ssh'}
>>> nm['127.0.0.1']['tcp'][22]['state']
'open'

>>> for host in nm.all_hosts():
>>>     print('----------------------------------------------------')
>>>     print('Host : %s (%s)' % (host, nm[host].hostname()))
>>>     print('State : %s' % nm[host].state())
>>>     for proto in nm[host].all_protocols():
>>>         print('----------')
>>>         print('Protocol : %s' % proto)
>>> 
>>>         lport = nm[host][proto].keys()
>>>         lport.sort()
>>>         for port in lport:
>>>             print ('port : %s\tstate : %s' % (port, nm[host][proto][port]['state']))
----------------------------------------------------
Host : 127.0.0.1 (localhost)
State : up
----------
Protocol : tcp
port : 22 state : open
port : 25 state : open
port : 80 state : open
port : 111 state : open
port : 443 state : open

>>> print(nm.csv())
host;protocol;port;name;state;product;extrainfo;reason;version;conf
127.0.0.1;tcp;22;ssh;open;OpenSSH;protocol 2.0;syn-ack;5.9p1 Debian 5ubuntu1;10
127.0.0.1;tcp;25;smtp;open;Exim smtpd;;syn-ack;4.76;10
127.0.0.1;tcp;53;domain;open;dnsmasq;;syn-ack;2.59;10
127.0.0.1;tcp;80;http;open;Apache httpd;(Ubuntu);syn-ack;2.2.22;10
127.0.0.1;tcp;111;rpcbind;open;;;syn-ack;;10
127.0.0.1;tcp;139;netbios-ssn;open;Samba smbd;workgroup: WORKGROUP;syn-ack;3.X;10
127.0.0.1;tcp;443;;open;;;syn-ack;;


>>> nm.scan(hosts='192.168.1.0/24', arguments='-n -sP -PE -PA21,23,80,3389')
>>> hosts_list = [(x, nm[x]['status']['state']) for x in nm.all_hosts()]
>>> for host, status in hosts_list:
>>>     print('{0}:{1}'.format(host, status))
192.168.1.0:down
192.168.1.1:up
192.168.1.10:down
192.168.1.100:down
192.168.1.101:down
192.168.1.102:down
192.168.1.103:down
192.168.1.104:down
192.168.1.105:down
[...]



>>> nma = nmap.PortScannerAsync()
>>> def callback_result(host, scan_result):
>>>     print '------------------'
>>>     print host, scan_result
>>> 
>>> nma.scan(hosts='192.168.1.0/30', arguments='-sP', callback=callback_result)
>>> while nma.still_scanning():
>>>     print("Waiting >>>")
>>>     nma.wait(2)   # you can do whatever you want but I choose to wait after the end of the scan
>>> 
192.168.1.1 {'nmap': {'scanstats': {'uphosts': '1', 'timestr': 'Mon Jun  7 11:31:11 2010', 'downhosts': '0', 'totalhosts': '1', 'elapsed': '0.43'}, 'scaninfo': {}, 'command_line': 'nmap -oX - -sP 192.168.1.1'}, 'scan': {'192.168.1.1': {'status': {'state': 'up', 'reason': 'arp-response'}, 'hostname': 'neufbox'}}}
------------------
192.168.1.2 {'nmap': {'scanstats': {'uphosts': '0', 'timestr': 'Mon Jun  7 11:31:11 2010', 'downhosts': '1', 'totalhosts': '1', 'elapsed': '0.29'}, 'scaninfo': {}, 'command_line': 'nmap -oX - -sP 192.168.1.2'}, 'scan': {'192.168.1.2': {'status': {'state': 'down', 'reason': 'no-response'}, 'hostname': ''}}}
------------------
192.168.1.3 {'nmap': {'scanstats': {'uphosts': '0', 'timestr': 'Mon Jun  7 11:31:11 2010', 'downhosts': '1', 'totalhosts': '1', 'elapsed': '0.29'}, 'scaninfo': {}, 'command_line': 'nmap -oX - -sP 192.168.1.3'}, 'scan': {'192.168.1.3': {'status': {'state': 'down', 'reason': 'no-response'}, 'hostname': ''}}}
See also example.py in archive file.
Download latest version updated on 27/02/2013


Source-
at No comments:

Secscan-py v1.5 - Web Apps Scanner and Much more utilities

Web Apps Vuln Dorker/Scanner for amateur pentester.
  • Cover LFI, RFI, SQLi & XSS
  • Admin/login finder
  • sub-domain finder
  • online/offline MD5 cracker
  • Proxy
  • local IP lookup
  • Friendly interface
Download lastest version -
secscan.py.zip 7.1 KB
Major updates and fixes. Better user interface. 
Unzip with your favorite archiver 

To run: python secscan.py
Download other  version
Sources : -

Screenshot -

at No comments:

Saturday, February 23, 2013

Web Application Firewall (WAF) Testing Framework - Find Out If Your Application Security Controls Work

Imperva has developed a free evaluation toolkit that enables you to test your application security solution—your Web application firewall or network firewall or intrusion prevention system—and find out if it can stop advanced application attacks. The Web Application Firewall (WAF) Testing Framework conducts over 150 tests, including SQL injection, cross site scripting, and remote file inclusion. It leverages the same evasion techniques used by hackers to bypass simple signature-based solutions and it generates a report that reveals
overall security efficacy.
Measure False Positives
While you need to safeguard your applications, your ironclad defenses should not block legitimate users. You should evaluate whether your security solution can stop attacks without blocking valid traffic. The WAF Testing Framework determines the rate of false positives by inserting legitimate, but potentially suspicious, input into form fields and parameters. It produces clear, informative reports that summarize false positives and false negatives, allowing you to gauge the accuracy of your security solution.

The WAF Testing Framework allows you to:
  • Quickly evaluate the effectiveness of your application security solution
  • Recognize if your security controls might block legitimate users
  • Examine stateful attacks like cookie tampering and Cross Site Request Forgery (CSRF)
  • Produce clear, concise reports that illustrate overall security status
  • Extend the baseline set of security assessments to include custom tests
Application Security Test Environment
The WAF Testing Framework provides everything you need to test your application security controls. It includes a Java-based executable for Windows and WebGoat, an intentionally insecure Web application developed by OWASP. Download the WAF Testing Framework today to evaluate your Web application firewall today.

Download now 91.1 MB
Software RequirementsOperating Systems:
Windows XP/Vista/7/
Server 2003/Server 2008,
Redhat Linux
Sun Java JRE 1.6+File Size:

Source-










at 1 comment:

Friday, February 22, 2013

Nishang 0.2.5 Released: Get WLAN keys in plain, Remove update and bug fixes

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security and post exploitation during Penetraion Tests. The scripts are written on the basis of requirement by the author during real Penetration Tests.

PAYLOADS
It contains many interesting scripts like download and execute, keylogger, dns txt pwnage, wait for command 
and much more.

HELP
All payloads and scripts are Get-Help compatible. Use "Get-Help <scriptname.ps1> -full" on a PowerShell prompt to get full help details.

LATEST CODE
Checkout svn repo for latest code

CONTACT
Please report bugs, feedback and feature requests to nikhil dot uitrgpv at gmail.com

about Nishang 0.2.5. Two new payloads which are borrowed from other sources (and went unnoticed for months lying in one of my VMs) have been added:

1. Get-WLAN-Keys dumps WLAN keys in clear text, handy!!. The code is borrowed from this code by Jan Egil Ring. An elevated shell is required to dump the keys.

2. Remove-Update could be used to remove all updates, all security updates or a particular update from a target machine. The script calls wusa.exe to do so. This is based on this post by Trevor Sullivan. This payload could be useful to re-introduce a patched vulnerability (an easy way of backdooring a system). Administrator access is required to remove most updates.

Also, some stupid bugs with Credentials payload hav been fixed. This payload has been bugging me (or I am bugging it :P) from the first release of Nishang. I hope to bring some peace to it.

Download - 
The Nishang repo has been updated. Please update your repos.

Changelog:
0.2.5
- Added Get-WLAN-Keys payload.
- Added Remove-Update payload.
- Fixed help in Credentials.ps1
- Minor changes in Donwload_Execute and Information_Gather.

 Source-
http://labofapenetrationtester.blogspot.in/
http://code.google.com/p/nishang/

 Screenshot-











Previous post regarding NISHAG-
http://santoshdudhade.blogspot.in/2012/09/nishang-using-powershell-for.html
at No comments:

VA-PT v0.8.223 -Vulnerability Assessment, Penetration Testing and Risk Management Framework


The set of scripts included in this package will create a Backtrack/SamuraiWTF type environment for the performing of Vulnerability Assessments and Penetration Testing.

 The goal of this project was to allow a portable set of tools to be easily installed onto any release of Ubuntu at a moments notice, allowing the tester to be free of distribution release specific constraints.

 Note: Ubuntu 11 does not come with Konsole installed, you will need to install it prior to running these scripts.

 Download latest version updated in Dec2012
VA-PT Script Package v0.8.223
Download other versions 

 Contents of Files
-----------------
deps.sh - Contains the necessary software dependencies for the tools within the kit to function.
exploits.sh - Contains the scripts to download various exploit code from public sources
services.sh - Starts the various integrated services of the kit such as msfrpcd, OpenVAS, Dradis, etc
static.sh - Downloads static applications which are not svn capable
svn.sh - SVN repository scripts to checkout and update the various tools
wordlists.sh - Contains the scripts to download the various wordlists from public sources
update.sh - The script that makes it all happen
readme - You're looking at it
search/ - the PHP Files for the local vulnerability and exploitdb search interface

 How To
------
To start, run the installer: sudo ./install.sh
Install the dependencies first via option 1) Install/Check Dependencies

 --Setup for postgres DB 
sudo su postgres
psql
create user <username with password 'password' createdb;
create database msf owner <your username>;
\q
./msfconsole
db_connect <username>:<password>@localhost/msf

 If you are running, or are planning on running, Nexpose on the same system. You will need to change the listening port on the postgresql database.

 /etc/postgresql/8.4/main/postgresql.conf

 Make sure your msf rc files reference the port number you set.
-- .msf4/msfconsole.rc
-- db_connect username:password@localhost:port/msf

 All tools are loaded into the /pentest directory.

 Future Major Release to include
-------------------------
Security Assessment Management Portal
-- PCI-DSS Assessment
-- ISO Assessment
-- NIST 800-53a Assessment
-- Vulnerability Assessment & Penetration Testing Management

 Keith Pachulski
Security Consultant
keithp@protectors.cc

 Source-
http://code.google.com/p/va-pt/

Previous post regarding VA-PT
http://santoshdudhade.blogspot.in/2012/12/va-pt-vulnerability-assessment.html

at No comments:

Vulture - Open Source Reverse Proxy / Web Application Firewall


Vulture is a reverse proxy that features Web-SSO and application firewall. Vulture is based on Apache2, mod_perl and mod_security. Vuture interfaces between Web applications and Internet to provide unified security and authentication.

The main features of Vulture are: 
  • SSO users with many methods supported 
  • LDAP, SQL, text file, RADIUS server, digital certificates ... 
  • Modular design allows you to add new authentication methods
  • The spread of authentication protected applications 
  • Encryption flow 
  • Filtering and rewriting content 
  • An application firewall based on ModSecurity 
  • Load balancing


at No comments:

Thursday, February 21, 2013

IPFire 2.13 - Core 66 released - An Open Source Firewall Distribution


IPFire 2.13 is a new major version of IPFire, the Open Source Firewall distribution. The list of changes, enhancements, and fixes is endless.Following features which we’re the most excited about:

Base System

The most important components of the base system have been updated to include a brand new kernel based on the Linux 3.2 release. With that, IPFire now supports more hardware than ever before and many of the hardware problems from the past should be gone.
The most basic system libraries have been replaced as well, giving us great performance and fixing some general security issues. If you’d like to know more about this specifically, please read this post on our planet.

Quality of Service with CoDeL

In case you are struggling with a slow internet connection, CoDeL is your solution. This new algorithm shares the bandwidth fairly between all connections. It doesn’t need any configuration at all, but when tied together with our Quality of Service features, CoDeL gives you the most out of your connection.

ARM

We have finally declared the ARM versions of IPFire as stable. Since the very first testing release back in October 2011, a multitude of things have improved. As of today, IPFire runs on many different platforms, such as Marvell Kirkwood and Texas Instruments OMAP4-based systems, and of course, the Raspberry Pi computer.
The vast amount of people who have already been using IPFire ARM since we began to port it to the ARM architecture know that there was never really any big trouble to begin with. You can find more about this over here.

IPsec VPNs with strongswan 5

The IPsec implementation strongswan recently released a new version which cleaned up a significant amount of old code, some of which has been in use for over a decade. If you want to know the details, check out the IPFire planet post.

Wireless LAN

From our wishlist, we’ve implemented proper support for 5 GHz WLANs. Read this planet post to learn about the benefits.
Latest release: IPFire 2.13 - Core 66
Please click the button to download the IPFire ISO image for i586-compatible computers. This is the default image, you will most likely need to install IPFire. You may also pick your desired architecture from the tabs above and see a list of all image formats.
Download IPFire 2.13 - Core 66 (ISO-Image - i586 - 93.4M)
IPFire is a server distribution with intended to use as a firewall. It focuses on flexibility, and scales from small to middle sized business networks and home networks.

Along with this hardened, minimalist come lots of addons that can be installed with a simple click. That's what makes IPFire different from other firewall distributions: it is easy to configure for any task, and easy to administer once it's set up.

Features
  • stateful inspection firewall based on linux netfilter architecture
  • intrusion detection system with Guardian addon as extension (IPS system)
  • filter for invalid/non-standard packages
  • separate network segments for server (DMZ) and wireless with custom policies
  • DoS attack protection
  • application proxies for HTTP and FTP (with access control and content filtering) and DNS
  • incoming and outgoing packet filtering
  • Quality of Service and traffic shaping
Source-
at No comments:

Red Hat Enterprise Linux 6.4 released

Red Hat Announces General Availability of Next Minor Release of Red Hat Enterprise Linux 6   Raleigh
NC, Global, February 21, 2013

New Features Include Scale-Out Data Access Through pNFS, Identity Management Tools, Enhanced Interoperability, and More

Red Hat, Inc. (NYSE: RHT), the world’s leading provider of open source solutions, today announced general availability of the next minor release of Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 6.4. It has been optimized for performance, stability and flexibility, and designed to help organizations manage their workloads across physical, virtual and cloud environments. Red Hat Enterprise Linux introduces several new components that help enterprises meet these core business objectives.

Scale-out Data Access Through Parallel NFS (pNFS)
Red Hat has collaborated with its partners and the upstream community on the parallel Network File System (pNFS) industry standard. This helps to solve the problems associated with NFS sprawl, characterized by the explosive growth of data and the increased burden of managing file system complexity. Capabilities have also been added that result in performance gains for I/O intensive workloads like database access. Using the first-to-market, fully supported pNFS client -- delivered in Red Hat Enterprise Linux 6.4 -- customers can begin to plan and design next-generation, scalable file system solutions based on pNFS.

“NetApp and Red Hat are seeing considerable demand for pNFS capabilities from customers looking to modernize their data center environment to address the extreme requirements around scale, performance and manageability,” said Patrick Rogers, vice president, solutions and integrations, NetApp. “With Red Hat Enterprise Linux 6.4, Red Hat has achieved a significant milestone advancing pNFS client support, which reflects their continued leadership and innovation in enterprise-class open source solutions.”

Focus On Security Through Enhanced Identity Management
Red Hat Enterprise Linux 6.4 continues to expand security through enhanced identity and host-based access management. This release also provides easier interoperability in heterogeneous environments, whether identities are Linux- based or managed by Microsoft Active Directory.

Improved Virtual Guest Experience on VMware and Hyper-V
Red Hat Enterprise Linux 6 .4 now includes the Microsoft Hyper-V Linux drivers, improving the overall performance of the operating system when running as a guest on Microsoft Hyper-V. The latest release also offers installation support for the VMware and Microsoft Hyper-V para-virtualized drivers, improving the deployment experience for users working in these environments.

Updated Management Capabilities
Red Hat Enterprise Linux 6.4 provides enhancement to control groups (cgroups), allowing multi-threaded applications to migrate smoothly between them. In addition, this release includes updated performance monitoring tools that support new counters (performance monitoring units, or PMUs) from Intel.

New Tools and Improved Productivity Support
Red Hat Enterprise Linux 6.4 includes several key productivity-focused improvements, including enhanced interoperability with Microsoft Exchange, calendar support in Evolution, and new functions, such as alarm notifications and the ability to schedule meetings. This update also includes support for newer Wacom tablets, which benefits professional animators and design artists.

"Red Hat Enterprise Linux has long been considered the premier open source operating system for enterprises, and this latest iteration further cements the platform as a compelling foundation for mission-critical solutions across physical, virtual and cloud environments," said Jim Totton, vice president and general manager, Red Hat's Platform Business Unit. "The features found within Red Hat Enterprise Linux 6.4 — from support for pNFS to expanded security features and much more — exemplify our commitment to innovation and providing our customers with the advanced tools they need to attain their business goals."

Additional Resources
  • To download Red Hat Enterprise Linux 6.4 visit here
  • For more information about Red Hat Enterprise Linux visit here
  • For more information about the Red Hat Enterprise Linux lifecycle visit here
The Release Notes provide high-level coverage of the improvements and additions that have been implemented in Red Hat Enterprise Linux 6.4. For detailed documentation on all changes to Red Hat Enterprise Linux for the 6.4 update, refer to the Technical Notes.
Preface
1. Installation
2. Kernel
3. Device Drivers
4. Networking
5. Authentication and Interoperability
6. Security
7. Entitlement
8. Virtualization
8.1. KVM
8.2. Hyper-V
8.3. VMware ESX
9. Clustering
10. Storage
11. Compiler and Tools
12. General Updates
A. Component Versions
B. Revision History
Source-
at No comments:

UPDATE systemrescuecd-x86-3.4.0 - Linux system rescue disk


SystemRescueCd is a Linux system rescue disk available as a bootable CD-ROM or USB stick for administrating or repairing your system and data after a crash. It aims to provide an easy way to carry out admin tasks on your computer, such as creating and editing the hard disk partitions. It comes with a lot of linux software such as system tools(parted, partimage, fstools, ...) and basic tools (editors, midnight commander, network tools). It can be used for both Linux andwindows computers, and on desktops as well as servers. This rescue system requires no installation as it can be booted from a CD/DVD drive or USB stick, but it can be installed on the hard disk if you wish. The kernel supports all important file systems (ext2/ext3/ext4, reiserfs, btrfs, xfs, jfs, vfat, ntfs), as well as network filesystems (samba and nfs).

System and Networking Guides

In addition to the SystemRescueCd documentation here are other related guides:

Project documentation

This project comes with good documentation. Here are the most important chapters:
For the impatient:
  • Quick start guide: please read this if this is the first time you are using this system recovery cd.
Chapters about basic usage:
Chapters about advanced usage:

System tools included

  • GNU Parted: creates, resizes, moves, copies partitions, and filesystems (and more).
  • GParted: GUI implementation using the GNU Parted library.
  • Partimage: popular opensource disk image software which works at the disk block level
  • ddrescue: Attempts to make a copy of a partition or floppy/Hard Disk/CD/DVD that has hardware errors, optionally filling corresponding bad spots in input with user defined pattern in the copy.
  • FSArchiver: flexible archiver that can be used as both system and data recovery software
  • File systems tools (for Linux and Windows filesystems): format, resize, and debug an existing partition of a hard disk
  • Ntfs3g: enables read/write access to MS Windows NTFS partitions.
  • sfdisksaves / restores partition table (and more).
  • Test-disk: tool to check and undelete partition, supports reiserfs, ntfs, fat32, ext2/3 and many others
  • Memtest+: to test the memory of your computer (first thing to test when you have a crash or unexpected problems)
  • Rsync: very-efficient and reliable program that can be used for remote backups.
  • Network tools (Samba, NFS, ping, nslookup, ...): to backup your data across the network
Browse the short system tools page for more details about the most important software included.
Browse the detailed package list for a full list of the packages.
Download updated version released on21/02/2013
Download systemrescuecd-x86-3.4.0.iso (402.4 MB)
Download other versions from here

Source-
http://www.sysresccd.org/SystemRescueCd_Homepage
http://sourceforge.net/projects/systemrescuecd/

 Screenshot -

at No comments: